Hi I try to solve the following case:
I have a bash script, cert_check.sh which is used to check Jboss certificates. The script returns 0 if certs are still valid, 1 if they are about to expire and 2 if they are already expired. The script should be executed on all jboss nodes which is possible with a simple exec. If the script returns 1 or 2 I would like another exec to be executed on a different node, possibly the puppetmaster. That exec will perform a REST API call to a server with curl (probably another exec in Puppet). That call will generate a new certificate and copy it back to the node with an expired/about to expire certificate. Initially I was considering to just perform the call directly from each node (exec with an unless attribute), but that is not ideal with respect to security as the username/password for the REST API should not be visible on all nodes, and firewall openings to the host handling the certificate generating / copying must be added for all networks with jboss-servers. Do you think it is possible to handle this with Puppet? Thanks, Erling -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/542ed92e-d85b-4f87-a01e-0fd6a111b0a1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
