On Tuesday, April 8, 2014 7:01:14 AM UTC-5, Felix.Frank wrote:
>
> Hi,
>
> this approach to working around the issue is pretty horrible IMHO. I
> would recommend to go ahead and use Tim's approach of just removing the
> CSR files manually. That is both less error prone and more secure.
>
>
Yes, and if there are enough of these to be tedious/inconvenient, or if you
need to do the job often, then it ought to be reasonably simple to write a
script to collect the certificate names via "puppet cert list" and convert
them directly into 'rm' commands for the certificate request files. That
could make it easier on you while still avoiding ever signing the cert
requests.
Something along these lines (untested!) might do the trick:
#!/bin/bash
puppet cert list |
while read line; do
head=${line%\"*}
name=${head:1}
rm /var/lib/puppet/ssl/ca/requests/"${name}".pem
done
Or (also untested):
#!/bin/bash
rm_request() {
pems=(${@/%/.pem})
rm ${pems[*]/#/\/var\/lib\/puppet\/ssl\/ca\/requests\/}
}
puppet cert list \
| sed 's/"\([^"]\+\)"/\1/0' \
| xargs rm_request
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/1fea3ffb-6bbb-46bb-a276-845c95616cdf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
