Renew puppet agent certificate

[prun...@gmail.com]

Hello,

I'am search for the best way to reconnect a puppet client when I reinstall the entire operating system of the host.

Actually I follow this complex procedure where all the steps are mandatory :

On the agent  :
----------------------
1) I remove entirely the content of the /var/lib/puppet/ssl directory

On the server :
----------------------
2) I clean the agent cert (#puppet agent clean myhost.mydomain.com)
3) I restart the puppermaster deamon

On the client :
---------------------
4) I query a new certificate (#puppet agent -t )

On the server :
---------------------
5) I sign the new certificate (#puppet cert sign myhost.mydomain.com)

I use FAI ( http://fai-project.org ) to install my clients so it can be very annoying repeating this procedure.

Can someone help me ?

Baptiste.

[Ian Mortimer]

On 05/19/14 22:30, prun...@gmail.com wrote:

> I'am search for the best way to reconnect a puppet client when I
> reinstall the entire operating system of the host.

In a lab where rebuilds are frequent, I keep a copy of each hosts
certificates and keys on the file server and copy them from an NFS
mount in kickstart's %post.


--
Ian

[prun...@gmail.com]

Thank you very much for the help !

I finally use the same idea but with "puppet cert generate"

1) I clean the host key if it already exist "puppet cert clean"
2) I generate a new key with "puppet cert generate"
3) I copy with ssh the generated certificates

It works perfectly !

Thanks.

Baptiste.