If this is only on the puppet master then I would do that outside puppet,
maybe with a weekly cronjob, which moves or deletes expired certificates.
On linux with GNU date put this into a for loop going through all certs:
now=$(date +%s)
cert=$(date --date="$(openssl x509 -enddate -noout -in your.crt | sed -e
's/notAfter=//')" +%s)
if [ $now -ge $cert ]; then
echo "do your cleanup tasks here"
fi
Once the directory is acceptable you can put it on your clients with a file
resource and recurse => true.
If you use version control with svn or git etc. for your puppet code you
might want to keep this outside, with /etc/puppet/fileserver.conf
On Thursday, January 9, 2014 3:22:31 PM UTC, Paolo Brocchi wrote:
>
> Hi Stephan,
> thanks for the quick answer.
> I try to explain better.
>
> For example:
> I have a pem certificate on puppet master path /puppet/files/xxx.pem this
> certificate i would copy in many agent puppet under /etc/. Before to copy
> it i would to check if certificate is not expired.
>
> How can i do?
>
> Thanks again
> Paolo
>
> Il giorno giovedì 9 gennaio 2014 13:23:44 UTC+1, Paolo Brocchi ha scritto:
>>
>> Hi all,
>> i would like to replace pem certificate to agent servers.
>> Before to replace it i would do some checks like : certificate expired
>> date, right CN, right private key.
>> Can anyone help me?
>> Regards
>> Paolo
>>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/905474da-28c1-4d1c-bb11-c8be50ffb385%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
