One of the unintended consequences of moving from ext3 images to instantiation of profiles from metadata (kickstart files right now) is that we need to update the method for installing the puppet master's certificate in the client.
When the server was responsible for instantiating images it was pretty trivial for the server to install the certificate into the client image. That no longer works, particularly when instantiating a disk-full client. What appears to work for me is to create an RPM which installs the puppet master's certificate and include that RPM in the install set for all clients. The obvious downsides is the server is going to have to have an RPM repo so that clients can pick up the puppet master certificate. Relatively minor. What's more interesting are the security aspects. Thoughts/comments? Jeff _______________________________________________ Stateless-list mailing list [email protected] http://www.redhat.com/mailman/listinfo/stateless-list
