As Puppet works in Client-Server model and to happen this, Puppet master uses secure channel to communicate with it’s nodes. In order to use this secure channel puppet nodes need to register them to a puppet master and at puppet master we have to sign the certifications so that puppet nodes can communicate with master without any issues. This is fine when you have couple of nodes to a master.
But when we have thousands of machines, it’s is bit difficult to manage client certification signing as it is a time consuming process. In Puppet configurations there is a solution available for this requirement. We can sign client certification requests automatically depending on some criteria or automatic sighing for all client requests. In this post we will see on how to set automatic certificate signing for puppet open source master server and puppet enterprise master as well.
Inorder to sign certificates automatically we have to edit two files as mention below.
For Open source puppet master:
/etc/puppet/puppet.conf and /etc/puppet/autosign.conf
For Puppet enterprise master:
/etc/puppetlabs/puppet/puppet.conf and /etc/puppetlabs/puppet/autosign.conf
Changes in puppet.conf file
Update [master] section with autosign option with true to enable autosigning and autosign = false to disable it. Once this is done we have to update auth.conf to list which hosts need to have autosing enabled by editing it.
abc.example.com *.example.com regexp.example.com or just *
Latest posts by Surendra Anne (see all)
- FREE: JOIN OUR DEVOPS TELEGRAM GROUPS - August 2, 2019
- Review: Whizlabs Practice Tests for AWS Certified Solutions Architect Professional (CSAP) - August 27, 2018
- How to use ohai/chef-shell to get node attributes - July 19, 2018
- wget download a file to a directory in Linux/Unix - June 4, 2018
- GIT: How to compare two GIT branches? - June 3, 2018