[Freeipa-users] Best practice for requesting a certificate in Kickstart?
Anthony Clark
anthonyclarka2 at gmail.com
Sun Apr 24 02:46:13 UTC 2016
Hello All,
TL;DR: what's the best way to grab a SSL cert and key during kickstart?
(this is all using CentOS 7.2 latest)
I'm using Foreman to manage my kickstart and Puppet services, and its
built-in FreeIPA client enrollment works just fine.
However I'd like to also request a certificate and key for a Puppet client
to use to authenticate to the Foreman-controlled Puppet server.
If I manually set up a puppet client then it works just fine. I use
something like this:
# ipa-getcert request -w -r -f /var/lib/puppet/ssl/certs/<%= @host.name
%>.pem -k /var/lib/puppet/ssl/private_keys/<%= @host.name %>.pem
# cp /etc/ipa/ca.crt /var/lib/puppet/ssl/certs/ca.pem
(then setting the correct paths and settings in /etc/puppet/puppet.conf)
I tried to make that work inside the Kickstart process, but as those
commands are running inside a kickstart chroot the certmonger service won't
start.
Is there a better method to grab a SSL cert and key for the host during
kickstart? Or should I just wait until firstboot and perform the steps at
that point?
Many Thanks and FreeIPA is really amazing!
Anthony Clark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160423/c2a35880/attachment.htm>
More information about the Freeipa-users
mailing list