Currently it's a manual process to sign a hosts certificate request on our puppetmaster, which is fine for normal server installations but as I have been automating more of our cPanel VDS setups there ends up being a bunch of certs that need to signed, which then get forgotten as part of the setup...

So something had to be done about it, and some kind of automation was obviously the way forward.

I only want it to auto sign certificates which are for cPanel VDSs, leaving anything else for manual signing.

When VDSs are setup using the createvm script, it runs a check to ensure that the VDS you are trying to create exists in racktables as a cPanel VDS, if it doesn't it tells you to add it/rerun the script. I have used this check in my auto signer, to only sign the certs in the queue that exists in racktables as a cPanel VDS!

The script is:

I have set a cron (with puppet!) to run it every minute.