Thanks John, I think that answers the rest of my question. I'm actually doing this in stages - the critical node is worker3.blahblah.com, so I'm making spare.blahblah.com into worker4.blahblah.com (with the critical services not started), then I'll be rsyncing, and then shutting down worker3, and changing the hostname of worker4 to worker3.
Thank you, Roger On Monday, July 7, 2014 10:42:15 AM UTC-4, jcbollinger wrote: > > > > On Monday, July 7, 2014 8:01:18 AM UTC-5, Roger Sherman wrote: >> >> Hi Den, and thank you for the response. >> >> There is some data that will need to be rsynced, but mostly it's drawing >> from mysql nodes, and not storing or creating data itself. >> >> One issue, though, that I wonder if just copying and pasting into the >> spare nodes manifest - I need the hostname to change as well. I'm assuming >> to do that, I delete the certs on the agent and master, and send another >> certificate request from the agent to the master? Or is there a better way >> to handle that? >> >> > > If you are going to change the spare's hostname (and you are using > hostnames as node identifiers, which is the default) then you should clean > its current cert from the master, clean the whole /var/lib/puppet/ssl > directory from the node, and have the node recertify with the master. If > it happens that you are changing the node's hostname to the erstwhile > hostname of the current prod server then you will also need to clean the > prod server's cert from the master before it will sign a new cert for the > same node identifier. > > If you want the current and future servers both to be able to sync to the > master during the transition, then you should also be able to make the > spare usurp the prod server's identity by wiping the spare's > /var/lib/puppet/ssl and putting a copy of the prod server's in its place. > The spare should then receive the same catalogs as the prod server, modulo > differences arising from different node facts. You can do that before > changing the spare's hostname, as it is only convention that hostnames > match the identifier on their SSL certs. > > > John > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/043a1b1a-4d67-45de-b799-adee19f9d974%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
