We have a setup of cobbler+puppet where we create puppet certificate of
client machine on puppet master and also ssh hostkeys. At the end of
installation, it runs a cgi-script to change the status of client machine
from installing to setup and then after rebooting of the machine another
cgi-script copies ssh keys and puppet certificate from puppet/cobbler
master to client and change the status of machine to running. cgi-script
make sure that client machine can scp keys only during the period when
machine is in setup state. The period between installing and running is
hardly 1-2 min so some one can copy keys in only this time window.
The benefit of this scheme is that we can keep a consistent ssh host keys
across multiple re-installation of the client machines. Puppet
certificate is also distributed securely as we are not very comfortable
with autosigning of puppet certificate. There is a mechanism in cobbler
which provides a way to tie user defined action to certain cobbler commands.
I started to use Foreman because I really liked many of its features.But
keeping consistent ssh keys is one of the main requirement for us.
Is there any mechanism in foreman where we can run a script on foreman
server which is tied to build command ?
···
On Tuesday, July 30, 2013 10:51:51 AM UTC-4, kashi...@gmail.com wrote:
>
>
> Hi
>
> We have a setup of cobbler+puppet where we create puppet certificate of
> client machine on puppet master and also ssh hostkeys. At the end of
> installation, it runs a cgi-script to change the status of client machine
> from installing to setup and then after rebooting of the machine another
> cgi-script copies ssh keys and puppet certificate from puppet/cobbler
> master to client and change the status of machine to running. cgi-script
> make sure that client machine can scp keys only during the period when
> machine is in setup state. The period between installing and running is
> hardly 1-2 min so some one can copy keys in only this time window.
>
> The benefit of this scheme is that we can keep a consistent ssh host keys
> across multiple re-installation of the client machines. Puppet
> certificate is also distributed securely as we are not very comfortable
> with autosigning of puppet certificate. There is a mechanism in cobbler
> which provides a way to tie user defined action to certain cobbler commands.
>
> I started to use Foreman because I really liked many of its features.But
> keeping consistent ssh keys is one of the main requirement for us.
>
> Is there any mechanism in foreman where we can run a script on foreman
> server which is tied to build command ?
>
> Or other way of achieving the same result.
>
> Thanks
> Kashif
>
>
Hi Andy
Thanks and lot. It is exactly what I was looking for.
Cheers
Kashif
···
On Tuesday, July 30, 2013 3:51:51 PM UTC+1, kashi...@gmail.com wrote:
>
>
> Hi
>
> We have a setup of cobbler+puppet where we create puppet certificate of
> client machine on puppet master and also ssh hostkeys. At the end of
> installation, it runs a cgi-script to change the status of client machine
> from installing to setup and then after rebooting of the machine another
> cgi-script copies ssh keys and puppet certificate from puppet/cobbler
> master to client and change the status of machine to running. cgi-script
> make sure that client machine can scp keys only during the period when
> machine is in setup state. The period between installing and running is
> hardly 1-2 min so some one can copy keys in only this time window.
>
> The benefit of this scheme is that we can keep a consistent ssh host keys
> across multiple re-installation of the client machines. Puppet
> certificate is also distributed securely as we are not very comfortable
> with autosigning of puppet certificate. There is a mechanism in cobbler
> which provides a way to tie user defined action to certain cobbler commands.
>
> I started to use Foreman because I really liked many of its features.But
> keeping consistent ssh keys is one of the main requirement for us.
>
> Is there any mechanism in foreman where we can run a script on foreman
> server which is tied to build command ?
>
> Or other way of achieving the same result.
>
> Thanks
> Kashif
>
>
