Last active
August 29, 2015 14:11
-
-
Save mootpt/f9dac32b0aa4f85798f4 to your computer and use it in GitHub Desktop.
Regenerate all of your PE 3.7.X certificates
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| backupdate=$(date +%Y%m%d%H%M) | |
| certname=`puppet config print certname` | |
| echo -e "\e[1;32mBacking up old certificates:\e[0m" | |
| sleep 2 | |
| tar -zcvf backup-puppet-enterprise-ssl.${backupdate}.tar.gz /etc/puppetlabs/puppet/ssl/ /etc/puppetlabs/puppetdb/ssl/ /opt/puppet/share/puppet-dashboard/certs | |
| echo -e "\e[1;32mRegenerating Master and CA certificates:\e[0m" | |
| sleep 2 | |
| puppet resource service pe-puppet ensure=stopped | |
| puppet resource service pe-mcollective ensure=stopped | |
| puppet resource service pe-httpd ensure=stopped | |
| puppet resource service pe-puppetserver ensure=stopped | |
| rm -rf /etc/puppetlabs/puppet/ssl/* | |
| rm -f /var/opt/lib/pe-puppet/client_data/catalog/${certname}.json | |
| puppet cert list -a | |
| echo -e "\e[1;34mPlease press Ctrl+C to continue.\e[0m" | |
| puppet master --no-daemonize --verbose | |
| cp /etc/puppetlabs/puppet/ssl/ca/ca_crl.pem /etc/puppetlabs/puppet/ssl/crl.pem | |
| chown -R pe-puppet:pe-puppet /etc/puppetlabs/puppet/ssl | |
| echo -e "\e[1;32mRegenerating PuppetDB certificates:\e[0m" | |
| sleep 2 | |
| puppet resource service pe-puppetdb ensure=stopped | |
| rm -rf /etc/puppetlabs/puppetdb/ssl/* | |
| cp /etc/puppetlabs/puppet/ssl/certs/${certname}.pem /etc/puppetlabs/puppetdb/ssl/${certname}.cert.pem | |
| cp /etc/puppetlabs/puppet/ssl/public_keys/${certname}.pem /etc/puppetlabs/puppetdb/ssl/${certname}.public_key.pem | |
| cp /etc/puppetlabs/puppet/ssl/private_keys/${certname}.pem /etc/puppetlabs/puppetdb/ssl/${certname}.private_key.pem | |
| chown -R pe-puppetdb:pe-puppetdb /etc/puppetlabs/puppetdb/ssl | |
| puppet resource service pe-postgresql ensure=stopped | |
| rm -rf /opt/puppet/var/lib/pgsql/9.2/data/certs/* | |
| cp /etc/puppetlabs/puppet/ssl/certs/${certname}.pem /opt/puppet/var/lib/pgsql/9.2/data/certs/${certname}.cert.pem | |
| cp /etc/puppetlabs/puppet/ssl/public_keys/${certname}.pem /opt/puppet/var/lib/pgsql/9.2/data/certs/${certname}.public_key.pem | |
| cp /etc/puppetlabs/puppet/ssl/private_keys/${certname}.pem /opt/puppet/var/lib/pgsql/9.2/data/certs/${certname}.private_key.pem | |
| chmod 400 /opt/puppet/var/lib/pgsql/9.2/data/certs/* | |
| chown pe-postgres:pe-postgres /opt/puppet/var/lib/pgsql/9.2/data/certs/* | |
| echo -e "\e[1;32mRegenerating PE Console certificates:\e[0m" | |
| sleep 2 | |
| rm -rf /opt/puppet/share/puppet-dashboard/certs/* | |
| /opt/puppet/bin/puppet cert generate pe-internal-classifier | |
| /opt/puppet/bin/puppet cert generate pe-internal-dashboard | |
| rm -rf /opt/puppet/share/console-services/certs/* | |
| cp /etc/puppetlabs/puppet/ssl/certs/pe-internal-classifier.pem /opt/puppet/share/console-services/certs/pe-internal-classifier.cert.pem | |
| cp /etc/puppetlabs/puppet/ssl/public_keys/pe-internal-classifier.pem /opt/puppet/share/console-services/certs/pe-internal-classifier.public_key.pem | |
| cp /etc/puppetlabs/puppet/ssl/private_keys/pe-internal-classifier.pem /opt/puppet/share/console-services/certs/pe-internal-classifier.private_key.pem | |
| cp /etc/puppetlabs/puppet/ssl/certs/pe-internal-dashboard.pem /opt/puppet/share/console-services/certs/pe-internal-dashboard.cert.pem | |
| cp /etc/puppetlabs/puppet/ssl/public_keys/pe-internal-dashboard.pem /opt/puppet/share/console-services/certs/pe-internal-dashboard.public_key.pem | |
| cp /etc/puppetlabs/puppet/ssl/private_keys/pe-internal-dashboard.pem /opt/puppet/share/console-services/certs/pe-internal-dashboard.private_key.pem | |
| cp /etc/puppetlabs/puppet/ssl/certs/${certname}.pem /opt/puppet/share/console-services/certs/${certname}.cert.pem | |
| cp /etc/puppetlabs/puppet/ssl/public_keys/${certname}.pem /opt/puppet/share/console-services/certs/${certname}.public_key.pem | |
| cp /etc/puppetlabs/puppet/ssl/private_keys/${certname}.pem /opt/puppet/share/console-services/certs/${certname}.private_key.pem | |
| chown -R pe-console-services:pe-console-services /opt/puppet/share/console-services/certs | |
| cp /etc/puppetlabs/puppet/ssl/certs/${certname}.pem /opt/puppet/share/puppet-dashboard/certs/${certname}.cert.pem | |
| cp /etc/puppetlabs/puppet/ssl/public_keys/${certname}.pem /opt/puppet/share/puppet-dashboard/certs/${certname}.public_key.pem | |
| cp /etc/puppetlabs/puppet/ssl/private_keys/${certname}.pem /opt/puppet/share/puppet-dashboard/certs/${certname}.private_key.pem | |
| cp /etc/puppetlabs/puppet/ssl/certs/pe-internal-dashboard.pem /opt/puppet/share/puppet-dashboard/certs/pe-internal-dashboard.cert.pem | |
| cp /etc/puppetlabs/puppet/ssl/public_keys/pe-internal-dashboard.pem /opt/puppet/share/puppet-dashboard/certs/pe-internal-dashboard.public_key.pem | |
| cp /etc/puppetlabs/puppet/ssl/private_keys/pe-internal-dashboard.pem /opt/puppet/share/puppet-dashboard/certs/pe-internal-dashboard.private_key.pem | |
| chown -R puppet-dashboard:puppet-dashboard /opt/puppet/share/puppet-dashboard/certs | |
| echo -e "\e[1;32mRestarting Services:\e[0m" | |
| sleep 2 | |
| puppet resource service pe-puppetserver ensure=running | |
| puppet resource service pe-postgresql ensure=running | |
| puppet resource service pe-puppetdb ensure=running | |
| puppet resource service pe-console-services ensure=running | |
| puppet resource service pe-httpd ensure=running | |
| puppet resource service pe-puppet ensure=running | |
| echo -e "\e[1;32mCertificate regeneration process complete.\e[0m" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment