[Freeipa-users] IPA dogtag as CA for puppet ?
Dmitri Pal
dpal at redhat.com
Tue May 22 11:00:11 UTC 2012
On 05/21/2012 05:16 PM, Erinn Looney-Triggs wrote:
> On 05/21/2012 01:00 PM, Jan-Frode Myklebust wrote:
>> If joining a machine to IPA automatically gives it a SSL keyset, it
>> seems silly to also join the puppetca for config management.
>>
>> Has anybody looked into using IPA-dogtag as CA for puppet and func?
>>
>>
>> -jf
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
> This has been something of a project for me, but it has been on the back
> burner whilst I deal with other things (the usual story right).
>
> There shouldn't be any technical reason why this can't be done, it is
> just a matter of getting the certs in the right format, I expect a
> bridge between puppet, func, and certmonger is on order and then you
> would be good to go.
>
> In my mind there are too many CAs running around and I like one to rule
> them all. I, like you I suspect, run func and puppet as well as IPA
> giving me three CAs. Now func can rely on puppet as the CA if you
> configure it to, but I want just one :).
>
> Anyway just my thoughts, no real progress in that direction though yet,
>
> -Erinn
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
Most likely we will be working with Foreman community [1] to try to
solve this and other problems.
It might make sense to consolidate the effort.
[1] http://theforeman.org/projects/foreman
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list