Matthew Macdonald-Wallace <mattmacw...@gmail.com> writes: > I'm trying to work out the best way to ensure that my systems run puppet at > first boot without having to run puppetca --sign or have wildcards in my > auth file.
Use autosign, which will tell the puppet master to sign the certificate request without needing human intervention. That gives you the instant-on facility for the system. http://projects.puppetlabs.com/projects/puppet/wiki/Certificates_And_Security As noted there, autosign.conf is read every time a signature is requested, so you could easily couple that with your ... > All nodes are stored in an external database so what I want to tell puppet > is "if it's in the database, authenticate it, othwise ignore it". Is this > possible using the "external-node" classifier? ... external database so it could automatically be generated from that external data source. Alternately, you can pre-generate the certificates for your clients and install them as part of whatever bootstrap process you are using; see the "Master-Side Client Certificate Generation" of that same document. Regards, Daniel -- ✣ Daniel Pittman ✉ dan...@rimspace.net ☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
