On Mon, Jun 27, 2011 at 4:52 PM, j...@squirk.org <j...@squirk.org> wrote: > Le 16/06/2011 20:12, Nathan Clemons a écrit : >> Thanks. I think having to go out across the board once every 5 years >> is quite acceptable, although advance warning from the master that >> it's going to happen would definitely be a good thing. >> >> Jean: Kudos to running Puppet for 5 years! :) >> > > yes i was planning to install cfengine when the first puppet appeard, i > really liked the way of thinking of the creator that seemed to me a very > good approach of the issue so i jumped in. > > as i needed to make change to all the nodes i simply recreated a 20year > CA and got to everynode removing the ssl certs and sign again all nodes > on the master. If someone knows how to spot a client coming to puppet > and failing the ssl handcheck it would help a lot to spot the one i > missed out if any ! :) > one simple way is simply to look at foreman puppet certificate list. you can also query it via the api, and evaluate the certificate expire date.
Ohad > > regards, > Jean. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
