----- Original Message ----- > From: "Daniel Sauble" <djsau...@puppetlabs.com> > To: puppet-users@googlegroups.com > Sent: Thursday, May 10, 2012 7:34:14 PM > Subject: [Puppet Users] Re: Puppet Sites. Your thoughts? > > On Thursday, May 10, 2012 10:39:22 AM UTC-7, windowsrefund wrote: > > > On May 10, 12:44 pm, Daniel Sauble < djsau...@puppetlabs.com > wrote: > > > > - Securely add nodes to your deployment without manually signing > > certificates on the CA... > > - ...so that you can have the advantages of autosigning without its > > security problems. > > > > I'm about to engage on a similar effort and was thinking of writing a > puppet face to handle this job. Can you elaborate on the work flow > and > solution you're thinking about? > > > > We're looking to implement a Puppet Face to address this need. The > workflow currently looks like: > > > > 1. Login to the site host > 2. Generate a pre-shared key > 3. Join a node to the site using the pre-shared key > 4. Repeat step 3 for every node you want to add to the site > > > > From the command-line, this workflow might be represented as the > following: > > node02$ ssh ad...@site02.domain.com > Last login: Mon May 7 18:15:43 2012 > site02$ mount /media/usbdisk > site02$ puppet site generate key > /media/usbdisk/site.key > site02$ umount /media/usbdisk > site02$ exit > node02$ mount /media/usbdisk > node02$ puppet node join site02.domain.com < /media/usbdisk/site.key > Trying to add node02.domain.com to the site at site02.domain.com... > > > Use `puppet site status node02.domain.com` to confirm success > > To stop waiting for the command to complete, press Ctrl-C. > > The command will still complete in the background. Added > node02.domain.com to the site at site02.domain.com
Can you explain the advantages this workflow has over the current process involving requesting a cert and signing it on the master? It would also be great if you could send plain text mail as is the convention on this list. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
