> On 17 Aug 2017, at 14:23, Jason McMahan <[email protected]> wrote: > > Good morning, > We installed a puppet agent on our citrix mgmt servers. > The problem became that the way it is done a golden image is used, > server_dev. Once sealed that spins off multiple other servers for stage and > prod environments. > > We want to know about the servers, ensure they are in configuration and not > drifting between rebuilds and keep reports for a history on them. > > The idea was to once they are done stop the service (not disable), delete the > ssl directory, then revoke and delete the cert on the puppetca. > > > Has anyone else attempt to revoke and delete cert remotely from the puppetca? > > We are attempting a curl command like > curl -X DELETE --tlsv1 --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem > --cert /etc/puppetlabs/puppet/ssl/certs/server.pem --key > /etc/puppetlabs/puppet/ssl/private_keys/server.pem -H "Accept: > application/json" -H "Content-Type: application/json" -d > '{"desired_state":"revoked"}' > https://puppetcat:8140/puppet-ca/v1/certificate_status/server?environment=production > > But everytime we get forbidden 403 whether running curl command from remote > server or even the puppetca itself. > Attemped to add ip to /etc/puppetlabs/puppetserver/conf.d/puppetserver.conf > as well as /etc/puppetlabs/puppetserver/conf.d/ca.conf but still same error.
You must allow access to puppet ca api via auth.conf Check the following links: https://docs.puppet.com/puppet/5.0/config_file_auth.html https://docs.puppet.com/puppetserver/latest/config_file_auth.html hth, Martin -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/BB560F6F-7931-4B6D-A417-6D0B499F9BAD%40gmail.com. For more options, visit https://groups.google.com/d/optout.
