NAME¶puppet-certificate_revocation_list - Manage the list of revoked certificates.
SYNOPSIS¶puppet certificate_revocation_list action [--terminus _TERMINUS] [--extra HASH]
DESCRIPTION¶This subcommand is primarily for retrieving the certificate revocation list from the CA.
OPTIONS¶Note that any setting that´s valid in the configuration file is also a valid long argument, although it may or may not be relevant to the present action. For example, server and run_mode are valid settings, so you can specify --server <servername>, or --run_mode <runmode> as an argument.
See the configuration file documentation at https://docs.puppetlabs.com/puppet/latest/reference/configuration.html for the full list of acceptable parameters. A commented list of all configuration options can also be generated by running puppet with --genconfig.
- --render-as FORMAT
- The format in which to render output. The most common formats are json, s (string), yaml, and console, but other options such as dot are sometimes available.
- Whether to log verbosely.
- Whether to log debug information.
- --extra HASH
- A terminus can take additional arguments to refine the operation, which are passed as an arbitrary hash to the back-end. Anything passed as the extra value is just send direct to the back-end.
- --terminus _TERMINUS
- Indirector faces expose indirected subsystems of Puppet. These subsystems are each able to retrieve and alter a specific type of data (with the familiar actions of find, search, save, and destroy) from an arbitrary number of pluggable backends. In Puppet parlance, these backends are called terminuses.
- Almost all indirected subsystems have a rest terminus that interacts with the puppet master´s data. Most of them have additional terminuses for various local data models, which are in turn used by the indirected subsystem on the puppet master whenever it receives a remote request.
- The terminus for an action is often determined by context, but occasionally needs to be set explicitly. See the "Notes" section of this face´s manpage for more details.
- destroy - Delete the certificate revocation list.
- puppet certificate_revocation_list destroy [--terminus _TERMINUS] [--extra HASH] dummy_text
- Deletes the certificate revocation list. This cannot be done over REST, but it is possible to delete the locally cached copy or the local CA´s copy of the CRL.
- Although this action always deletes the CRL from the specified terminus, it requires a dummy argument; this is a known bug.
- find - Retrieve the certificate revocation list.
- puppet certificate_revocation_list find [--terminus _TERMINUS] [--extra HASH] [key]
- Retrieve the certificate revocation list.
- The certificate revocation list. When used from the Ruby API: returns an OpenSSL::X509::CRL object.
- Although this action always returns the CRL from the specified terminus.
- info - Print the default terminus class for this face.
- puppet certificate_revocation_list info [--terminus _TERMINUS] [--extra HASH]
- Prints the default terminus class for this subcommand. Note that different run modes may have different default termini; when in doubt, specify the run mode with the ´--run_mode´ option.
Retrieve a copy of the puppet master´s CRL:
$ puppet certificate_revocation_list find --terminus rest
NOTES¶This subcommand is an indirector face, which exposes find, search, save, and destroy actions for an indirected subsystem of Puppet. Valid termini for this face include:
COPYRIGHT AND LICENSE¶Copyright 2011 by Puppet Inc. Apache 2 license; see COPYING
|June 2017||Puppet Labs, LLC|