What I do is this: Delete the certs for hostname X from the puppetmaster. Start the instance from the puppet master machine. Passing a script (that get's ran at startup). This script does the following:
Set the hostname to X. Install puppet on the client (I use bare ubuntu images) Connect to the puppetmaster instance. Mean while the script on the puppet master is waiting for the signing request from X, and as soon as it gets it, it signs it. Hope that helps. On Fri, Sep 11, 2009 at 8:07 AM, Chris <chrisma...@gmail.com> wrote: > > Hi all, > > I'm starting to use EC2, and I'm after some examples of best practices/ > tips and tricks from folk with more experience of the Puppet/EC2 combo > than me: > > We're starting by using EC2 for testing and development purposes. This > means that we won't be running our instances full-time; rather, we'll > be spinning them up and down for a few hours at a time, as and when > needed. I'd like the instances to call back to my local puppetmaster > to configure themselves post-boot. > > Now, what I'm not sure about is how to make this play nicely with > puppet. If I have an AMI with puppet installed (I'm using an ubuntu > base, if it matters), then as soon as I run it, I need to sign it's > certificate. I also need to add a new node definition to my config, > since each time the AMI starts it, gets a new host name. > > So, this is going to be a bit of a faff. I can think of some ways > around it; specifying the certname option (which I could do via a > userdata script when I boot the VM) would allow me to get around the > "each boot is a new node", but I'm not so sure about the certificates. > Should I pre-generate the cert and then try and push that to the node > when it boots? Or enable autosigning? > > Any ideas gratefully received! > > Thanks > > Chris > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
