On Wed, Sep 12, 2012 at 10:51 AM, Ano nym <tuz1...@gmail.com> wrote: > Hello everybody, > > we´re using Red Hat Kickstarts for some systems. On every new kickstart > we´ve to delete the client certificate first on the master. > > Ist there a best practise to renew the certificate or delete it remotely on > the master?
If you're rebuilding a machine, I'd suggest that you also want to remove any reports, facts and anything else that puppet knows about your old host. Given that, I can't see any other possibility than changing your provisioning process to have a 'puppet node clean' step *before* re-provisioning your host. Additionally, I'd give serious consideration to trying to automate the regeneration of client certs. If someone else comes in to your network, they could give their device the same hostname as an existing puppet-managed host, then via this envisioned automated process, would kick your existing host off, and connect themselves (this assumes you have auto-signing configured). Regards, Matt. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
