Replacing hosts in puppet

puppet

I've just had 5 new servers provisioned to replace existing servers. The current servers are all setup web1.domain.com etc and use puppet to manage configuration. I want to setup the new servers to replace the old with the same hostnames, but it seems puppet has a problem with this as the private ssl keys differ between the 2 "web1" servers.

What is the easiest way to upgrade these hosts? The only way I can see at the moment is to remove /var/lib/puppet/ssl/ca/.pem on the server and add a new signing request from the new host. The old host will then not be able to connect to my puppetmaster.


Solution 1:

You can use puppet cert clean to remove the old host's certificate from the master, allowing the new host to get a signed cert.. but this will break the old host's subsequent puppet runs.

Another option is the allow_duplicate_certs option in puppet.conf, but instead of allowing the two nodes to coexist, it allows an automatic overwrite of the old host's cert when the new one is signed.

The only way to allow them to both continue doing puppet runs successfully would be to have them use the same certificate - you'd need to manually copy the certificate and private key from one to the other.

Related

Determine filterable attributes of returned Powershell object
Accessing the Computer Configuration node in Group Policy settings
installing non-hp RAM in hp proliant ml310e G8
Fedora19: YUM glibc is a duplicate of glibc
How to monitor per-port bandwidth using SNMP
ZFS online disk migration
Slurm: How to find out how much memory is not allocated at a given Node
Web app running as NETWORK SERVICE can connect to SQL Server but windows service running as LOCAL SYSTEM cannot
Is OpenStack live migration possible without shared storage?
Persistent reverse SSH tunnels
OpenVPN: TLS error
nginx - which way is better to redirect and why