how to remove certificate when ec2 instance spins down

asked 2015-04-27 03:23:56 -0500

Kevinr.DigitalJunkies gravatar image

Hi guys,

New to Puppet, the system is working great until. Amazon AWS EC2's start reusing hostnames in our Auto Scaling group.

we are then left with old Certificates / nodes no longer comunicating with the master s show up in foreman as out of sync and the new instances cant auto sign as their certs do not match the old ones on the puppet master.

is there a way to get the Ec2 instance to deregister its certificate when its issued the spin down command?

any tips with how to do this would be great?

edit retag flag offensive close merge delete

Comments

ramindk gravatar imageramindk ( 2015-04-28 11:54:10 -0500 )edit

We've had a similar issue, and in addition to the above suggestion... If you have some 'stale' certs that hang around, you can run a cron that lists the EC2s, runs puppet cert list, and runs puppet cert delete on any that aren't in the list of active EC2s.

DarylW gravatar imageDarylW ( 2015-07-20 21:09:41 -0500 )edit