Page MenuHomePhabricator
Create Task
Maniphest T242642

Cleanup unsigned puppet client certs on tools-puppetmaster-01
Closed, ResolvedPublic
Actions

Description

$ sudo -i puppet cert list|awk '{print $1}'
".tools.eqiad.wmflabs"
"host-172-16-1-141.tools.eqiad.wmflabs"
"host-172-16-1-16.tools.eqiad.wmflabs"
"host-172-16-1-161.tools.eqiad.wmflabs"
"host-172-16-1-204.tools.eqiad.wmflabs"
"host-172-16-1-205.tools.eqiad.wmflabs"
"host-172-16-2-205.tools.eqiad.wmflabs"
"host-172-16-5-19.tools.eqiad.wmflabs"
"host-172-16-5-208.tools.eqiad.wmflabs"
"tools-checker-01.eqiad.wmflabs"
"tools-cron-01.eqiad.wmflabs"
"tools-exec-1-andrewtest.tools.eqiad.wmflabs"
"tools-exec-1414.eqiad.wmflabs"
"tools-flannel-etcd-01.eqiad.wmflabs"
"tools-flannel-etcd-01.{"
"tools-flannel-etcd-02.{"
"tools-flannel-etcd-03.eqiad.wmflabs"
"tools-flannel-etcd-03.{"
"tools-grid-master.eqiad.wmflabs"
"tools-k8s-etcd-02.eqiad.wmflabs"
"tools-k8s-etcd-03.{"
"tools-paws-worker-1002.eqiad.wmflabs"
"tools-paws-worker-1003.eqiad.wmflabs"
"tools-paws-worker-1006.eqiad.wmflabs"
"tools-paws-worker-1007.eqiad.wmflabs"
"tools-paws-worker-1013.eqiad.wmflabs"
"tools-paws-worker-1016.eqiad.wmflabs"
"tools-paws-worker-1017.eqiad.wmflabs"
"tools-prometheus-01.eqiad.wmflabs"
"tools-prometheus-02.eqiad.wmflabs"
"tools-redis-1002.eqiad.wmflabs"
"tools-webgrid-lighttpd-1407.eqiad.wmflabs"
"tools-worker-1001.eqiad.wmflabs"
"tools-worker-1002.eqiad.wmflabs"
"tools-worker-1003.eqiad.wmflabs"
"tools-worker-1004.eqiad.wmflabs"
"tools-worker-1005..eqiad.wmflabs"
"tools-worker-1005.eqiad.wmflabs"
"tools-worker-1006.eqiad.wmflabs"
"tools-worker-1007.eqiad.wmflabs"
"tools-worker-1008.eqiad.wmflabs"
"tools-worker-1009.eqiad.wmflabs"
"tools-worker-1010.eqiad.wmflabs"
"tools-worker-1011.eqiad.wmflabs"
"tools-worker-1012.eqiad.wmflabs"
"tools-worker-1013.eqiad.wmflabs"
"tools-worker-1015.eqiad.wmflabs"
"tools-worker-1016.eqiad.wmflabs"
"tools-worker-1017.eqiad.wmflabs"
"tools-worker-1018.eqiad.wmflabs"
"tools-worker-1019.eqiad.wmflabs"
"tools-worker-1020.eqiad.wmflabs"
"tools-worker-1021.eqiad.wmflabs"
"tools-worker-1022.eqiad.wmflabs"
"tools-worker-1023.eqiad.wmflabs"
"tools-worker-1025.eqiad.wmflabs"
"tools-worker-1026.eqiad.wmflabs"
"tools-worker-1027.eqiad.wmflabs"
"tools-worker-1028.eqiad.wmflabs"

Related Objects
Search...

Event Timeline

bd808 triaged this task as High priority.Jan 13 2020, 4:58 PM
bd808 created this task.
bd808 moved this task from Inbox to Doing on the cloud-services-team (Kanban) board.
bd808 renamed this task from Cleanup unsigned puppet cleint certs on tools-puppetnmaster-01 to Cleanup unsigned puppet client certs on tools-puppetmaster-01.Jan 13 2020, 5:45 PM
Stashbot added a comment.Jan 13 2020, 5:48 PM

Mentioned in SAL (#wikimedia-cloud) [2020-01-13T17:48:57Z] <bd808> Running puppet ca destroy for each unsigned cert on tools-puppetmaster-01 (T242642)

Bstorm awarded a token.Jan 13 2020, 5:51 PM
bd808 closed this task as Resolved.Jan 13 2020, 5:51 PM

puppet cert revoke and puppet cert clean only work on signed certificates. The deprecated puppet ca destroy command however will remove a signing request without actually requiring the cert to be signed first.

$ for h in $(sudo -i puppet cert list|awk '{gsub("\"","",$1); print $1}'); do sudo -i puppet ca destroy "$h"; done
Notice: Removing file Puppet::SSL::CertificateRequest .tools.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/.tools.eqiad.wmflabs.pem'
Deleted for .tools.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest host-172-16-1-141.tools.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/host-172-16-1-141.tools.eqiad.wmflabs.pem'
Deleted for host-172-16-1-141.tools.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest host-172-16-1-16.tools.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/host-172-16-1-16.tools.eqiad.wmflabs.pem'
Deleted for host-172-16-1-16.tools.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest host-172-16-1-161.tools.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/host-172-16-1-161.tools.eqiad.wmflabs.pem'
Deleted for host-172-16-1-161.tools.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest host-172-16-1-204.tools.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/host-172-16-1-204.tools.eqiad.wmflabs.pem'
Deleted for host-172-16-1-204.tools.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest host-172-16-1-205.tools.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/host-172-16-1-205.tools.eqiad.wmflabs.pem'
Deleted for host-172-16-1-205.tools.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest host-172-16-2-205.tools.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/host-172-16-2-205.tools.eqiad.wmflabs.pem'
Deleted for host-172-16-2-205.tools.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest host-172-16-5-19.tools.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/host-172-16-5-19.tools.eqiad.wmflabs.pem'
Deleted for host-172-16-5-19.tools.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest host-172-16-5-208.tools.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/host-172-16-5-208.tools.eqiad.wmflabs.pem'
Deleted for host-172-16-5-208.tools.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-checker-01.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-checker-01.eqiad.wmflabs.pem'
Deleted for tools-checker-01.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-cron-01.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-cron-01.eqiad.wmflabs.pem'
Deleted for tools-cron-01.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-exec-1414.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-exec-1414.eqiad.wmflabs.pem'
Deleted for tools-exec-1414.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-flannel-etcd-01.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-flannel-etcd-01.eqiad.wmflabs.pem'
Deleted for tools-flannel-etcd-01.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-flannel-etcd-01.{ at '/var/lib/puppet/server/ssl/ca/requests/tools-flannel-etcd-01.{.pem'
Deleted for tools-flannel-etcd-01.{: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-flannel-etcd-02.{ at '/var/lib/puppet/server/ssl/ca/requests/tools-flannel-etcd-02.{.pem'
Deleted for tools-flannel-etcd-02.{: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-flannel-etcd-03.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-flannel-etcd-03.eqiad.wmflabs.pem'
Deleted for tools-flannel-etcd-03.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-flannel-etcd-03.{ at '/var/lib/puppet/server/ssl/ca/requests/tools-flannel-etcd-03.{.pem'
Deleted for tools-flannel-etcd-03.{: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-grid-master.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-grid-master.eqiad.wmflabs.pem'
Deleted for tools-grid-master.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-k8s-etcd-02.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-k8s-etcd-02.eqiad.wmflabs.pem'
Deleted for tools-k8s-etcd-02.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-k8s-etcd-03.{ at '/var/lib/puppet/server/ssl/ca/requests/tools-k8s-etcd-03.{.pem'
Deleted for tools-k8s-etcd-03.{: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-paws-worker-1002.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-paws-worker-1002.eqiad.wmflabs.pem'
Deleted for tools-paws-worker-1002.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-paws-worker-1003.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-paws-worker-1003.eqiad.wmflabs.pem'
Deleted for tools-paws-worker-1003.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-paws-worker-1006.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-paws-worker-1006.eqiad.wmflabs.pem'
Deleted for tools-paws-worker-1006.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-paws-worker-1007.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-paws-worker-1007.eqiad.wmflabs.pem'
Deleted for tools-paws-worker-1007.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-paws-worker-1013.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-paws-worker-1013.eqiad.wmflabs.pem'
Deleted for tools-paws-worker-1013.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-paws-worker-1016.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-paws-worker-1016.eqiad.wmflabs.pem'
Deleted for tools-paws-worker-1016.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-paws-worker-1017.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-paws-worker-1017.eqiad.wmflabs.pem'
Deleted for tools-paws-worker-1017.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-prometheus-01.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-prometheus-01.eqiad.wmflabs.pem'
Deleted for tools-prometheus-01.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-prometheus-02.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-prometheus-02.eqiad.wmflabs.pem'
Deleted for tools-prometheus-02.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-redis-1002.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-redis-1002.eqiad.wmflabs.pem'
Deleted for tools-redis-1002.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-webgrid-lighttpd-1407.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-webgrid-lighttpd-1407.eqiad.wmflabs.pem'
Deleted for tools-webgrid-lighttpd-1407.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1001.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1001.eqiad.wmflabs.pem'
Deleted for tools-worker-1001.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1002.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1002.eqiad.wmflabs.pem'
Deleted for tools-worker-1002.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1003.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1003.eqiad.wmflabs.pem'
Deleted for tools-worker-1003.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1004.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1004.eqiad.wmflabs.pem'
Deleted for tools-worker-1004.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1005..eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1005..eqiad.wmflabs.pem'
Deleted for tools-worker-1005..eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1005.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1005.eqiad.wmflabs.pem'
Deleted for tools-worker-1005.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1006.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1006.eqiad.wmflabs.pem'
Deleted for tools-worker-1006.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1007.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1007.eqiad.wmflabs.pem'
Deleted for tools-worker-1007.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1008.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1008.eqiad.wmflabs.pem'
Deleted for tools-worker-1008.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1009.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1009.eqiad.wmflabs.pem'
Deleted for tools-worker-1009.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1010.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1010.eqiad.wmflabs.pem'
Deleted for tools-worker-1010.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1011.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1011.eqiad.wmflabs.pem'
Deleted for tools-worker-1011.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1012.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1012.eqiad.wmflabs.pem'
Deleted for tools-worker-1012.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1013.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1013.eqiad.wmflabs.pem'
Deleted for tools-worker-1013.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1015.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1015.eqiad.wmflabs.pem'
Deleted for tools-worker-1015.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1016.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1016.eqiad.wmflabs.pem'
Deleted for tools-worker-1016.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1017.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1017.eqiad.wmflabs.pem'
Deleted for tools-worker-1017.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1018.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1018.eqiad.wmflabs.pem'
Deleted for tools-worker-1018.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1019.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1019.eqiad.wmflabs.pem'
Deleted for tools-worker-1019.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1020.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1020.eqiad.wmflabs.pem'
Deleted for tools-worker-1020.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1021.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1021.eqiad.wmflabs.pem'
Deleted for tools-worker-1021.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1022.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1022.eqiad.wmflabs.pem'
Deleted for tools-worker-1022.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1023.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1023.eqiad.wmflabs.pem'
Deleted for tools-worker-1023.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1025.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1025.eqiad.wmflabs.pem'
Deleted for tools-worker-1025.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1026.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1026.eqiad.wmflabs.pem'
Deleted for tools-worker-1026.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1027.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1027.eqiad.wmflabs.pem'
Deleted for tools-worker-1027.eqiad.wmflabs: Puppet::SSL::CertificateRequest
Notice: Removing file Puppet::SSL::CertificateRequest tools-worker-1028.eqiad.wmflabs at '/var/lib/puppet/server/ssl/ca/requests/tools-worker-1028.eqiad.wmflabs.pem'
Deleted for tools-worker-1028.eqiad.wmflabs: Puppet::SSL::CertificateRequest
$ sudo -i puppet cert list
$ sudo -i puppet ca list
Krenair awarded a token.Jan 14 2020, 12:04 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits