Hi I try to solve the following case:
I have a bash script, cert_check.sh which is used to check Jboss certificates. The script returns 0 if certs are still valid, 1 if they are about to expire and 2 if they are already expired. The script should be executed on all jboss nodes which is possible with a simple exec. If the script returns 1 or 2 I would like another exec to be executed on a different node, possibly the puppetmaster. That exec will perform a REST API call to a server with curl (probably another exec in Puppet). That call will generate a new certificate and copy it back to the node with an expired/about to expire certificate. Initially I was considering to just perform the call directly from each node (exec with an unless attribute), but that is not ideal with respect to security as the username/password for the REST API should not be visible on all nodes, and firewall openings to the host handling the certificate generating / copying must be added for all networks with jboss-servers. Do you think it is possible to handle this with Puppet? Thanks, Erling -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/542ed92e-d85b-4f87-a01e-0fd6a111b0a1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
