Re: Minor issue with distributing the puppet CA cert

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2006-09-13 at 12:25 -0600, Jeffrey Law wrote:

> Per earlier discussions, we want to be including the puppet CA's
> certificate as part of the readonly nfs filesystem we use to boot
> new clients.
> 
> The canonical location of that certificate is
> 
>   /var/lib/puppet/ssl/certs/ca.pem
> 
> Unfortunately, that's also were the client's certificate is 
> supposed to be stored, using the client's fqdm.
> 
> Because the client is going to store its cert using a filename
> which we can't reasonably include in the readonly image, we
> can't create a bind mount for just the client's cert.

	Why wouldn't this work?

  /etc/rwtab:

    files /var/lib/puppet/ssl/certs

  $STATE_MOUNT/files

    /var/lib/puppet/ssl/certs/$(hostname).cert

Cheers,
Mark.


[Index of Archives]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Linux Media]     [Device Mapper]

  Powered by Linux