At this point you either need to: *) Do something pretty complicated so the server gives diffierent mounts t each computer, orwith different mounts or *) Give every machine access to all the other machine's certificates, and store all the credentials for the NFS server in the PXE server where anyone can get them.
I have no idea how to do the first, and the second doesn't sound very good to me. Also, you need to trust the local network anyway. After all, anyone on that network can impersonate the DHCP and PXE server to hijack a PXE client. On Jun 1, 2010, at 7:47 AM, Michael Dodwell wrote: > You say when a image is shutdown it reverts back to it's original > state, but does that image/machine ever get reused? > > My point being if your going to reuse machines keeping individual > certificates could be useful. To enable this you could just nfs mount > a share that new certificates could be created in, and 'old' > certificates could be loaded from. You should just have to mount /var/ > lib/puppet/ssl/ and after creating the required sub-directories new > machines will auto generate certificates and reused machines would use > existing certificates. That way you should have some control over > signing. > > --MD > > > On May 31, 11:41 pm, julien <julien.de...@gmail.com> wrote: >> Hi list, >> >> In our platform we have a lot of machines in which the system is a >> single disk image loaded on RAM from PXE. >> >> The problem is quite simple : if I install puppetd on the image, I >> will end up using the same certificate for 100 different servers with >> different names (the hostname is setup at boot time from dhcp) and I >> guess the puppetmaster won't allow that. >> >> In other words : what should I do to create a hundred nodes with the >> same certificate ? > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
