2014/1/9 jcbollinger <[email protected]>: > > > On Thursday, January 9, 2014 6:40:42 AM UTC-6, [email protected] wrote: >> >> Thanks for your suggestions, >> >> Running masterless is a bit too exotic, since we would like to use all >> those nice features that make a Puppet installation complete: specially >> hiera searches and PuppetDB. Modules, too, should be compatible with other >> clusters, so no big deviations can occur. >> >> Enabling auto-sign, as Jose Luis suggested, may be a possibility. I have >> just checked myself if autosign works if the same node was already >> registered in the CA... but according to the documentation it does not look >> like it, not to mention the security issues that come with it. >> >> Does the certificate name need to match the fqdn for puppet to allow >> connections? >> > > > I'm not certain, but even if not, what you propose is dangerous. The master > uses the certificate presented by the agent not just to authorize the agent, > but also to identify it. If all your nodes present the same certificate to > the master, then they all claim to be the same machine, which is a lie. I > don't foresee any specific failure scenarios associated with that, but it is > unwise to mess with the system's underlying assumptions in such a way. > > > John > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/3c8f53f8-09a2-4bd8-8fa8-1986efdafeb3%40googlegroups.com. > > For more options, visit https://groups.google.com/groups/opt_out.
Hi Other Idea could be create the signed certificate on the masterserver and then copy it to the image using scp, libguestfs-tools, etc. You can have an idea looking the provisioningDO rakefile: https://github.com/juasiepo/provisioningDO/blob/master/rakefile Best regards -------------------------------------------------------------------------------------- Juan Sierra Pons [email protected] Linux User Registered: #257202 Web: http://www.elsotanillo.net Git: http://www.github.com/juasiepo GPG key = 0xA110F4FE Key Fingerprint = DF53 7415 0936 244E 9B00 6E66 E934 3406 A110 F4FE -------------------------------------------------------------------------------------- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CABS%3Dy9sEjpSyUCsNCQgebB0Br2OaFxLEGx%2BjbwqebY6%2Bf1mQ%2BQ%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
