FAQ

On Wed, Aug 15, 2012 at 8:53 AM, jerome wrote:
Can the agent tell the master to clean the key for its hostname ?
This is possible, if you are comfortable with opening up access to the
puppet REST API on the master. In auth.conf, you can change the
options for the /certificiate_request path, to allow 'destroy'
operations to be initiated:

<snip>
path /certificate_status/
auth yes
method find, save, destroy
allow *.domain
<snip>

From the client, you can run a curl which cleans the certificates,
provided you've got the puppet CA cert and client key, which could
easily be thrown into a script that's run before reinstallation.

curl --cert /var/lib/puppet/ssl/certs/client.fqdn.pem --key
/var/lib/puppet/ssl/private_keys/client.fqdn.pem --cacert
/var/lib/puppet/ssl/certs/ca.pem -k -X DELETE -H "Accept: pson"
https://puppetmaster:8140/production/certificate_status/fqdn.client

More info is here:
http://docs.puppetlabs.com/guides/rest_api.html#certificate-status

Again, there are some security implications of opening this up, so
think about it a bit before you do it. Just figured I'd post a proof
of concept :)

-Steve

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

Discussion Posts

Previous

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 4 of 6 | next ›
Discussion Overview
grouppuppet-users @
categoriespuppet
postedAug 15, '12 at 3:08p
activeAug 16, '12 at 8:03a
posts6
users5
websitepuppetlabs.com

People

Translate

site design / logo © 2022 Grokbase