Hi There, I manage a relatively large RHEL environment, we handle provisioning as follows:
- PXE + Kickstart to bootstrap and install the base OS + Puppet client onto the platform, be it VMWare or bare metal - Kickstart post scripts put a basic puppet configuration file in place on the host, and a number of the values for things such as environment and puppetmaster come from Foreman's Macro's, this allows values in the ENC to flow into the kickstart files before your first puppet run. We then run in the %post section of the kickstart file the following: - A Puppet run that bootstraps the puppet client using tags ie, --tags puppet::client - A full puppet run via puppet agent -tov which applys the SOE to the platform That provides on first boot a fully configured RHEL server that includes all our additional software and customisations in about 3-5 minutes (not including POST) In regards to certs, we have a relatively open autosign.conf on our build networks, so we can provision servers , physical or virtual quite quickly by just hitting F12 for a network boot. I am sure there are some cleaner/more secure things we can do provisioning wise, however these have been slightly hindered by the RHN Satellite server i've been slowly pulling out of the environment at the same time, as it had the potential to break things if i wasnt careful. ENC wise, I can't recommend Foreman enough, version 1.x is just brilliant, you can see the macros it can provide here: http://theforeman.org/projects/foreman/wiki/TemplateWriting Hope this helps, K On Sunday, September 16, 2012 7:22:03 AM UTC+1, Douglas wrote: > > I'm wondering what people are doing systems provisioning with, ie the > process that gets puppet installed onto a system, running for the > first time, and also the handling of certificate signing and so forth. > I don't see this topic discussed much. > > The mc-provision tools at > https://github.com/ripienaar/mcollective-server-provisioner don't seem > to be actively developed anymore, or at least I wasn't able to find > enough documentation to be able to effectively make use of it. > > Doug > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/NrKmbHHiaq8J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
