On 26/01/12 16:02, Matt Zagrabelny wrote:
On Thu, Jan 26, 2012 at 9:35 AM, Jonathan Gazeley
<jonathan.gaze...@bristol.ac.uk> wrote:
On 26/01/12 15:22, Matt Zagrabelny wrote:
I don't know about "easy", but here is what I am doing:
Thanks Matt, that's helpful.
This addresses how to distribute keys to node from the fileserver, but I
wonder if there is a mechanism where if the key doesn't exist on the
fileserver, the key that currently exists on the node is pulled in and saved
for future reference - i.e. when new nodes are created.
I'm trying to avoid any situation where I have to remember to do anything
manually, you see. It always leads to failure down the line!
I think the consensus is that puppet drives the state of a node. It is
somewhat unconventional to have the node drive the state of the node.
Remember, there is always some amount of manual stuff to do.
1) Install the OS (or clone your VM.)
2) Set the IP/hostname
3) Install puppet
4) Have the puppetmaster sign the cert
Adding on scp'ing the host keys to your puppetmaster isn't too big of a deal.
OK. I just wondered if there was an equivalent way of using exported
resources for private keys, similar to this for public keys:
@@sshkey { $fqdn: type => rsa, key => $sshrsakey }
I'll have a think.
Thanks,
Jonathan
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
