2009/7/28 Len Rugen <lenrugen@gmail.com>:> What is involved in switching to a new puppetmaster? I''m guessing
the
> client will need a new cert, but it looks like I have to rm the old one in
> /var/lib/puppet/... on the client. Our "puppet" FQDN is an
alias pointing
> to the current server, as it probably will be on the future server.
If you''re just going to flip the CNAME to the new server, you can
''cheat'' and just move the puppetmaster SSL certs on over to
the new
system.
A more ?correct? way is to manage the $SSLDIR/certs/ca.pem on all
hosts. Just combine the two puppetmaster''s ca.pem, push them out to
the clients and masters, and you''ll be golden. Once you move over to
the new server you can remove the old puppetmaster''s ca.pem from the
clients, but you''ll still need it on the new master as long as there
are any of the old client certs out there.
.r''
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---