On Wed, Aug 15, 2012 at 8:53 AM, jerome <jerome.steunenb...@gmail.com> wrote: >Can the agent tell the master to clean the key for its hostname ?
This is possible, if you are comfortable with opening up access to the puppet REST API on the master. In auth.conf, you can change the options for the /certificiate_request path, to allow 'destroy' operations to be initiated: <snip> path /certificate_status/ auth yes method find, save, destroy allow *.domain <snip> >From the client, you can run a curl which cleans the certificates, provided you've got the puppet CA cert and client key, which could easily be thrown into a script that's run before reinstallation. curl --cert /var/lib/puppet/ssl/certs/client.fqdn.pem --key /var/lib/puppet/ssl/private_keys/client.fqdn.pem --cacert /var/lib/puppet/ssl/certs/ca.pem -k -X DELETE -H "Accept: pson" https://puppetmaster:8140/production/certificate_status/fqdn.client More info is here: http://docs.puppetlabs.com/guides/rest_api.html#certificate-status Again, there are some security implications of opening this up, so think about it a bit before you do it. Just figured I'd post a proof of concept :) -Steve -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
