Derek, I agree with you that the certificates are unnecessary for some people, myself included. Since we're behind a large corporate firewall, we don't need this type of security for in house management. As we upgrade our engineers workstations, the new workstation almost always has the same name as the old, and we get the same issue. I've found that I can just move the certificate on the puppet master out of the default directory with a cronjob (I move them elsewhere instead of deleting them), that way, when we upgrade the workstation, it just submits a new certificate request. This seems to work well for us, and doesn't cause any problems with the workstations connecting to the master.
Jason On Nov 12, 4:28 am, James Turnbull <[email protected]> wrote: > Derek J. Balling wrote: > > It's just ugly. Like I said in my ticket notes, I'll concede that for > > some people, it's a necessity, but there's clearly also a set of > > people for whom it is just unnecessary pain and suffering. > > It's been my experience that SSL (or the requirement for some form of > this type of security even if they disliked SSL) is actually required by > the vast majority of people using Puppet. > > Certainly if you have any security requirements you need some kind of > encryption/authentication mechanism. Without one - anyone can > compromise your configuration and a daemon generally running with root > privileges. But I concede there might be shops out there who don't care > about this issue. > > I doubt it will change in a hurry - removing SSL from Puppet or > abstracting it into a module as part of a refactor of security would be > a large undertaking. > > Regards > > James Turnbull > > -- > Puppet Labs -http://www.puppetlabs.com > C: 503-734-8571 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
