On Tue, Jun 30, 2009 at 6:36 PM, Kurt Engle<kurt.en...@gmail.com> wrote: > Our imaging process takes an OS base image with a few apps that include > Puppet and Facter and installs it on the make. This over the network. When > the Mac reboots it sets the hostname of the computer to the Mac's serial > number and auto starts puppet. I do have my puppetmaster (CA) set to > autosign certs iliminating my intervention. This process is working well.
What if you add an ssh key to the base OS image, and a script to be run that contacts the puppet server using the ssh key, and clears any cert that may exist for that client. (It could also add the newly created cert..) You can set the ssh server to recognize that when that key (from the base image) is used, the only command that may be run is /usr/sbin/puppetca. That way, when the machine is reimaged, after its first boot it takes care of the certification issue. Then, once puppet is running on the machine, you could have it remove the ssh key and the startup script. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
