[Puppet Users] Regenerating expiring agent cert on the master host (not CA cert)

[Andy Smith]

Hi,

I've got a puppet environment that's been around for nearly 5 years
now, so I started getting warnings about certificate expiry:

Warning: Certificate 'Puppet CA: puppet0.example.com' will expire on 
2017-12-30T02:36:41UTC
Warning: Certificate 'puppet0.example.com' will expire on 2017-12-30T02:36:42UTC

It's a very simple environment with only one puppetmaster, which is
puppet0.

So, I have the puppetlabs-certregen module and that took care of
renewing the CA certificate.

Now I only get:

Warning: Certificate 'puppet0.example.com' will expire on 2017-12-30T02:36:42UTC

on every host's agent run.

I note that certregen specifically says it's not designed to deal
with agent certificate renewal, so, what is the correct way to do
it when we're talking about the agent that is also the puppetmaster?

Searching around finds many suggestions of:

# rm -vr /var/lib/puppet/ssl

That doesn't seem appropriate for the host that's also the
puppetmaster.

I tried "puppet clean puppet0.example.com" in a test network but
afterwards puppet0 couldn't regenerate its own agent certificate
saying that it had been revoked, and neither could any other host's
agent connect any more.

What is actually the correct procedure when the host in question is
also a master host?

Cheers,
Andy

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/20171101173232.GN3124%40bitfolk.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: get physical disk for lvm usage?

[jcbollinger]

On Wednesday, November 1, 2017 at 6:07:49 AM UTC-5, Martijn wrote:
>
> Well, if you do $disks = facts['os']['disks'] (note: facts, not facter), 
> you'll have a hash of all disks in $disks. Some of the functions in 
> puppetlabs-stdlib let you modify hashes. Take a look at delete 
>  to drop keys like 
> 'fd0' and 'sda' from the hash, then you can use the remaining hash as input 
> for the LVM module.
>
>
I have always thought that the stdlib docs are a bit colloquial and 
imprecise where they describe functions that supposedly modify an array or 
hash.  What they actually do, I think, is create a *new* array or hash 
whose contents match the original, except for the specified modifications.  
This is the same distinction as between Ruby's Array.reject! and 
Array.reject, and although it's a bit subtle, it makes a tremendous 
difference.  It therefore behooves us to be as clear as possible.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/fc5ef90e-e4f4-42b4-be17-5fd43947ea02%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: get physical disk for lvm usage?

[Martijn]

Well, if you do $disks = facts['os']['disks'] (note: facts, not facter), 
you'll have a hash of all disks in $disks. Some of the functions in 
puppetlabs-stdlib let you modify hashes. Take a look at delete 
 to drop keys like 'fd0' 
and 'sda' from the hash, then you can use the remaining hash as input for 
the LVM module.

Regards, Martijn

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/96b3e1e7-b74b-446d-b0a9-8ad230e24812%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.