LearnEverydayNew

Setup Puppet CERTS Autosign

Setup Puppet CERTS Autosign

utsab sapkota's photo
utsab sapkota
·

2 min read

Table of contents

What is Puppet Certificate?

Puppet uses a public key infrastructure (PKI) to secure communication between Puppet agents and the Puppet master. Puppet certificates are a key component of this infrastructure.

When a Puppet agent first connects to a Puppet master, it sends a certificate signing request (CSR) to the master. The master then validates the identity of the agent and signs its certificate. The signed certificate is then returned to the agent, and subsequent communication between the agent and master is secured using this certificate.

Puppet certificates contain information about the agent, such as its hostname and IP address, as well as its public key. The Puppet master keeps a record of all signed certificates in its certificate authority (CA).

Certificates can be managed using the puppet cert command on the Puppet master. This command allows administrators to list, sign, revoke, and delete certificates. It is important to properly manage Puppet certificates to ensure the security of the Puppet infrastructure.

Autosigning the certificates

Let us take two servers i.e. Server1 and Server2 as agent nodes of the puppet and Master_Server as the master node of the puppet. We need to configure the puppet server package on the nodes.

You can do so by referring to the puppet's official document.

https://www.puppet.com/docs/puppet/6/server/install_from_packages.html

After configuring the puppet server packages, make sure your puppet service is up and running.

  • Go to /etc/puppetlabs/puppet/ and create autosign.conf file

  • Add all the servers i.e master, server1 and server2 to the list

    Master_server.example.com

    Server1.example.com

    Server2.example.com

  • In /etc/hosts you can give an alias to the Master_server.

    Example:

    172.16.238.3    Master_Server.example.com Master_Server puppet

  • Save the file and restart the Puppet service

    systemctl restart puppet

  • Login to server1 and add the 3rd point host in /etc/hosts

    172.16.238.9 Server1.example.com Server1

    172.16.238.3    Master_Server.example.com Master_Server puppet (ADDED)

  • Run puppet agent -tv in Server1 and you will see a certificate signed automatically.

Conclusion:

Autosigning certificates in Puppet can be a useful way to simplify the process of adding new Puppet agents to your infrastructure. With auto signing enabled, new agents can automatically obtain a signed certificate from the Puppet master without requiring manual approval.

puppetpuppetserverAutosigncertifcates