As Puppet works in Client-Server model and to happen this, Puppet master uses secure channel to communicate with it’s nodes. In order to use this secure channel puppet nodes need to register them to a puppet master and at puppet master we have to sign the certifications so that puppet nodes can communicate with master without any issues. This is fine when you have couple of nodes to a master. 

But when we have thousands of machines, it’s is bit difficult to manage client certification signing as it is a time consuming process. In Puppet configurations there is a solution available for this requirement. We can sign client certification requests automatically depending on some criteria or automatic sighing for all client requests. In this post we will see on how to set automatic certificate signing for puppet open source master server and puppet enterprise master as well.

Inorder to sign certificates automatically we have to edit two files as mention below.

For Open source puppet master:

	/etc/puppet/puppet.conf

	and

	/etc/puppet/autosign.conf

For Puppet enterprise master:

	/etc/puppetlabs/puppet/puppet.conf

	and

	/etc/puppetlabs/puppet/autosign.conf

Changes in puppet.conf file

Update [master] section with autosign option with true to enable autosigning and autosign = false to disable it. Once this is done we have to update auth.conf to list which hosts need to have autosing enabled by editing it.

	abc.example.com

	*.example.com

	regexp.example.com

	or just

	*

 

 

The following two tabs change content below.
Mr Surendra Anne is from Vijayawada, Andhra Pradesh, India. He is a Linux/Open source supporter who believes in Hard work, A down to earth person, Likes to share knowledge with others, Loves dogs, Likes photography. He works as Devops Engineer with Taggle systems, an IOT automatic water metering company, Sydney . You can contact him at surendra (@) linuxnix dot com.