Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Paste
P76199
(An Untitled Masterwork)
Active
Public
Actions
Authored by
taavi
on May 15 2025, 8:15 AM.
Edit Paste
Archive Paste
View Raw File
Subscribe
Mute Notifications
Tags
Cloud-VPS
Puppet
Referenced Files
F60005990: raw-paste-data.txt
May 15 2025, 8:15 AM
2025-05-15 08:15:29 (UTC+0)
Subscribers
None
#!/bin/bash
set
-euxo pipefail
disable-puppet
"CA renewal"
systemctl stop puppetserver
FQDN
=
"
$(
hostname -f
)
"
SERIAL
=
"
$(
openssl x509 -in /srv/puppet/server/ssl/ca/ca_crt.pem -noout -serial
|
cut -f2 -d
'='
)
"
openssl x509 -x509toreq -in /srv/puppet/server/ssl/ca/ca_crt.pem -signkey /srv/puppet/server/ssl/ca/ca_key.pem -out /srv/puppet/server/ssl/ca/ca_csr.pem
cat > /tmp/puppet-ca-extension.cnf
<< EOF
[CA_extensions]
basicConstraints = critical,CA:TRUE
nsComment = "Puppet Ruby/OpenSSL Internal Certificate"
keyUsage = critical,keyCertSign,cRLSign
authorityKeyIdentifier=keyid,issuer
subjectKeyIdentifier = hash
EOF
openssl x509 -req -days
36525
-in /srv/puppet/server/ssl/ca/ca_csr.pem -signkey /srv/puppet/server/ssl/ca/ca_key.pem -out /srv/puppet/server/ssl/ca/ca_crt.pem -extfile /tmp/puppet-ca-extension.cnf -extensions CA_extensions -set_serial
"
$SERIAL
"
rm -v
"/srv/puppet/server/ssl/certs/
$FQDN
.pem"
"/srv/puppet/server/ssl/private_keys/
$FQDN
.pem"
"/srv/puppet/server/ssl/public_keys/
$FQDN
.pem"
"/srv/puppet/server/ssl/ca/signed/
$FQDN
.pem"
puppetserver ca generate --certname
"
$FQDN
"
--subject-alt-names
"
$FQDN
"
--ca-client
systemctl start puppetserver
run-puppet-agent --enable
"CA renewal"
Event Timeline
taavi
created this paste.
May 15 2025, 8:15 AM
2025-05-15 08:15:29 (UTC+0)
taavi
changed the edit policy from "All Users" to "
acl*wmcs-team
(Project)".
taavi
added a project:
Cloud-VPS
.
taavi
added a project:
Puppet
.
Log In to Comment