On 06/01/2016 09:39 AM, warron.french wrote: > Hello again, > I have a a few Puppet Agents on to which I installed the > puppet-agent software from my first Puppetmaster1, however, something > happened and I had to rebuild that server - for labelling purposes I am > (in this email) calling it Puppetmaster2. > > The puppet agents all have their certs signed by Puppetmaster1, but that > server no longer exist and now I have Puppetmaster2 (still the same > hostname actually). > > > How do I associate the puppet-agent nodes with the newer Puppetmaster2 > server properly? > > Do I execute an: *rpm -e puppet-agent* on all of the nodes, and then > re-run the *curl *command to properly re-install and generate a new > certificate from the newer Puppetmaster2 (puppetmaster)? > > Do I just go onto each of the nodes and simply remove the ssl > subdirectory and then re-run the: *puppet agent -t* command (which > didn't seem fail, or show its certificate up on the Puppet Admin Console)?
Assuming that re-running 'puppet agent -t' would cause the systems to look at your new puppet master then the following should be all you need to do: On the nodes, assuming an EL7 system and the latest puppet since you said puppet-agent for your package: --[cut]-- systemctl stop puppet rm -rf /etc/puppetlabs/puppet/ssl/* puppet agent -t --waitforcert 60 # assuming your current manifests don't force the agent to restart systemctl start puppet --[/cut]-- On the puppet master, accept the new node -Andy- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/574F116A.20504%40bardicgrove.org. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
