Thank you Ohad, you are right, we can obtain the wanted behavior without any sort of callback.
Using solution 3 we can have a cron job that run puppetca --list and for each entry it query the cloud API to perform extra checks. If the checks are OK, it does puppetca --sign . Puppet client is configured with waitforcert to few seconds. Solution 3 seem the most viable. - no web service - doesn't require to create a web service on the puppet master to handle 'check requests' coming from puppet clients (solution 2) - no Ruby coding - we have experience with C/C++/Java. Ruby is something really new to us. I didn't know about Foreman, quite impressive. It would be great to have provisioning extended to support common cloud APIs (EC2, rackspace, gogrid, etc...). Bye, Valentino -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
