I am trying to install and configure puppet 5.3.2 on two identical Linux machines running Centos 7 (one being a master and the other being an agent). I have managed to install the puppet from the official repository on both and added the following.
Master node in /etc/hosts
127.0.0.1 <master hostname>
<master node ipaddress> puppet, <master node hostname>
<agent node ipaddress> <agent node hostname>
Agent node in /etc/hosts
127.0.0.1 <agent hostname>
<master node ipaddress> puppet, <master node hostname>
<agent node ipaddress> <agent node hostname>
Master node in /etc/puppetlabs/puppet/puppet.conf
[master]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
dns_alt_names = puppet, <master node hostname>
certname = puppet
Agent node in/etc/puppetlabs/puppet/puppet.conf
server = puppet, <master node hostname>
The puppet server starts successfully. However, I still need to generate and sign the appropriate certificates for both master and agent. For this firstly, I make sure the puppetserver is stopped on the puppet master node, and then on the puppet master node I issue:
sudo /opt/puppetlabs/bin/puppet cert list -a
I see a SHA256 certificate.
Now, I do not know how to proceed further. Any inputs would be highly appreciated.
Best Answer
I was able to get this working. Basically, when the puppet server is started initially, the certificate is generated and this can be viewed by
Next on the agent node, stop the puppet agent using the below if the agent is running (this can be found by
systemctl status puppet
Create a certificate on the puppet agent which need to be signed by the puppet master. The certificate can be generated by:
On the master node, the agent certificate can be viewed by
The agent certificate should be signed now, for that
Once the certificate is signed, this needs to be verified. However, before it is verified, the puppet agent should be up and running.