Sorry I was not clear, I´m trying to cleanup the cert of just one host with.
puppet cert clean cert_name Still don´t understand why it takes so much time to cleanup a single host. Same clean command for different cert_names output different serials. Thanks. --av.- On Wednesday, June 10, 2015 at 5:56:57 AM UTC-7, jcbollinger wrote: > > > > On Tuesday, June 9, 2015 at 4:03:42 PM UTC-5, Gabriel Filion wrote: >> >> On 09/06/15 12:14 PM, Andrés Abelardo Villarroel Acosta wrote: >> > I´m not puppet expert, and I know this may be a question completely >> > relative to my environment, I just want to know why when I run >> > >> > puppet cert clean >> >> humm .. the text below gives the impression that the command you're >> running is actually revoking every certificate it knows of, which is not >> supposed to happen unless you specify "--all". >> >> What version of puppet are you running on your puppet master? >> >> > > Indeed. "puppet cert clean" by itself should not do anything other than > produce a diagnostic, as a hostname is required (for "clean") unless > '--all' is specified. This applies both to Puppet 3 and to Puppet 4, so if > different behavior is observed then I'm sure PL would appreciate a ticket. > > If the "--all" option is assumed, then the expected behavior would be to > revoke every still-valid certificate ever signed by the CA, and to remove > the associated CSRs and certs. This is probably not what you want. If in > fact the CA has thousands of outstanding certs, however, then the process > indeed could take a long time. In that case, you would be wise to consider > whether you should *expect* thousands of certs, as few sites have > multiple thousands of machines under management by the same (logical) > master. Based on certificate serial numbers, though,it looks like your CA > indeed has signed more than 160K certs. > > > John > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/71b2693e-baf3-4010-812c-9a5f67044442%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
