1. Vamos los nodos
[root@master]# puppet cert --list --all
+ "mailcleaner.example.com" (SHA256) CA:68:2C:FA:98:86:E7:95:83:D2:23:CA:FA:5B:FD:CB:F4:A1:66:8B:08:AF:1F:6B:81:64:EB:DA:C5:BF:98:47
+ "master.example.com" (SHA256) 6A:3C:AD:07:82:77:16:63:4C:81:F1:E8:E9:9A:28:F8:22:F1:DB:AB:3E:E0:A8:85:57:A9:F7:F5:9E:3B:05:B2
+ "nodo1.example.com" (SHA256) D6:16:41:EA:49:87:0E:E9:8F:0C:D7:41:98:F4:ED:56:7F:F9:47:D5:07:53:EB:C4:33:D6:93:B3:E2:ED:48:DE
+ "puppet.example.com" (SHA256) 7B:08:BD:49:FD:09:54:E5:F7:50:79:C9:05:C2:4F:94:EA:D3:B1:7F:A5:9F:9E:A7:F0:E7:CA:28:54:F9:0E:2A
2. Revocamos el certificado
[root@master]# puppet cert --revoke nodo1.example.com puppet.example.com Revoked certificate with serial 3 Revoked certificate with serial 2 [root@master]# puppet cert --clean nodo1.example.com puppet.example.com Revoked certificate with serial 3 Revoked certificate with serial 2
3. Reiniciamos el servicio puppet
[root@master]# /etc/init.d/puppetmaster restart
Stopping puppetmaster: [ OK ]
Starting puppetmaster: [ OK ]
4. Listamos los certificados validos y aceptados
[root@master]# puppet cert --list --all
+ "mailcleaner.example.com" (SHA256) CA:68:2C:FA:98:86:E7:95:83:D2:23:CA:FA:5B:FD:CB:F4:A1:66:8B:08:AF:1F:6B:81:64:EB:DA:C5:BF:98:47
+ "master.example.com" (SHA256) 6A:3C:AD:07:82:77:16:63:4C:81:F1:E8:E9:9A:28:F8:22:F1:DB:AB:3E:E0:A8:85:57:A9:F7:F5:9E:3B:05:B2
0 Comentarios