Thanks for your quick answers. You got the point, when the servers reboot they get back to their original state.
I will try to integrate a certificate in the image. The servers are not meant to restart very often but when they do, they would need to be updated by puppet right away. I guess puppet won't let me do this because the hostname will change and I think it's tied to the certificate. Perhaps the principle of disk images at boot time is not very compatible with puppet "spirit". After all I could configure the image correctly and just deploy it. But I would like to use puppet to "enforce" my configuration principles in case of human errors, bugs, etc... On May 31, 10:34 pm, Matt Juszczak <m...@atopia.net> wrote: > > These servers only exist in RAM, so when they shutdown, all data is > > lost. Julien also said that there's over a hundred of them. If you are > > manually signing every time they reboot, you probably won't be diligent > > enough to catch an impostor that can use the PXE server. At that point, > > you might as well just put the cert in the PXE image. I don't like my > > solution, but I think it's better than manual signing unless you have > > persistent storage on the puppet clients. > > Ah, I missed the dynamic part. I agree, manually signing hundreds of > servers would be annoying. Unless you scripted it and had it email you > when it signed a cert... at least you'd have some sort of trail. If you > get an email at 2 AM in the morning that a new server cert was signed... > well, that may not be a good thing :) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
