Hi Adam, this is really interesting work, thanks for trying out this feature.
I'm a little confused though, the certificate autosigning just entered upstream open-source Puppet in 3.4.0 and there's not a Puppet Enterprise version that ships it yet. Did you install it separately or something? Version numbers aside, as you found out, you need some way to build the csr_attributes file before you run puppet for the first time. Even a pluginsync isn't going to work as it requires a certificate. Can you 'bake' the custom fact code into a package that gets installed at provisioning time? Also, can you share more information about the vmware facts you're interested in using? Since this feature is really new I'm very interested in gathering use cases and integrations to potentially ship with Puppet Enterprise once it incorporates this functionality. --eric0 On Monday, February 3, 2014 2:20:19 AM UTC+1, Adam Clark wrote: > > Hi all, > I am trying to proof of concept an automated install of Puppet > Enterprise using policy based autosign. > > I have read the following documents and understand what I need to do > > http://docs.puppetlabs.com/puppet/latest/reference/ssl_autosign.html#policy-based-autosigning > > http://docs.puppetlabs.com/puppet/latest/reference/ssl_attributes_extensions.html > > I would like to include some vmware attributes as extensions for > verification. These attributes are identified by facter. > > The problem arises in that the automated installer creates and attempts to > contact the master as part of the installer operation. > I need to interrupt the installer and update the csr_attributes.yaml file > prior to the CSR is created. > > I can't create the file prior to PE install as I need facter. > > Is there a way to break this chicken/egg situation? > > Cheers > > Adam > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/55e9bf37-e542-4604-8852-f14980447552%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
