[Freeipa-users] IPA dogtag as CA for puppet ?
Erinn Looney-Triggs
erinn.looneytriggs at gmail.com
Mon May 21 21:16:54 UTC 2012
On 05/21/2012 01:00 PM, Jan-Frode Myklebust wrote:
>
> If joining a machine to IPA automatically gives it a SSL keyset, it
> seems silly to also join the puppetca for config management.
>
> Has anybody looked into using IPA-dogtag as CA for puppet and func?
>
>
> -jf
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
This has been something of a project for me, but it has been on the back
burner whilst I deal with other things (the usual story right).
There shouldn't be any technical reason why this can't be done, it is
just a matter of getting the certs in the right format, I expect a
bridge between puppet, func, and certmonger is on order and then you
would be good to go.
In my mind there are too many CAs running around and I like one to rule
them all. I, like you I suspect, run func and puppet as well as IPA
giving me three CAs. Now func can rely on puppet as the CA if you
configure it to, but I want just one :).
Anyway just my thoughts, no real progress in that direction though yet,
-Erinn
More information about the Freeipa-users
mailing list