SigningRevoking certificates automatically¶
You can install and configure incron to call puppet/sign_request.sh script provided with initr every time that a file appears on $ssldir/ca/requests/ directory.
- install incron
apt-get install incron
- add root to /etc/incron.allow
- add this line to root's incrontab with "incrontab -e" (replace $ssldir and $initr with correct locations)
$ssldir/ca/requests IN_CLOSE_WRITE $initr/puppet/sign_request.sh $#
Revoking certificates on node deletion¶
- add this line to root's incrontab (replace $redmine_root and $initr with correct locations):
$redmine_root/tmp/revoke_requests IN_CLOSE_WRITE $initr/puppet/revoke_cert.sh $#
on node deletion, initr creates an empty file in $redmine_root/tmp/revoke_requests to trigger this