Don't know if this is suitable, but an alternative may be to: - Generate certificate for host on Puppet master, rather than generating CSR from Puppet agent for signing - If a host requires rebuild, rebuild it with the same FQDN - Initiate Puppet agent
? Without testing, I'm assuming the Puppet agent will grab the existing certificate for its host's FQDN. Alternatively, you may generate and copy the certificates to a network share, and have a first-run script copy the certificate based on the host's hostname/FQDN to the host before initiating a Puppet run. Would be interested to know if either method works, should you try. On Wednesday, October 25, 2017 at 9:47:40 PM UTC+8, Vishal Sarin wrote: > Folks, > > We manage a LAB of Windows PC where the OS crash is quite often and we > need to install a new certs. > > So, we need to delete the certs from Server frequently. > > Since its in-premise LAB and so I would like disable security completely > and have trust on other mechanism rather than SSL. > > Is this do-able in puppet/foreman? > > Please advise. > > Thanks, > -Vishal Sarin > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/72274e72-b472-4fe5-a244-99c28a4b5616%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
