+1 for Cobbler. At my site, we don't kickstart on the production network, in order to avoid the case where a not-fully-secured machine is exposed to network attacks. My kickstart network is all in one room, and so is easier to secure, logically and physically. On such a network, automatic certificate signing would likely be suitably secure, and assigning roles by MAC is easy using Cobbler.
While you may not be subject to the same regulatory restraints, David, I suggest a separate kickstart network as a best practice. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
