Hi, Disclaimer: I haven't tested it yet
>on all clients: > * wipe out /var/lib/puppet/ssl > * run puppet agent -t --waitforcert 10 > * on master, sign client certificate If you have mcollective configured you can use [1] mco-removecert tool in order to simplify the client part: #!/bin/sh sslpath="/var/puppet/ssl" host=$1 mco service -I $host puppet restart | grep "errors" && exit 1 sleep 30 && mco service -I $host puppet stop echo "$sslpath/certs/ca.pem" mco filemgr -q -I $host --file $sslpath/certs/ca.pem remove echo "$sslpath/certs/$host.pem" mco filemgr -q -I $host --file $sslpath/certs/$host.pem remove echo "$sslpath/certificate_requiests/$host.pem" mco filemgr -q -I $host --file $sslpath/certificate_requests/$host.pem remove echo "$sslpath/crl.pem" mco filemgr -q -I $host --file $sslpath/crl.pem remove echo "$sslpath/private_keys/$host.pem" mco filemgr -q -I $host --file $sslpath/private_keys/$host.pem remove echo "$sslpath/public_keys/$host.pem" mco filemgr -q -I $host --file $sslpath/public_keys/$host.pem remove mco service -I $host puppet start It should do the dirty job for you :) [1] https://gist.github.com/lofidellity/1205953 Best regards -------------------------------------------------------------------------------------- Juan Sierra Pons [email protected] Linux User Registered: #257202 Web: http://www.elsotanillo.net Git: http://www.github.com/juasiepo GPG key = 0xA110F4FE Key Fingerprint = DF53 7415 0936 244E 9B00 6E66 E934 3406 A110 F4FE -------------------------------------------------------------------------------------- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CABS%3Dy9unYLGrDPhLdxPmhL6O0hhY6JQjXEryxnp8aHbGe7H5ug%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
