canmove, Confirmed users
1,394
edits
ReleaseEngineering/PuppetAgain/Puppetmasters: Difference between revisions
Jump to navigation
Jump to search
ReleaseEngineering/PuppetAgain/Puppetmasters (view source)
Revision as of 03:59, 23 May 2012
, 23 May 2012→Cert Signing
(→Repos) |
|||
| Line 52: | Line 52: | ||
All of our installation tools are scriptable. These tools are responsible for fetching a signed certificate from the puppet master and installing it on the client before its first boot. This transaction IS be authenticated using a protected secret. Non-Mozilla users can simply omit this part of the setup and sign certificates by hand. The shared secret is a password. For systems where the base image is access-restricted, this password is embedded in the image. For other systems (e.g., kickstart), the password must be supplied by the person doing the imaging, at the beginning of the process. | All of our installation tools are scriptable. These tools are responsible for fetching a signed certificate from the puppet master and installing it on the client before its first boot. This transaction IS be authenticated using a protected secret. Non-Mozilla users can simply omit this part of the setup and sign certificates by hand. The shared secret is a password. For systems where the base image is access-restricted, this password is embedded in the image. For other systems (e.g., kickstart), the password must be supplied by the person doing the imaging, at the beginning of the process. | ||
See [[ReleaseEngineering/PuppetAgain/ | See [[ReleaseEngineering/PuppetAgain/Puppetization Process|Puppetization Process]] and [[ReleaseEngineering/PuppetAgain/Certificate Chaining|Certificate Chaining]] for details on this system. | ||