Created
November 26, 2014 19:07
-
-
Save mootpt/2ea32b4eb2837f3a45dc to your computer and use it in GitHub Desktop.
Regenerate all the certs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
backupdate=$(date +%Y%m%d%H%M) | |
certname=`puppet config print certname` | |
echo "Backing up old certificates:\n" | |
sleep 2 | |
tar -zcvf backup-puppet-enterprise-ssl.${backupdate}.tar.gz /etc/puppetlabs/puppet/ssl/ /etc/puppetlabs/puppetdb/ssl/ /opt/puppet/share/puppet-dashboard/certs | |
echo "Regenerating Master and CA certificates:\n" | |
sleep 2 | |
puppet resource service pe-puppet ensure=stopped | |
puppet resource service pe-mcollective ensure=stopped | |
puppet resource service pe-httpd ensure=stopped | |
puppet resource service pe-puppetserver ensure=stopped | |
rm -rf /etc/puppetlabs/puppet/ssl/* | |
puppet cert list -a | |
echo ${certname} | |
#puppet master --no-daemonize --verbose & | |
#sleep 4 | |
#PID=$! | |
#kill -INT $PID | |
#echo "next line" | |
puppet resource service pe-httpd ensure=running | |
puppet resource service pe-puppet ensure=running | |
puppet resource service pe-puppetserver ensure=running | |
echo "Regenerating PuppetDB certificates:\n" | |
sleep 2 | |
puppet resource service pe-puppetdb ensure=stopped | |
rm -rf /etc/puppetlabs/puppetdb/ssl/* | |
cp /etc/puppetlabs/puppet/ssl/certs/${certname}.pem /etc/puppetlabs/puppetdb/ssl/${certname}.cert.pem | |
cp /etc/puppetlabs/puppet/ssl/public_keys/${certname}.pem /etc/puppetlabs/puppetdb/ssl/${certname}.public_key.pem | |
cp /etc/puppetlabs/puppet/ssl/private_keys/${certname}.pem /etc/puppetlabs/puppetdb/ssl/${certname}.private_key.pem | |
chown -R pe-puppetdb:pe-puppetdb /etc/puppetlabs/puppetdb/ssl | |
puppet resource service pe-puppetdb ensure=running | |
echo "Regenerating PE Console certificates:\n" | |
sleep 2 | |
rm -rf /opt/puppet/share/console-services/certs/pe-internal-classifier.cert.pem | |
rm -rf /opt/puppet/share/console-services/certs/pe-internal-classifier.public_key.pem | |
rm -rf /opt/puppet/share/console-services/certs/pe-internal-classifier.private_key.pem | |
rm -rf /opt/puppet/share/console-services/certs/pe-internal-dashboard.public_key.pem | |
rm -rf /opt/puppet/share/console-services/certs/pe-internal-dashboard.public_key.pem | |
rm -rf /opt/puppet/share/console-services/certs/pe-internal-dashboard.private_key.pem | |
rm -rf /opt/puppet/share/puppet-dashboard/certs/* | |
puppet cert generate pe-internal-classifier | |
puppet cert generate pe-internal-dashboard | |
cp /etc/puppetlabs/puppet/ssl/certs/pe-internal-classifier.pem /opt/puppet/share/console-services/certs/pe-internal-classifier.cert.pem | |
cp /etc/puppetlabs/puppet/ssl/public_keys/pe-internal-classifier.pem /opt/puppet/share/console-services/certs/pe-internal-classifier.public_key.pem | |
cp /etc/puppetlabs/puppet/ssl/private_keys/pe-internal-classifier.pem /opt/puppet/share/console-services/certs/pe-internal-classifier.private_key.pem | |
chown -R pe-console-services:pe-console-services /opt/puppet/share/console-services/certs | |
cp /etc/puppetlabs/puppet/ssl/certs/${certname}.pem /opt/puppet/share/puppet-dashboard/certs/${certname}.cert.pem | |
cp /etc/puppetlabs/puppet/ssl/public_keys/${certname}.pem /opt/puppet/share/puppet-dashboard/certs/${certname}.public_key.pem | |
cp /etc/puppetlabs/puppet/ssl/private_keys/${certname}.pem /opt/puppet/share/puppet-dashboard/certs/${certname}.private_key.pem | |
cp /etc/puppetlabs/puppet/ssl/certs/pe-internal-dashboard.pem /opt/puppet/share/console-services/certs/pe-internal-dashboard.cert.pem | |
cp /etc/puppetlabs/puppet/ssl/public_keys/pe-internal-dashboard.pem /opt/puppet/share/console-services/certs/pe-internal-dashboard.public_key.pem | |
cp /etc/puppetlabs/puppet/ssl/private_keys/pe-internal-dashboard.pem /opt/puppet/share/console-services/certs/pe-internal-dashboard.private_key.pem | |
chown -R puppet-dashboard:puppet-dashboard /opt/puppet/share/puppet-dashboard/certs | |
puppet resource service pe-console-services ensure=running | |
puppet resource service pe-httpd ensure=running | |
echo "Certificate regeneration process complete." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment