From e31fc1a7b51501555867f5c175664710662ffc26 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 12 Nov 2016 11:57:16 -0200 Subject: Updates certs --- certs.mdwn | 19 +++++-------------- certs/puppet.mdwn | 30 ------------------------------ 2 files changed, 5 insertions(+), 44 deletions(-) delete mode 100644 certs/puppet.mdwn diff --git a/certs.mdwn b/certs.mdwn index 36df6a0..ee823f5 100644 --- a/certs.mdwn +++ b/certs.mdwn @@ -40,7 +40,7 @@ Após a renovação ---------------- cat /path/to/registrar.crt >> /path/to/$DOMAIN.crt - cat keys/ssl/$DOMAIN.crt | keyringer $HYDRA encrypt ssl/$DOMAIN.crt + cat /path/to/$DOMAIN.crt | keyringer $HYDRA encrypt ssl/$DOMAIN.crt # Registrando e enviando mudancas finais keyringer $HYDRA git commit @@ -76,18 +76,9 @@ Copie as notificações para ser incluída em `https://$DOMAIN/certs`: Por fim, atualize os `postfix::tlspolicy_snippet` do `$DOMAIN`, caso aplicável. -Checando expiração em massa ---------------------------- +Instalando +---------- -É necessário instalar o [ssl-cert-check](https://git.fluxo.info/ssl-wrapper): +Para instalar o certificado num nodo: - cd $FOLDER/puppet/keys/ssl - - for file in *.crt; do - ssl-cert-check -b -c $file - done - -Puppet ------- - -[Renovação de certificados do puppet](puppet). + hydra $HYDRA import-certs diff --git a/certs/puppet.mdwn b/certs/puppet.mdwn deleted file mode 100644 index 490341f..0000000 --- a/certs/puppet.mdwn +++ /dev/null @@ -1,30 +0,0 @@ -Puppet: trocando certificados -============================= - -Resetando o master ------------------- - -Conforme [referência](http://blkperl.github.io/replace-puppet-ca.html): - - hydractl puppet-reset-master - -Caso seja necessário limpar todos os requests durante testes: - - rm /var/lib/puppetmaster/ssl/ca/requests/* - -Reiniciando os agentes ----------------------- - -Cada agente precisa ter seus certificados criados: - - admin@box$ hydra $HYDRA mass hydractl puppet-reset-agent - admin@box$ hydra $HYDRA mass hydractl puppet-finger - -Colete os fingerprints gerados e confirme com o master: - - root@master$ puppet cert list - root@master$ puppet cert sign --all - -Finalmente, - - admin@box$ hydra $HYDRA mass /etc/init.d/puppet restart -- cgit v1.2.3