On 06/01/2016 09:39 AM, warron.french wrote: > Hello again, > I have a a few Puppet Agents on to which I installed the > puppet-agent software from my first Puppetmaster1, however, something > happened and I had to rebuild that server - for labelling purposes I am > (in this email) calling it Puppetmaster2. > > The puppet agents all have their certs signed by Puppetmaster1, but that > server no longer exist and now I have Puppetmaster2 (still the same > hostname actually). > > > How do I associate the puppet-agent nodes with the newer Puppetmaster2 > server properly? > > Do I execute an: *rpm -e puppet-agent* on all of the nodes, and then > re-run the *curl *command to properly re-install and generate a new > certificate from the newer Puppetmaster2 (puppetmaster)? > > Do I just go onto each of the nodes and simply remove the ssl > subdirectory and then re-run the: *puppet agent -t* command (which > didn't seem fail, or show its certificate up on the Puppet Admin Console)?
Assuming that re-running 'puppet agent -t' would cause the systems to look at your new puppet master then the following should be all you need to do: On the nodes, assuming an EL7 system and the latest puppet since you said puppet-agent for your package: --[cut]-- systemctl stop puppet rm -rf /etc/puppetlabs/puppet/ssl/* puppet agent -t --waitforcert 60 # assuming your current manifests don't force the agent to restart systemctl start puppet --[/cut]-- On the puppet master, accept the new node -Andy- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/574F116A.20504%40bardicgrove.org. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
