Why not just sign them manually with puppetca --list and if nothing suspicious shows up, puppetca --sign --all?
I'm not sure it makes sense to autosign a list of hosts instead of everything from a domain when you can sign things on a host by host basis and sign requests in bulk. -- Nathan Clemons http://www.livemocha.com The worlds largest online language learning community On Thu, May 19, 2011 at 8:12 AM, Arnau Bria <arnaub...@pic.es> wrote: > On Thu, 19 May 2011 08:03:38 -0700 > Patrick Patrick wrote: > > Hi Patrick, > > Maybe I haven't explained myself correctly. > > > 1) Are you sure you want this? Sounds like a bad idea. > I want to restrict puppet service to a list of known hosts. Is this a > bad idea? I don't want all the nodes in our domain to be able to > autosign the certifciate. > > > 2) As the documentation you have open shows, you can get the same > > effect by setting "autosign = true" > yep, but I don't want autosign. Iwant to sign certificates as I add > client to puppet master- > > > 3) Try "*.*" instead. I think I remember Puppet won't work with just > > an asterisk. > *.my.dmain has woked fine. > > Thanks for your reply, > Cheers, > Arnau > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
