Puppet on puppetmaster, some tips

We often run a puppet on the puppetmaster which connects to the local puppetmaster. In the past, I’ve run into some problems, so I thought it best to write down a couple of tips to keep in mind when setting this up. These helped me out in the past:

  • Have a separate SSL dir for the puppetmaster and the client. The following snippet shows how to do that:
    ssldir = /var/lib/puppet/ssl
    ssldir = /var/lib/puppet-server/ssl
    ssldir = /var/lib/puppet-server/ssl

    The addition to puppetca is needed because it needs to know where to sign the certificates. Of course, if you run 2.6 or higher, you need to replace puppetd with agent, puppetmasterd with mast and puppetca with… ca I think.

  • Explicitely set the certname and the certdnsnames for the puppetmaster, as follows:
    certname = puppet
    certdnsnames = puppet.my.domain

That’s it. Hope it helps someone. You’re going to need to remove all old ssl dirs after you changed this and regenerate the certificates.

Tags: , ,

Comments are closed.

Kumina designs, builds, operates and supports Kubernetes solutions that help companies thrive online. As Certified Kubernetes Service Partner, we know how to build real solutions.