I am not sure what the best steps are to replace an SSL ceritificate that
has expired on the load balancer that the puppet agents use.
setup: agent ---> loadbalancer w/ SSL Cert port 8140 ---> 2 master
systems with shared SSL directory on nfs.
Here is what the puppet.conf looks like:
[main]
vardir = /var/puppet
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = /etc/puppet/ssl
confdir = /etc/puppet
environment = production
pluginsync = true
factpath = $vardir/lib/facter
server = puppet.domain.net
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
ca_port = 8140
puppetport = 18139
authconfig = /etc/puppet/namespaceauth.conf
report = true
libdir = $vardir/agent_lib
[production]
modulepath = /etc/puppet/modules-prod
[staging]
modulepath = /etc/puppet/modules-stage
[integration]
modulepath = /etc/puppet/modules-int
trace = true
[master]
dbmigrate = true
masterport = 8140
storeconfigs = true
ssl_client_header = HTTP_X_SSL_SUBJECT
node_terminus = plain
environments = production,staging,integration
certname = puppet.domain.net
server = puppet.domain.net
confdir = /etc/puppet
ssldir = /nfs/puppet/ssl
config = /etc/puppet/puppet.conf
modulepath = /etc/puppet/modules-prod
storeconfigs_backend = puppetdb
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.