标签归档:Renew/Extend Puppet CA/puppetmasterd certs

Renew/Extend Puppet CA/puppetmasterd certs

Puppet CA/puppetmasterd cert renewal

While we’re still converting our puppet controlled infra to Ansible, we still have some nodes “controlled” by puppet, as converting some roles isn’t something that can be done in just one or two days. Add to that other items in your backlog that all have priority set to #1 and then time is flying, until you realize this for your existing legacy puppet environment (assuming false FQDN here, but you’ll get the idea):

Warning: Certificate 'Puppet CA: puppetmasterd.domain.com' will expire on 2019-05-06T12:12:56UTC
Warning: Certificate 'puppetmasterd.domain.com' will expire on 2019-05-06T12:12:56UTC

So, as long as your PKI setup for puppet is still valid, you can act in advance, resign/extend CA and puppetmasterd and distribute newer CA certs to agents, and go forward with other items in your backlog, while still converting from puppet to Ansible (at least for us)

继续阅读