Good morning,
We installed a puppet agent on our citrix mgmt servers.
The problem became that the way it is done a golden image is used,
server_dev. Once sealed that spins off multiple other servers for stage and
prod environments.
We want to know about the servers, ensure they are in configuration and not
drifting between rebuilds and keep reports for a history on them.
The idea was to once they are done stop the service (not disable), delete
the ssl directory, then revoke and delete the cert on the puppetca.
Has anyone else attempt to revoke and delete cert remotely from the
puppetca?
We are attempting a curl command like
curl -X DELETE --tlsv1 --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem
--cert /etc/puppetlabs/puppet/ssl/certs/server.pem --key
/etc/puppetlabs/puppet/ssl/private_keys/server.pem -H "Accept:
application/json" -H "Content-Type: application/json" -d
'{"desired_state":"revoked"}'
https://puppetcat:8140/puppet-ca/v1/certificate_status/server?environment=production
But everytime we get forbidden 403 whether running curl command from remote
server or even the puppetca itself.
Attemped to add ip to
/etc/puppetlabs/puppetserver/conf.d/puppetserver.conf as well as
/etc/puppetlabs/puppetserver/conf.d/ca.conf but still same error.
Any help or suggestions would be greatly appreciated.
Thank you
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/1271e65b-f4bd-4e8d-83ce-c32af069618f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
