I have been tasked to upgrade a Puppet 3.x to Puppet 6.x, this will no no mean feat as the current environment covers over 600 nodes.
One of the items that will cause problems is that the old system heavily uses the old module Aethylred/keymaster, to manage x509 keypairs from the local Puppet CA. This module is know no longer supported and will not work without an extensive rewrite with the new Puppet CA architecture. That is a path I didn't want to go down. What I was wondering, and I haven't been able to find a replacement are there similar options open to me in using certificates issued from the local Puppet CA? I have written a module for another puppet environment that manages certificates from the corporate CA, once they are issued, are then stored in hiera. It is looking like, I may have to use that module and manually request Puppet CA keypairs, and place them into the appropriate hiera file, and allow Puppet and Java_ks manage them from there and apply monitoring on the certs to warn of expiry. Are there any options for using the Puppet CA to issue/manage keypairs programmatically? Barry -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f8621b46-b441-420d-af39-fbd5d222074cn%40googlegroups.com.
