Puppet users - Apr 2007 - Anyone using Puppet to manage Red Hat Network registrations?

Before I start working on it, I''d like to check if anyone is already
using Puppet to manage their servers'' RHN subscriptions.

We run a local RHN Proxy server and at the moment, I''m using Kickstart
to:

- Install Facter and Puppet
- Install our organisations trusted RHN SSL certificate
- Download and install our RHN configuration file
- Import GPG keys
- Run rhnreg_ks to register the server with our RHN Proxy server

I''d like to limit Kickstart to installing Facter and Puppet and then
use
Puppet to do the RHN registration steps.  Has anyone tried this yet?

Cheers,

James

*********************************************************************************
Important Note
This email (including any attachments) contains information which is 
confidential and may be subject to legal privilege.  If you are not 
the intended recipient you must not use, distribute or copy this 
email.  If you have received this email in error please notify the 
sender immediately and delete this email. Any views expressed in this 
email are not necessarily the views of AXA-Tech Australia.   Thank you.
**********************************************************************************

--On Wednesday, April 04, 2007 2:51 PM +1000 "HARRIS Jimmy
(AXA-Tech-AU)"
<Jimmy.Harris@axa-tech.com> wrote:
> Before I start working on it, I''d like to check if anyone is
already
> using Puppet to manage their servers'' RHN subscriptions.
>
> We run a local RHN Proxy server and at the moment, I''m using
Kickstart
> to:
>
> - Install Facter and Puppet
> - Install our organisations trusted RHN SSL certificate
> - Download and install our RHN configuration file
> - Import GPG keys
> - Run rhnreg_ks to register the server with our RHN Proxy server
>
> I''d like to limit Kickstart to installing Facter and Puppet and
then use
> Puppet to do the RHN registration steps.  Has anyone tried this yet?
>
> Cheers,
>
> James
>
We use the RH Satellite server and we use kickstart to register the system 
with the server (we use the XMLRPC interface to get an entitlement for the 
system).

I don''t see why you couldn''t do all of the above except for
the question of
where you would get the RPMs for Facter and Puppet.  In our kickstart, we 
get them from our Stanford channel, which is accessible since the server 
gets registered as part of the kickstart build.  And in order to install 
those, the server needs the GPG key so that too is done in the kickstart.

Nevertheless, if you can install Facter and Puppet in the kickstart (maybe 
as unsigned certs or ignoring signatures and getting them from a website or 
somewhere other than the proxy), you can use the File type to download the 
SSL cert and config file and use this rpmimport definition to handle the 
GPG key:

define rpmimport($url, $signature) {
    exec { $name:
        command => "/bin/rpm --import $url",
        unless => "/bin/rpm -qi $signature"
    }
}

Sample use:

rpmimport {
    "redhat-rpmkey":
        url => "/usr/share/rhn/RPM-GPG-KEY",
        signature => gpg-pubkey-db42a60e-37ea5438;
}