Gary Larizza wrote: > I love where this thread is going, I too share in this problem. > > Kurt: Puppet is still being run on the client because the client is > using a cached config (am I right on this guys?). > > I love the scripted ssh key, but ALSO love the PHP script that could > be CURL-ed from the client. Will a PHP script be able to capture the > hostname of a connecting client? From there, the php script could > call puppetca to clean the cert and create a new one...would this be > cleaner than bundling a cert with your base-image? Unfortunately, I'm > not that versed in PHP to hash a script out from scratch. Does anyone > have a rough outline that we could steal? >
Also be great if this discussion and any resulting configuration or code could end up on the wiki somewhere too... Regards James Turnbull -- Author of: * Pro Linux Systems Administration (http://tinyurl.com/linuxadmin) * Pulling Strings with Puppet (http://tinyurl.com/pupbook) * Pro Nagios 2.0 (http://tinyurl.com/pronagios) * Hardening Linux (http://tinyurl.com/hardeninglinux)
signature.asc
Description: OpenPGP digital signature
