This is normal. New system will always generate a new cert. You only need to delete /var/lib/puppet/ssl on the client and remove the cert on the master "puppet cert clean <cert>" There has been some discussions on ways to automate this. Should be able to find them in the archives.
Steven Date: Wed, 3 Oct 2012 09:18:49 -0700 From: redjin...@gmail.com To: puppet-users@googlegroups.com Subject: [Puppet Users] Puppet Autosign Hi, I have upgraded my puppet master to 2.7 with autosign enabled, it works great, the only issue I have it that when I re-image any client machine (blow away /var/lib/puppet ) folder and try to run puppet again, it fails to authenticate. The solution will be to (revoke + clean) the certificate of the client from the puppetmaster then remove /var/lib/puppet from client and re-run puppetd on client. Is this a normal behaviour from puppet 2.7 ? or should the client look up if the master has an old certificate and just use it, rather than asking for new one. an insight will be helpful. /etc/puppet$ cat autosign.conf *.localdomain.local -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/81blhmqfeSsJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
