reversion.org

Some day I will need this. Hat tip to Nan Liu.

From the puppet-users mailing list

Backup your puppet master ssl directory, so you can just retry if something didn’t go as planned.

# note all certificate alt names of the existing puppet master cert:
puppet cert -la | grep oldmaster
(alt names "DNS:puppet", "DNS:puppet-master", "DNS:puppet.mgmt", )
...
 
# remove your old puppet master cert.
puppet cert -c oldmaster
 
# search the ssl dir and it should not have any files with the oldmaster certname
 
# generate new master cert (same name as old one, but accept new_hostname in dns_alt_names):
puppet cert -g oldmaster --dns_alt_names=new_hostname,puppet,puppet-master,puppet.mgmt
 
# you may need to copy the files to some locations if you found files not removed after the cert clean step

At this point you can add a host entry on one of your agents and test via:
puppet agent -t –server new_hostname –noop

You should not have to touch any client cert, that’s only necessary if you need to change your CA cert which is a pain when it expires.

HTH,

Nan

I was reading through the Foreman upgrade notes today and came across this gem:


rpmconf -a --frontend=vimdiff


Gives a great side-by-side view of all those .rpmnew files that get created as part of an install so you can reject, accept, or merge the differences. I like it.