On Thu, Jan 28, 2010 at 9:54 PM, valentino <miazzo.valent...@googlemail.com>wrote:
> Hi, > I would like to use Puppet in the cloud (think gogrid) to configure > stem images. > Virtual machines are created/destroyed on the fly under control of a > load monitor. > cant it also add remove entries in autosign? in my opinion, you need to enable the cert part (autosign or auto generate) at the location where the new hosts are defined. For this reason we cannot sign manually new Puppet clients, instead, > we must use Puppet's autosign feature. > > At the moment, Puppet just permits to filter client manifest requests > with some regex over the hostname of the client. > This is not enough, to be sure that the puppet client is a trusted > one, we need some further checks (we need to do some queries to the > cloud API). > > How can we have some custom script (shell or ruby) executed each time > a puppet client asks for a manifest? > as far as I'm aware, there is no way to know if a client has triggered a request - the other alternatives I could think of: 1. parse the puppet logs and enable the machines if they request a certificate 2. have another script which enables hosts for autosign which runs before the first puppet run 3. run puppetca --list in cron and sign new hosts if they match your regexp (which is more or less like #1). in anycase, best option is to have a custom script enabling the autosign upon the machine creation. I've created a ruby lib handling this kind of stuff, and its part of foreman, I can give you more info if you are interested. cheers, Ohad -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
