cookbook 'pki', '= 0.0.2'
pki (3) Versions 0.0.2 Follow1
Installs/Configures pki
cookbook 'pki', '= 0.0.2', :supermarket
knife supermarket install pki
knife supermarket download pki
DESCRIPTION:
Proof of concept PKI implementation, powered by inter-node convergence and stateful resource providers.
REQUIREMENTS
RHEL6/Centos6 or higher
hostname resolution taken care of earlier in the runlist (dns, etchosts)
Bootstrapped with
-r 'recipe[selinux::disabled],recipe[yum::epel],recipe[etchosts],recipe[pki::server]'
-r 'recipe[selinux::disabled],recipe[yum::epel],recipe[etchosts],recipe[pki::client]'
ATTRIBUTES
node[:pki][:openssldir]
USAGE
Clients check to see if they have an SSL keypair for their FQDN.
If not, pki_servercert is called, which generates a private key and a CSR.
The node then posts it's CSR as a node attribute
When the server side runs, it searches for a list of clients with the pki csr attribute
set. When it finds a CSR, it signs it and places the resulting public key in a directory exposed by rsync.
Since these are public keys, there are no security concerns here.
When a client is satisfied about its certificate, it will remove the attribute.
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
