I have the following scenario:
- An infrastructure of almost 200 servers that I want to manage using
Puppet.
- The need to have a Certificate Authority (CA) that communicates with a
HardwareSecurityModule (HSM) where the CA root key is stored.
- The need to resolve the problem of managing PKI certificates needed by
the Puppet Agent in the most automated way possible.
My first thought was to use Puppet CA to solve this problem and take
advantage of the automation of the PKI certificates that the Puppet Agent
uses. The problem is that I did not found any information regarding
accessing an HSM form the Puppet CA.
My second thought is to use an external CA such as FreeIPAs Dogtag service
to communicate with the HSM, but I guess that I wlll loose the automation
PKI certificates request that Puppet CA provides. I think that I could
then use Puppet to regenerate the certificates using FreeIPA but I dont
know if this would become a "chicken and egg problem".
Has someone here face a problem similar to these...?
- Solving automation of PKI certificates management using Puppet but
without Puppet CA.
- Integrating an HSM with Puppet or Foreman.
- Puppet with Dogtag.
Thanks in advance
Carlos
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/50c1d348-e1cb-44ab-af14-61637963831c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
