Setup Puppet Certs Autosign

Task :

During the last weekly meeting, the Nautilus DevOps team decided to use Puppet autosign config to auto sign certificates for all Puppet agent nodes they will keep adding under Puppet master in Stratos DC. Puppet master and CA servers are currently running on jump host and they have configured all three app servers as Puppet agents. To set up autosign configuration on the Puppet master server, some configuration settings must be set up. Please find more details below:

The Puppet server package is already installed on puppet master i.e jump server and the Puppet agent package is already installed on all App Servers. However, you may need to begin required services on all these servers.

Configure autosign configuration on the Puppet master i.e jump server (by creating autosign.conf in puppet configuration directory) and assign certificates for both master node as well as for all agent nodes. Use host’s FDQN to assign the certificates.

Use alias puppet (dns_alt_names) for master node and add its entry in /etc/hosts config file on master i.e Jump Server as well as on all agent nodes i.e App Servers.

Note: Before submitting your task please verify if all certificates have been generated, sometimes it takes time to sign certificates.

Solutions :

On Jump_Host, add puppet word in /etc/hosts

# cd /etc/puppetlabs/puppet
# vi autosign.conf
# vi /etc/hosts

172.16.238.3 jump_host.stratos.xfusioncorp.com jump_host puppet
172.16.239.5 jump_host.stratos.xfusioncorp.com jump_host puppet

# systemctl restart puppetserver
# systemctl status puppetserver

On all appserver, add puppet word in /etc/hosts

$ sudo vi /etc/hosts

172.16.238.3 jump_host.stratos.xfusioncorp.com jump_host puppet

$ puppet agent -tv

Check/Verified on jump_host

# puppetserver ca list --all 

Leave a Reply

Your email address will not be published. Required fields are marked *