On Tue, Feb 16, 2010 at 11:16 AM, Seth Vidal <skvidal@xxxxxxxxxxxxxxxxx> wrote: > > > On Tue, 16 Feb 2010, brett lentz wrote: > >> On Tue, Feb 16, 2010 at 9:49 AM, Seth Vidal <skvidal@xxxxxxxxxxxxxxxxx> >> wrote: >>> >>> hey funcsters, >>> Got a zany idea - I know there are a lot of people using puppet for >>> their >>> config mgmt- and puppet has its certs for doing the same thing that >>> certmaster does - heck - this is what we based certmaster to do. >>> >>> My question is this - if func was able to just use the certs that puppet >>> already has would that be more useful to anyone? >>> >>> -sv >>> >> >> >> Funny enough, I already was planning on doing this in the near future >> for $dayjob. >> >> I don't think there's really much Certmaster needs to do to support this. >> >> By default, puppet stores it's certs in /var/lib/puppet/ssl, and func >> uses /etc/pki. The first step seems to be to teach people to >> configure their puppet deployments to use /etc/pki and/or teach >> certmaster to look in /var/lib/puppet/ssl for certs. > > well certmaster would be removed from the equation entirely at that point. > > It would just be teaching func to use puppet's ca and certs instead of > certmaster's. > I think this would be useful for $dayjob also :). Having one tool to sign things and use the same methods would be good. Which is a better tool though? Certmaster or puppet's certs. My guess is that the puppet would get more eyes on it so using it would be better.. -- Stephen J Smoogen. Ah, but a man's reach should exceed his grasp. Or what's a heaven for? -- Robert Browning _______________________________________________ Func-list mailing list Func-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/func-list
