On 02/27/2015 07:51 AM, Erling Ringen Elvsrud wrote:
>
> Do you think it is possible to handle this with Puppet?
Yes, but not relying on exec as heavily as you imply.
Your first step should be a custom fact that reports the state of the
certificate.
The manifest for the node examines the fact value and can decide to
*export* an exec resource to whomever is expected to take action.
Just so we're clear, if this is meant to refresh *puppet* certificates,
then you are likely running in futile circles, or opening yourself up to
grave security implications.
HTH,
Felix