migrating puppet clients to a new puppet master (old puppet master server gone, only using backup)

puppet

My puppet master server had a hardware failure, and I have restored to another box. However this box has different hardware and hostname.

If I restore the existing /etc/puppet directory to the new server, the puppetmaster will not start with the following error;

# puppetmasterd --debug --verbose Could not prepare for execution: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key

So what steps do I need to take to allow the new puppetmaster to start, and to generate a new puppetmaster certificate using the old ca..

Also will the puppet clients actually report in to a different puppet server using a server certificate that has been generated with the old CA?


Solution 1:

The puppetmaster stores all of the certificates, keys, and ca information in the folder /var/lib/puppet/ssl. From my testing you should be able to:

  1. stop puppetmasterd
  2. delete the file /var/lib/puppet/ssl/certs/hostname.pem
  3. start puppetmasterd

This should generate a new server side ssl certificate using the old private key and CA, as well as preserve the existing client certificates that have already been signed.

Related

MySQL: how to enable Slow Query Log?
How do I remove an orphaned Exchange 2010 server from the organization?
Using rsync to rename files during copying with --files-from?
How to send an "Everything is OK" notification from Nagios?
Deleting a Key Pair for AWS EC2 Instance with EBS
Request multiple IP-addresses via DHCP on a single physical interface (OpenBSD)
Policy based routing
Workaround SpamAssassin Y2K10 Bug (Mac OS X Server)
Hybrid gmail MX + postfix for local accounts
How to allow 6to4 through iptables firewall?
How to configure nginx to redirect all request from domain aliases to main domain?
Is there a way to use length of a RabbitMQ queue used by Celery to start instance in an autoscale group?