> Hi All, Hello Johan, > > I want to implement Func in our infrastructure, but I have a question > > about the reinstallation of hosts. > > As in our environment we can (and will) reinstall several or all hosts > > at any time. But what happens with the certificates created by the > certmaster? Naturally you can use func in any situation. There are some different cases of "reinstallation" to consider. You can simply want to reinstall func (for any reasons, for example change the certmaster that control your minion); what you have to do in these cases is to delete certificate both on the minion and certmaster side. If for reinstallation you mean that you want to format the machine and reinstall the operating system too, you just need to unsign minion on the certmaster side (that pratically means delete certificate) and configure again your minion. > Is there any setting or procedure forseen to handle those things? > Of course everything should happen automatically without any manual > intervention. And it is also possible that the func overloard will be > > reinstalled. I think it's impossibile to do all automatically, first of all because you have to configure your minion with the configuration to connect to your certmaster (host name + hosts file if you haven't a dns). It's possible to reinstall overlord machine but in this case you need to resign all the minion certificates. Writing OpenSymbolic we have written some scripts to get this procedure as automatically as possible. For example the installation of minion is controlled by cobbler/func so this means that after operating system installation func will install func/certmaster and configure it automatically with the certmater information; with another script we sign/unsing (completely unsign, so also with minion certificates deletion) all the minions. So as you can see it is possibile to get automatic procedure for func, but you need to work a lot with many different tools. If you want you can test OpenSymbolic to see al the things you can do using func... and to get all things in easy way. Hope these help you. > > Is it possible to use Func in those situations? > > Any help appreciated! > > Greetings, > Johan Huysmans > Regards Marco > _______________________________________________ > Func-list mailing list > Func-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/func-list _______________________________________________ Func-list mailing list Func-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/func-list
