Re: [Puppet Users] Corrupted inventory.txt - how to rebuild?
0x is typically the CA cert, was the inventory.txt file blank when this occurred? If you have all the certificates, you can use puppet cert -pa and extract the serial number, date, and CN info. I'm not sure if there's an automated way using openssl commands. This might be reasonably close (output should be sorted by serial number): Here's the problem as I understand it. We have several puppetmaster servers, due to the large number of clients and networks that need to be supported. We synchronize SSL certs between load balanced hosts using rsync. Somehow or other we occasionally end up getting a host in the inventory.txt file with 0x serial number. Unfortunately this seems to reset the counter and new hosts will end up with duplicate serials to other hosts previously listed in the file. How do you all handle load balancing and certificate management? Is there a way to have a master authority cert server, that all the other nodes turn to for all things SSL? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Corrupted inventory.txt - how to rebuild?
We have an issue where sometimes servers get assigned serial number 0x in the inventory.txt file. This causes major problems including SSL cert errors in the log file. Anyone know how to properly rebuild inventory.txt without tearing everything out and starting from scratch? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Corrupted inventory.txt - how to rebuild?
On Mon, Aug 15, 2011 at 2:10 PM, Sean Carolan scaro...@gmail.com wrote: We have an issue where sometimes servers get assigned serial number 0x in the inventory.txt file. This causes major problems including SSL cert errors in the log file. Anyone know how to properly rebuild inventory.txt without tearing everything out and starting from scratch? 0x is typically the CA cert, was the inventory.txt file blank when this occurred? If you have all the certificates, you can use puppet cert -pa and extract the serial number, date, and CN info. I'm not sure if there's an automated way using openssl commands. This might be reasonably close (output should be sorted by serial number): require 'puppet' require 'openssl' Dir.glob(#{Puppet[:ssldir]}/ca/signed/*.pem) do |certfile| cert = OpenSSL::X509::Certificate.new(File.read(certfile)) puts (0x%04x % cert.serial + #{cert.not_before.strftime('%Y-%m-%dT%H:%M:%SUTC')} #{cert.not_after.strftime('%Y-%m-%dT%H:%M:%SUTC')} #{cert.subject}) end Thanks, Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.