On 27.05.2014 07:23, Hugh Cole-Baker wrote:
Am I missing a configuration option in the manual to somehow disable
SSL certificate validation? Does everybody add a cron job to their
puppet master to stop the puppetmaster daemon and blow away its SSL
directory then restart it at exactly 12:00AM every day, and the same
on the instances at exactly 12:02AM every day? Or are we the only
people on the planet who actually use Amazon's auto-scaling feature
*plus* use Puppet at the same time? Curious penguins are... curious!
We have enabled the Amazon SNS notifications from Autoscaling, and
subscribed a SQS queue to the SNS topic. We have a written a small
daemon, which runs on the puppet master and consumes from that queue,
and calls "puppet cert clean" when it receives messages about
instances being terminated by autoscaling.
We also have it listen for instance launch messages and add their
certnames into /etc/puppet/autosign.conf and call "puppet cert sign"
on them, which is also useful for security (you don't have to turn on
auto signing for everything that way).
This actually sounds like a useful tool. Is this something you're (or
would) consider releasing as OSS for others to make use of?
I've put my autosign script up on a GitHub gist and at least one other
has considered it useful so I've included a header releasing it under
Apache 2.0 license.
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/61925ab12dbf194f6d6ea546180a34db%40undergrid.net.
For more options, visit https://groups.google.com/d/optout.
