crl_truncate

pdk
tasks
Truncate the CRL issued by the Puppet CA
Adrian Parreiras Horta

Adrian Parreiras Horta

m0dular

3,380 downloads

2,485 latest version

5.0 quality score

Version information

  • 0.2.0 (latest)
  • 0.1.0
released Jun 4th 2020
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x
  • Puppet >= 5.5.1 < 7.0.0
  • CentOS
    ,
    RedHat
    ,
    Debian
    ,
    Ubuntu
    ,
    Fedora
    ,
    SLES
Tasks:
  • crl_truncate

Start using this module

Documentation

m0dular/crl_truncate — version 0.2.0 Jun 4th 2020

crl_truncate

Table of Contents

  1. Description
  2. Usage - Configuration options and additional functionality

Description

This module can be used to truncate the CRL issued by the Puppet CA. That is, create a new CRL issued by the Puppet CA with no revoked certificates. There are several reasons to do this, including:

  • The CRL has grown very large, slowing down some operations
  • It has become corrupted or lost
  • You accidentally revoked an important certificate

The new CRL will be copied to the master's ssldir and the ca/ directory underneath.

Note that this module will only work with the CA included with Puppet, not an external or intermediate CA. It is compatible with a single or multi-length CRL chain, the latter being the default starting in PE 2019.

Usage

Bolt

bolt task run --targets <node-name> crl_truncate::crl_truncate ssldir=<value>

PARAMETERS:
- ssldir: Optional[String[1]]
    The location of the Puppet ssl dir

Puppet Task

puppet task run crl_truncate::crl_truncate [ssldir=<value>] <[--nodes, -n <node-names>] | [--query, -q <'query'>]>

PARAMETERS:
- ssldir : Optional[String[1]]
    The location of the Puppet ssl dir

PE Console

Select crl_truncate::crl_truncate from the "Task" dropdown. Target the master by choosing "Node list" under the "Select targets" dropdown and run the job.