On Thursday, September 17, 2015 at 7:27:59 AM UTC-5, Kostis Fardelas wrote: > > Hi, > I revoke a host cert: > puppet cert --revoke host1.example.com > > I verify that the host1 cert was added to the crl, restarted puppetmaster > and the client is indeed banned. > > I clean another's host cert: > puppet cert --clean host2.example.com > > I verify that host1 cert was REMOVED from crl and host2 cert was added to > it. > > Now host1 can run puppet and host2 cannot. Does this sound like a bug to > you or a misconfiguration? > >
It sounds like a bug to me. Even if the issue could be traced back to configuration (which I doubt), under no circumstances should *any* configuration or misconfiguration lead to 'puppet cert' removing a cert from the CRL under any circumstances. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/574a583b-78a2-49b0-b03a-b66cbff6eefa%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
