As Steven said, it is normal for a puppet-master not to allow a re-imaged machine until the certificate is re-generated. I will point out that depending on the your environment, it may be a security risk to any client to authenticate against the puppet-master.
For my environment, I explicitly disable autosign and manually sign most machines (I may re-enable it once I move Puppet into a cluster that allow me to explicitly allow/disallow access at a layer 4 level). it takes some work, but I am not building hundreds of machines a day (yet). Even then, you can mass sign the machines with: puppet cert sign --all That said, you can pre sign the certs with: puppet cert --generate client.fqdn and then integrate as part of your build process. That way, if you need to rebuild the machines, you can just use the same cert without having to re-sign the client again. - Rilindo On Oct 3, 2012, at 11:18 AM, RedJinnee <redjin...@gmail.com> wrote: > Hi, > I have upgraded my puppet master to 2.7 with autosign enabled, it works > great, the only issue I have it that when I re-image any client machine (blow > away /var/lib/puppet ) folder and try to run puppet again, it fails to > authenticate. > The solution will be to (revoke + clean) the certificate of the client from > the puppetmaster then remove /var/lib/puppet from client and re-run puppetd > on client. > > Is this a normal behaviour from puppet 2.7 ? or should the client look up if > the master has an old certificate and just use it, rather than asking for new > one. > > an insight will be helpful. > > /etc/puppet$ cat autosign.conf > *.localdomain.local > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/81blhmqfeSsJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
