Have your monitoring system pop up a critical alert for any certs which will
expire in the next week. Have a patch ready to go for your pp/eyaml files.
On Fri, Oct 16, 2015 at 11:11:31AM +0100, Jonathan Gazeley wrote:
> Here's a problem that might have an interesting solution.
>
> I use Puppet to deploy (amongst other things) SSL certs for web servers. One
> of my certs is expiring in January 2016 and I have already been sent the
> replacement. They overlap by 7 days. I might forget to make the change in
> January so I was wondering if there is a way of configuring Puppet today to
> magically switch over the certs in January. (i.e. continue deploy the
> current cert until a specific date and then deploy the new one instead)
>
> I see the generate function can be used to execute system calls to fetch the
> date but I'm not sure about date comparisons in Puppet. I guess I would need
> to use epoch time to compare as integers.
>
> $date = generate("/bin/date +%s")
>
> if $date > 1451606400 {
> $cert = "newcert.crt"
> } else {
> $cert = "oldcert.crt"
> }
>
> file { 'cert.crt'
> source => $cert
> }
>
> I also saw that Felix commented on a similar question on ServerFault: "As an
> aside, I would personally refrain from implementing this kind of thing. It
> comes with a high risk of falling onto your foot pretty heavily. Don't build
> your friendly surprises into Puppet."
>
> Cheers,
> Jonathan
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/5620CD53.9000808%40bristol.ac.uk.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/20151016110629.GA23746%40iniquitous.heresiarch.ca.
For more options, visit https://groups.google.com/d/optout.
