Hi Grant, On 14 Jul 2015, at 20:03, Grant Schoep <matobin...@gmail.com> wrote:
> Using Puppet 3.6 now, but will be upgrading to 3.8 shortly. All running on > CentOS 7 > > So I am setting up a small network to be used in testing application > deploys/OS. The idea is basically this. > > 1. Build out a new VM(based off Puppet classes). > 2. Install software > 3. Test that software > 4. Blow away VM > > So I have self signing turned on, so when the machine first installs and runs > puppet for the first time, it applies everything we want. All these steps is > happening "automatically" Which is why I have self signing turned on in this > case. > > Now, the only hiccup, is that in this procedure, the ONE manual step I have, > is that I need to go onto the puppetCA server, and run a "puppet cert clean > hostname" > Shortly this is going to be a real pain, as there will be a bunch more manual > machines. Short of setting up a cron job, or using ssh'keys... > > Is there a built in way to tell the PuppetCA server to just accept newly > generate keys... and "clean" the old one.... I guess this is sorta bypassing > the whole idea of signed keys, but then I have self signing turn on anyways... > > If not, I'll probably just write a simple RESTful app that sits on teh > PuppetCA server, that I can "curl" to to tell it to remove the old host key. > I need to do things like that anyways in the building of of the VMs. No need to do this. Puppet has a REST API built in. You need to allow a remote system access to certificates via auth.conf http://projects.puppetlabs.com/projects/1/wiki/Certificate_Authority_Rest_API https://docs.puppetlabs.com/puppet/latest/reference/http_api/http_certificate.html Best, Martin > > > > > > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/3dda1ebb-e4c8-4fe7-b997-585475cf48f3%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5CE8ADA2-E1DB-40BA-973B-1B8817DE099B%40gmail.com. For more options, visit https://groups.google.com/d/optout.
