Hi Grant, On 14 Jul 2015, at 20:03, Grant Schoep <[email protected]> wrote:
> Using Puppet 3.6 now, but will be upgrading to 3.8 shortly. All running on > CentOS 7 > > So I am setting up a small network to be used in testing application > deploys/OS. The idea is basically this. > > 1. Build out a new VM(based off Puppet classes). > 2. Install software > 3. Test that software > 4. Blow away VM > > So I have self signing turned on, so when the machine first installs and runs > puppet for the first time, it applies everything we want. All these steps is > happening "automatically" Which is why I have self signing turned on in this > case. > > Now, the only hiccup, is that in this procedure, the ONE manual step I have, > is that I need to go onto the puppetCA server, and run a "puppet cert clean > hostname" > Shortly this is going to be a real pain, as there will be a bunch more manual > machines. Short of setting up a cron job, or using ssh'keys... > > Is there a built in way to tell the PuppetCA server to just accept newly > generate keys... and "clean" the old one.... I guess this is sorta bypassing > the whole idea of signed keys, but then I have self signing turn on anyways... > > If not, I'll probably just write a simple RESTful app that sits on teh > PuppetCA server, that I can "curl" to to tell it to remove the old host key. > I need to do things like that anyways in the building of of the VMs. No need to do this. Puppet has a REST API built in. You need to allow a remote system access to certificates via auth.conf http://projects.puppetlabs.com/projects/1/wiki/Certificate_Authority_Rest_API https://docs.puppetlabs.com/puppet/latest/reference/http_api/http_certificate.html Best, Martin > > > > > > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/3dda1ebb-e4c8-4fe7-b997-585475cf48f3%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5CE8ADA2-E1DB-40BA-973B-1B8817DE099B%40gmail.com. For more options, visit https://groups.google.com/d/optout.
