On Wed, Aug 15, 2012 at 8:53 AM, jerome wrote:
Can the agent tell the master to clean the key for its hostname ?
This is possible, if you are comfortable with opening up access to the
puppet REST API on the master. In auth.conf, you can change the
options for the /certificiate_request path, to allow 'destroy'
operations to be initiated:

path /certificate_status/
auth yes
method find, save, destroy
allow *.domain

From the client, you can run a curl which cleans the certificates,
provided you've got the puppet CA cert and client key, which could
easily be thrown into a script that's run before reinstallation.

curl --cert /var/lib/puppet/ssl/certs/client.fqdn.pem --key
/var/lib/puppet/ssl/private_keys/client.fqdn.pem --cacert
/var/lib/puppet/ssl/certs/ca.pem -k -X DELETE -H "Accept: pson"

More info is here:

Again, there are some security implications of opening this up, so
think about it a bit before you do it. Just figured I'd post a proof
of concept :)


You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

Discussion Posts


Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 4 of 6 | next ›
Discussion Overview
grouppuppet-users @
postedAug 15, '12 at 3:08p
activeAug 16, '12 at 8:03a



site design / logo © 2022 Grokbase