On Thu, Aug 25, 2011 at 1:31 PM, Roy Nielsen <r...@lanl.gov> wrote: > Hello, > > We need to migrate ~3000 machines to a new puppet server. > > What is the recommended method of doing this, considering the cert issues?
Not much, just make sure you generate a cert for the new puppet master using the existing CA cert. You should not need to replace the existing agent certs, and this give you an easy way to fail back in case you run into any issues. Migrate puppet manifests/configuration. Copy the old puppet server ssl directory to the new master (replace everything in there). Generate a new cert for the new puppet master $ puppet master --no-daemonize -v Run puppet cert -p and check the new puppet master cert is signed by the same CA as existing agent certs. Test an existing agent against the new master. $ puppet agent --server new_master -t --noop Update DNS to new puppet master. Thanks, Nan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
