Puppet users - Oct 2012 - Puppet Autosign

Hi, 
I have upgraded my puppet master to 2.7 with autosign enabled, it works 
great, the only issue I have it that when I re-image any client machine 
(blow away /var/lib/puppet ) folder and try to run puppet again, it fails 
to authenticate. 
The solution will be to (revoke + clean) the certificate of the client from 
the puppetmaster then remove /var/lib/puppet from client and re-run puppetd 
on client. 

Is this a normal behaviour from puppet 2.7 ? or should the client look up 
if the master has an old certificate and just use it, rather than asking 
for new one.

an insight will be helpful.

/etc/puppet$ cat autosign.conf 
*.localdomain.local

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/81blhmqfeSsJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

This is normal.
New system will always generate a new cert.

You only need to delete /var/lib/puppet/ssl on the client and remove the cert on
the master "puppet cert clean <cert>"
There has been some discussions on ways to automate this. Should be able to find
them in the archives.

Steven

Date: Wed, 3 Oct 2012 09:18:49 -0700
From: redjinnee@gmail.com
To: puppet-users@googlegroups.com
Subject: [Puppet Users] Puppet Autosign

Hi, I have upgraded my puppet master to 2.7 with autosign enabled, it works
great, the only issue I have it that when I re-image any client machine (blow
away /var/lib/puppet ) folder and try to run puppet again, it fails to
authenticate. The solution will be to (revoke + clean) the certificate of the
client from the puppetmaster then remove /var/lib/puppet from client and re-run
puppetd on client.
Is this a normal behaviour from puppet 2.7 ? or should the client look up if the
master has an old certificate and just use it, rather than asking for new one.
an insight will be helpful.
/etc/puppet$ cat autosign.conf *.localdomain.local




-- 

You received this message because you are subscribed to the Google Groups
"Puppet Users" group.

To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/81blhmqfeSsJ.
 
To post to this group, send email to puppet-users@googlegroups.com.

To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.


For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
 		 	   		  

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.