cookbook 'pki', '= 0.0.1', :supermarket
cookbook 'pki', '= 0.0.1'
knife supermarket install pki
knife supermarket download pki
Proof of concept PKI implementation, powered by inter-node convergence and stateful resource providers.
RHEL6/Centos6 or higher hostname resolution taken care of earlier in the runlist (dns, etchosts)
Bootstrapped with -r 'recipe[selinux::disabled],recipe[yum::epel],recipe[etchosts],recipe[pki::server]' -r 'recipe[selinux::disabled],recipe[yum::epel],recipe[etchosts],recipe[pki::client]'
Clients check to see if they have an SSL keypair for their FQDN. If not, pki_servercert is called, which generates a private key and a CSR. The node then posts it's CSR as a node attribute
When the server side runs, it searches for a list of clients with the pki csr attribute set. When it finds a CSR, it signs it and places the resulting public key in a directory exposed by rsync. Since these are public keys, there are no security concerns here.
When a client is satisfied about its certificate, it will remove the attribute.
This cookbook has no specified dependencies.
There are no cookbooks that are contingent upon this one.