Hi,
On the master,
puppet cert print <certname>
Look for the lines :
Validity
Not Before: May 10 10:23:49 2013 GMT
Not After : May 10 10:23:49 2018 GMT
On 01/09/2014 04:57 PM, Stephan wrote:
If this is only on the puppet master then I would do that outside
puppet, maybe with a weekly cronjob, which moves or deletes expired
certificates.
On linux with GNU date put this into a for loop going through all certs:
now=$(date +%s)
cert=$(date --date="$(openssl x509 -enddate -noout -in your.crt | sed
-e 's/notAfter=//')" +%s)
if [ $now -ge $cert ]; then
echo "do your cleanup tasks here"
fi
Once the directory is acceptable you can put it on your clients with a
file resource and recurse => true.
If you use version control with svn or git etc. for your puppet code
you might want to keep this outside, with /etc/puppet/fileserver.conf
On Thursday, January 9, 2014 3:22:31 PM UTC, Paolo Brocchi wrote:
Hi Stephan,
thanks for the quick answer.
I try to explain better.
For example:
I have a pem certificate on puppet master path
/puppet/files/xxx.pem this certificate i would copy in many agent
puppet under /etc/. Before to copy it i would to check if
certificate is not expired.
How can i do?
Thanks again
Paolo
Il giorno giovedì 9 gennaio 2014 13:23:44 UTC+1, Paolo Brocchi ha
scritto:
Hi all,
i would like to replace pem certificate to agent servers.
Before to replace it i would do some checks like : certificate
expired date, right CN, right private key.
Can anyone help me?
Regards
Paolo
--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/905474da-28c1-4d1c-bb11-c8be50ffb385%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
Johan De Wit
Open Source Consultant
Red Hat Certified Engineer (805008667232363)
Puppet Certified Professional 2013 (PCP0000006)
_________________________________________________________
Open-Future Phone +32 (0)2/255 70 70
Zavelstraat 72 Fax +32 (0)2/255 70 71
3071 KORTENBERG Mobile +32 (0)474/42 40 73
BELGIUM http://www.open-future.be
_________________________________________________________
Next Events:
Puppet Fundamentals Training |
http://www.open-future.be/puppet-fundamentals-training-4-till-6th-february
Puppet Intruction Course |
http://www.open-future.be/puppet-introduction-course-7th-february
Zabbix Certified Training |
http://www.open-future.be/zabbix-certified-training-10-till-12th-february
Zabbix for Large Environments Training |
http://www.open-future.be/zabbix-large-environments-training-13-till-14th-february
Subscribe to our newsletter | http://eepurl.com/BUG8H
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/52CF9DFA.7040507%40open-future.be.
For more options, visit https://groups.google.com/groups/opt_out.
