.sync.yml

@@ -0,0 +1,15 @@
+---
+mock_with: ':rspec'
+
+appveyor.yml:
+  delete: true
+.gitlab-ci.yml:
+  delete: true
+.project:
+  delete: true
+
+.travis.yml:
+  includes:
+    - env: PUPPET_GEM_VERSION="~> 7.0" CHECK=parallel_spec
+      rvm: 2.7.2
+      stage: spec

.travis.yml

@@ -38,6 +38,10 @@ jobs:
       env: PUPPET_GEM_VERSION="~> 6.0" CHECK=parallel_spec
       rvm: 2.5.7
       stage: spec
+    -
+      env: PUPPET_GEM_VERSION="~> 7.0" CHECK=parallel_spec
+      rvm: 2.7.2
+      stage: spec
     -
       env: DEPLOY_TO_FORGE=yes
       stage: deploy

CODEOWNERS

@@ -0,0 +1,7 @@
+# This will cause the code owners of this repo to be assigned review of any
+# opened PRs against the branches containing this file.
+# See https://help.github.com/en/articles/about-code-owners for info on how to
+# take ownership of parts of the code base that should be reviewed by another
+# team.
+
+*  @puppetlabs/support

README.md

@@ -112,6 +112,23 @@ Note that you cannot use the Bolt `pcp` transport if your CA certificate has alr
 
 ### Usage
 
+First, check the expiration of the Puppet agent certificate by running the following command as root on the Master:
+
+```
+/opt/puppetlabs/puppet/bin/openssl x509 -in "$(/opt/puppetlabs/bin/puppet config print hostcert)" -enddate -noout
+```
+
+If, and only if, the `notAfter` date printed has already passed, then the Master certificate has expired and must be cleaned up before the CA can be regenerated:
+
+```bash
+mkdir -p -m 0700 /var/puppetlabs/backups
+(umask 0077 && tar czf "/var/puppetlabs/backups/ssl-$(date +'%Y%m%d%H%M%S')".tar.gz "$(puppet config print ssldir)")
+
+find "$(puppet config print ssldir)" -name "$(puppet config print certname).pem" -delete
+```
+
+Once the expiration has been checked, the CA can be regenerated.
+
 ```bash
 bolt plan run ca_extend::extend_ca_cert --targets <master_fqdn> compile_masters=<comma_separated_compile_master_fqdns> --run-as root
 ```

metadata.json

@@ -1,11 +1,12 @@
 {
   "name": "puppetlabs-ca_extend",
-  "version": "1.2.0",
+  "version": "1.2.1",
   "author": "Adrian Parreiras Horta",
   "summary": "A set of Bolt Plans and Tasks to extend the CA cert in Puppet Enterprise",
   "license": "GPL-2.0-only",
-  "source": "https://github.com/m0dular/ca_extend",
-  "project_page": "https://github.com/m0dular/ca_extend",
+  "source": "https://github.com/puppetlabs/ca_extend",
+  "project_page": "https://github.com/puppetlabs/ca_extend",
+  "issues_url": "https://github.com/puppetlabs/ca_extend/issues",
   "dependencies": [
     {
       "name": "puppetlabs/stdlib",
@@ -16,7 +17,8 @@
     {
       "operatingsystem": "CentOS",
       "operatingsystemrelease": [
-        "7"
+        "7",
+        "8"
       ]
     },
     {
@@ -28,7 +30,8 @@
     {
       "operatingsystem": "RedHat",
       "operatingsystemrelease": [
-        "7"
+        "7",
+        "8"
       ]
     },
     {
@@ -40,13 +43,15 @@
     {
       "operatingsystem": "Debian",
       "operatingsystemrelease": [
-        "8"
+        "9",
+        "10"
       ]
     },
     {
       "operatingsystem": "Ubuntu",
       "operatingsystemrelease": [
-        "16.04"
+        "16.04",
+        "18.04"
       ]
     }
   ],

plans/extend_ca_cert.pp

@@ -4,7 +4,7 @@
   $ssldir                               = '/etc/puppetlabs/puppet/ssl',
 ) {
   $targets.apply_prep
-  $master_facts = run_plan('facts', $targets).first
+  $master_facts = run_task('facts', $targets, '_catch_errors' => true).first
 
   if $master_facts['pe_build'] {
     $is_pe = true

spec/spec_helper.rb

@@ -1,5 +1,9 @@
 # frozen_string_literal: true
 
+RSpec.configure do |c|
+  c.mock_with :rspec
+end
+
 require 'puppetlabs_spec_helper/module_spec_helper'
 require 'rspec-puppet-facts'