Pablo Fernandez
2014-Jan-09 09:42 UTC
[Puppet Users] Single certificate, multiple nodes... or image-based systems
Dear all, We are thinking about the possibility of using Puppet in an image-based cluster. The compute nodes would boot and load the whole image to a ramdisk, where r/w access is granted afterwards. Our idea is to have a sample compute node running puppet where to create the image from, and periodically extract a new image from it. Nodes that reboot, simply take that image, change the hostname and IP addresses, and little more (typical in image-based systems). The nice thing about this is that, since the source image is from a puppetized host, its clones will be as well! So changes in the puppet configuration will be applied immediately to the nodes. Does it sound right? I currently foresee a problem with the puppet node certificates: is it possible to use a generic certificate, to enable trust between puppet server and clients, but having each node a different fqdn and be treated by puppet as different hosts (including PuppetDB entries)? I saw different facts for each: ::clientcert and ::fqdn, that gave me hopes. Besides that, do you see any other problem with this type of deployment? Does anybody have experience with something similar? Thanks! BR/Pablo -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52CE6F14.7060508%40cscs.ch. For more options, visit https://groups.google.com/groups/opt_out.