Hi,
to re-iterate the point: Doing this is a Very Bad Idea in terms of security.
If you don't care at all, the script would look like the following. PHP
pseudocode example, choose your poison at will, of course.
<?php
system('sudo puppet cert clean ' . $_GET['node']);
You can invoke it e.g. using
wget -O/dev/null https://your.master.fqdn/blast_cert?node=`puppet agent
--configprint certname`
to remove the certificate of the machine that is calling.
But again - please consider creating a secure channel from whatever
infrastructural component that is responsible for the re-provisioning,
so that the old certificates can be removed in a safe fashion.
HTH,
Felix
On 12/09/2014 11:54 PM, heeyoung kim wrote:
> Hello
>
> I am so curious how to resign certificate on puppet master after agents
> rebuild OS.
>
> I found a good article as follows.
> https://groups.google.com/forum/#!topic/puppet-users/vTLcGA87buo
> <https://groups.google.com/forum/#%21topic/puppet-users/vTLcGA87buo>
>
> However, the below site ,posterous.com, closed.
>
> /"OK, just had to post this! I found a solution to my issues that may
> help others.
>
> http://glarizza.posterous.com/managing-puppet-ssl-certificates
> <http://glarizza.posterous.com/managing-puppet-ssl-certificates>
>
> Basically a CGI script located on you CA Server. You can pass the
> hostname/certname that you want to clean via http to the script and
> have it clean it off the CA Server. More details in the link above.
> This is working great for me and I'll be using it until similar
> functionality is included by default in puppet."/
> /
> /
>
> Does anyone know how to make the script?
> I am new to linux, puppet and script, so I appreciate you with any
> solution, idea and advice!!
>
> Thanks,
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/548AE443.7040908%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.
