HI Eric, Thanks for the reply. I'm using PE 3.3.1 with naive autosigning which works well, I just assume policy based was working too. I'm new to Puppet and just doing some proof of concept work.
One thing I haven't got a good grip on is when does facter go out and gather the facts? Can it gather them independently of or puppet agent being run? Are they available before puppet agent is run for the first time? I can't really answer this question as puppet is always run as part of the install script. What I would like to do is this: * Create a website in which takes request that have a vmware uuid (or ec2 instance id) and certname and returns a csr_attributes.yaml file with an autogenerated PSK * the website stores all of this in a DB with a timestamp so I can age them out. * Create an autosign script that validates a CSR against the DB and the cloud provider My puppet bootstrap process is: 1 update system 2 download PE tarball and answers file 3 extract tarball 4 run installer with anwsers files What would be great is if there was an empty hooks directory that could contain some well-known named scripts that are run at certain times. pre_agent.sh or something could be downloaded between steps 3 and 4 and placed into the hooks directory. This would allow me to use facter post install, but pre-agent run to get my data. What do you thing? Adam On Monday, February 3, 2014 12:20:19 PM UTC+11, Adam Clark wrote: > > Hi all, > I am trying to proof of concept an automated install of Puppet > Enterprise using policy based autosign. > > I have read the following documents and understand what I need to do > > http://docs.puppetlabs.com/puppet/latest/reference/ssl_autosign.html#policy-based-autosigning > > http://docs.puppetlabs.com/puppet/latest/reference/ssl_attributes_extensions.html > > I would like to include some vmware attributes as extensions for > verification. These attributes are identified by facter. > > The problem arises in that the automated installer creates and attempts to > contact the master as part of the installer operation. > I need to interrupt the installer and update the csr_attributes.yaml file > prior to the CSR is created. > > I can't create the file prior to PE install as I need facter. > > Is there a way to break this chicken/egg situation? > > Cheers > > Adam > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/17014f3d-0591-4512-9d24-0605d96735f7%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
