I am thinking about using puppet to manage my ssh keys,
after all puppet is connected to all my servers and has access
to them. I think it could make a good fit.
Has anyone managed to use puppet as a form of pki (public key
infrastructure)? any thoughts
you would like to share, be they good bad or indifferent.
I have looked at the authorized_keys example on the puppet wiki
and had a play around with it. It looks like a good start at
getting things going in the right direction.
Obviously we all want to automate as much as possible
and for me specifically adding in accounts to the manifest
is too much work. What I was thinking was doing something like
creating a fact that gets run on my home directory NFS server, for
example
the following are the exported homes on my nfs server
/exporthomes/
user1/
user2/
user3/
...
Could I have a fact return the list of directory names, which then
get used by the ssh manifest? is this a reasonable way to do this?
This will save having to explicitly add new people to the manifest
when we get a new starter, since by the definition of adding a user
it will create the homedir. As such on the next puppet run their
public and private key will be generated, and once the user
logs on to their workstation they will get the home directory
mounted and be able to log in to whatever their login class
is allowed.
Another issue I am grappling with is setting up the root account
for each server we provision, the way I see it we can create an
individual root key pair for each server or just push out the
same keys to all servers.
Thanks
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---