On Monday, July 7, 2014 8:01:18 AM UTC-5, Roger Sherman wrote: > > Hi Den, and thank you for the response. > > There is some data that will need to be rsynced, but mostly it's drawing > from mysql nodes, and not storing or creating data itself. > > One issue, though, that I wonder if just copying and pasting into the > spare nodes manifest - I need the hostname to change as well. I'm assuming > to do that, I delete the certs on the agent and master, and send another > certificate request from the agent to the master? Or is there a better way > to handle that? > >
If you are going to change the spare's hostname (and you are using hostnames as node identifiers, which is the default) then you should clean its current cert from the master, clean the whole /var/lib/puppet/ssl directory from the node, and have the node recertify with the master. If it happens that you are changing the node's hostname to the erstwhile hostname of the current prod server then you will also need to clean the prod server's cert from the master before it will sign a new cert for the same node identifier. If you want the current and future servers both to be able to sync to the master during the transition, then you should also be able to make the spare usurp the prod server's identity by wiping the spare's /var/lib/puppet/ssl and putting a copy of the prod server's in its place. The spare should then receive the same catalogs as the prod server, modulo differences arising from different node facts. You can do that before changing the spare's hostname, as it is only convention that hostnames match the identifier on their SSL certs. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20dfb626-10bf-4bdd-8d51-2ace64e83582%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.