Version information
This version is compatible with:
- Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x
- Puppet >= 5.5.1 < 7.0.0
- CentOS,RedHat,Debian,Ubuntu,Fedora,SLES
Tasks:
- crl_truncate
Start using this module
Add this module to your Puppetfile:
mod 'm0dular-crl_truncate', '0.3.0'Learn more about managing modules with a PuppetfileDocumentation
crl_truncate
Table of Contents
Description
This module can be used to truncate the CRL issued by the Puppet CA. That is, create a new CRL issued by the Puppet CA with no revoked certificates. There are several reasons to do this, including:
- The CRL has grown very large, slowing down some operations
- It has become corrupted or lost
- You accidentally revoked an important certificate
The new CRL will be copied to the master's ssldir and the ca/ directory underneath.
Note that this module will only work with the CA included with Puppet, not an external or intermediate CA. It is compatible with a single or multi-length CRL chain, the latter being the default starting in PE 2019.
Usage
Bolt
bolt task run --targets <node-name> crl_truncate::crl_truncate ssldir=<value>
PARAMETERS:
- ssldir: Optional[String[1]]
The location of the Puppet ssl dir
Puppet Task
puppet task run crl_truncate::crl_truncate [ssldir=<value>] <[--nodes, -n <node-names>] | [--query, -q <'query'>]>
PARAMETERS:
- ssldir : Optional[String[1]]
The location of the Puppet ssl dir
PE Console
Select crl_truncate::crl_truncate from the "Task" dropdown. Target the master by choosing "Node list" under the "Select targets" dropdown and run the job.
What are tasks?
Modules can contain tasks that take action outside of a desired state managed by Puppet. It’s perfect for troubleshooting or deploying one-off changes, distributing scripts to run across your infrastructure, or automating changes that need to happen in a particular order as part of an application deployment.