summaryrefslogtreecommitdiff
path: root/certs
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2015-03-20 11:14:02 -0300
committerSilvio Rhatto <rhatto@riseup.net>2015-03-20 11:14:02 -0300
commit26bca9756744798496788b7adce229a7b21b9d4e (patch)
tree42725dfd5bf5522cf1e99303a0a2fae834116b5d /certs
parentfa01b25cac0cbd86375c2204707d5c46b023de4d (diff)
downloadpadrao-26bca9756744798496788b7adce229a7b21b9d4e.tar.gz
padrao-26bca9756744798496788b7adce229a7b21b9d4e.tar.bz2
Puppet certs / Cryptocalypse
Diffstat (limited to 'certs')
-rw-r--r--certs/puppet.mdwn30
1 files changed, 30 insertions, 0 deletions
diff --git a/certs/puppet.mdwn b/certs/puppet.mdwn
new file mode 100644
index 0000000..490341f
--- /dev/null
+++ b/certs/puppet.mdwn
@@ -0,0 +1,30 @@
+Puppet: trocando certificados
+=============================
+
+Resetando o master
+------------------
+
+Conforme [referência](http://blkperl.github.io/replace-puppet-ca.html):
+
+ hydractl puppet-reset-master
+
+Caso seja necessário limpar todos os requests durante testes:
+
+ rm /var/lib/puppetmaster/ssl/ca/requests/*
+
+Reiniciando os agentes
+----------------------
+
+Cada agente precisa ter seus certificados criados:
+
+ admin@box$ hydra $HYDRA mass hydractl puppet-reset-agent
+ admin@box$ hydra $HYDRA mass hydractl puppet-finger
+
+Colete os fingerprints gerados e confirme com o master:
+
+ root@master$ puppet cert list
+ root@master$ puppet cert sign --all
+
+Finalmente,
+
+ admin@box$ hydra $HYDRA mass /etc/init.d/puppet restart