From 26bca9756744798496788b7adce229a7b21b9d4e Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Fri, 20 Mar 2015 11:14:02 -0300
Subject: Puppet certs / Cryptocalypse

---
 certs/puppet.mdwn | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 certs/puppet.mdwn

(limited to 'certs/puppet.mdwn')

diff --git a/certs/puppet.mdwn b/certs/puppet.mdwn
new file mode 100644
index 0000000..490341f
--- /dev/null
+++ b/certs/puppet.mdwn
@@ -0,0 +1,30 @@
+Puppet: trocando certificados
+=============================
+
+Resetando o master
+------------------
+
+Conforme [referência](http://blkperl.github.io/replace-puppet-ca.html):
+
+    hydractl puppet-reset-master
+
+Caso seja necessário limpar todos os requests durante testes:
+
+    rm /var/lib/puppetmaster/ssl/ca/requests/*
+
+Reiniciando os agentes
+----------------------
+
+Cada agente precisa ter seus certificados criados:
+
+    admin@box$ hydra $HYDRA mass hydractl puppet-reset-agent
+    admin@box$ hydra $HYDRA mass hydractl puppet-finger
+
+Colete os fingerprints gerados e confirme com o master:
+
+    root@master$ puppet cert list
+    root@master$ puppet cert sign --all
+
+Finalmente,
+
+    admin@box$ hydra $HYDRA mass /etc/init.d/puppet restart
-- 
cgit v1.2.3