On 6/30/2009 1:26 PM, engle wrote: > So, would it be best to use a single cert for all of the clients or is > there a better way to deal with this sort of setup?
Run puppetca --clean host.to.be.imaged on the puppetmaster as it's being imaged? If you're doing the reimaging, should just be one extra step in your procedure. If you're not the one doing the reimaging, can you set up a sudo entry on the puppetmaster to allow the other folks to clean old certs? Or set up a simple web form to clean a particular cert? Other than that, I guess another option would be to save the puppet ssl directory before the client drive gets reformatted, and restore it back to the drive before puppet starts up again. I'd be wary of using the same certs on multiple systems unless they were in an isolated environment (and possibly even then). Same reason as for not using the same ssh host key for all your systems. -- Mike Renfro / R&D Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
