2009/7/28 Len Rugen <lenru...@gmail.com>: > What is involved in switching to a new puppetmaster? I'm guessing the > client will need a new cert, but it looks like I have to rm the old one in > /var/lib/puppet/... on the client. Our "puppet" FQDN is an alias pointing > to the current server, as it probably will be on the future server.
If you're just going to flip the CNAME to the new server, you can 'cheat' and just move the puppetmaster SSL certs on over to the new system. A more ?correct? way is to manage the $SSLDIR/certs/ca.pem on all hosts. Just combine the two puppetmaster's ca.pem, push them out to the clients and masters, and you'll be golden. Once you move over to the new server you can remove the old puppetmaster's ca.pem from the clients, but you'll still need it on the new master as long as there are any of the old client certs out there. .r' --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---