On Jul 10, 2010, at 7:57 AM, Peter Meier wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 07/10/2010 04:54 PM, Patrick Mohr wrote: >> On Jul 9, 2010, at 11:58 PM, James Turnbull wrote: >> >>> Certificates cleaned with puppetca (or puppet cert) are now also >>> revoked. >> >> Is there some way to clean a cert (using puppet cert) without >> revoking it? Something like "puppet cert --clean hostname.domain >> --no-revoke". > > afaik, not. But could be a feature request. On the other hand, what's > the use case?
This isn't my usecase so I don't care, but since you ask... Suppose you have machines that: *) Don't get any sensitive information through puppet. *) Are re-imaged often using PXE+preseeding or PXE+kickstart *) All the computers have names in the form of "lab-client-*.domainname" Someone said that in this case you can put "puppetca --clean lab-client-*.domainname" as a cron job, and put "lab-client-*.domainname" in autosign.conf. Again, I don't do this, so don't do it for me. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
