Martin Thanks for the quick reply
On Fri, Jun 17, 2011 at 8:47 AM, Martin Alfke <tux...@gmail.com> wrote: > Hi, > On Jun 17, 2011, at 2:49 PM, TJ Yang wrote: > >> How do I initiate a certificate request without going into non-daemon mode ? >> >> According to "Pro Puppet" book, so far the only way I know that can >> trigger a certficate request with puppet master is like this >> >> puppet agent --server=puppetmaster.test.com --no-daemonize --verbose > > we do that by using a tag which does not exist: > > puppet agent --test --tags=foo > > This creates the client certificate and sends it to the master. > The master autosigns the certificate request and compiles the catalog. > The client will parse for a tag with the name "foo" and will not do anything. > Thanks for the great tip, I will use this in my postinstall script. I hope tip/hack can be turned into "puppet agent --cert_request" for future version of puppt. >> >> but doing so will break my intention of automation I need to create a >> puppet client package. A control-C is needed to terminate the process. >> I have puppetmaster configured to be auto grant and sign certificate >> requests. and I like puppet client can auto issue a request which will >> be granted and start itself up when running >> "/etc/init.d/puppetagent268 start" > > We have created our own puppet rpm package with an individual puppet.conf. > Upon post installation we run the command give above. > >> >> >> Is there a command "puppet cert --clean puppetagent1.test.com" for >> puppet agent ? >> For now I have to go into $ssldir subdirectory to manually cleanup >> existing certificate. > > Do you refer to the master or the client? > The puppet cert command is used for the master only. > On the client we also recursivley delete the puppet ssl dir. I am referring to puppet agent/client. I hope future version can support this certificate reset/cleanup on puppet agent. for now, I will just do "rm -rf $ssldir " in "/etc/init.d/puppetclient268 certclean" tj > Kind regards, > > Martin > >> >> -- >> T.J. Yang >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- T.J. Yang -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
