Oded wrote: > Never tried it myself but I think you can create the certificate as > a part of the provisioning process, and then somehow place it in the > new server. > http://serverfault.com/questions/19462/how-can-i-pre-sign-puppet-certificates
Without reading the link to see if it's similar to what I do, I have a script I run on the puppet master to pre-generate certificates and package them as rpm's. These then go into a repository which the install is setup to use and the certificate package is installed by kickstart. The package, if you're curious is at: http://tmz.fedorapeople.org/packages/puppet-host-package-0.6.0-1.el5.src.rpm It's not polished in any way. It's one of those "works for me, someday I should finish and improve it" things. But I prefer this to enabling autosign. -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The man who can make hard things easy is the educator -- Ralph Waldo Emerson
pgpbl0azbCADQ.pgp
Description: PGP signature
