Puppet autosign certs

Tej-Singh-Rana · June 14, 2020, 8:12am

This message i got :-- “Make sure puppet has signed certificates for ‘master’ node as well as for all ‘agent’ nodes”
@Ayman I guess i did config correctly and entry as well. Can you tell me what is the issue? something i missed? or validation check error?

Tej-Singh-Rana · June 14, 2020, 8:14am

I faced when i run from non sudo users. i mean to say without use sudo.

balu.networks7 · June 14, 2020, 9:19am

This is what I did:

Added /etc/puppetlabs/puppet/autosign.conf

jump_host.stratos.xfusioncorp.com

stapp01.stratos.xfusioncorp.com

stapp02.stratos.xfusioncorp.com

stapp03.stratos.xfusioncorp.com

And /etc/puppetlabs/puppet/puppet.conf:

[master]
dns_alt_names = jump_host.stratos.xfusioncorp.com,puppet

[main]
certname = jump_host.stratos.xfusioncorp.com
server = puppet
runinterval = 1h
strict_variables = true

In clients for example:

certname = stapp01.stratos.xfusioncorp.com
server = puppet
runinterval = 1h

Added Hosts entries on Master and all Agents

Salim · June 15, 2020, 4:48am

@Inderpreet @kleansoul The task has been marked failed for me with the same message “Make sure puppet has signed certificates for ‘master’ node as well as for all ‘agent’ nodes”.

I have autosign.conf in the location /etc/puppetlabs/puppet/autosign.conf.

I added a line “*.stratos.xfusioncorp.com” to auto-assign the SSL certificate for any host from the domain xfusioncorp.com as instructed.

Please check.

Thanks.

Cheers,
Salim

kleansoul · June 15, 2020, 11:39am

@Inderpreet Any update on this ? Did you checked? Can you please update.

Thank you in advance for your assistance!

bforde · June 15, 2020, 12:07pm

I got this error message even though all the certificates were automatically signed:

it seems like ‘autosign’ config file under ‘/etc/puppetlabs/puppet’ is not configured properly on puppet master i.e Jump Server

I configured autosign to be true in the puppet.conf file and updated the /etc/hosts files on each host with the dns entries puppet and puppet.stratos.xfusioncorp.com appended to the jump host line.

nashwan · June 16, 2020, 2:32pm

Hello guys,
any ideas why only stapp03 agent is not getting the certs:

[root@stapp03 ~]# puppet agent -t
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for stapp03.stratos.xfusioncorp.com
Info: Certificate Request fingerprint (SHA256): 28:66:E5:3E:CE:B8:82:2C:14:46:BC:93:B0:09:DF:F1:BD:A8:AC:DE:09:83:F1:49:1E:93:EC:E2:98:8F:32:D3
Info: Downloaded certificate for stapp03.stratos.xfusioncorp.com from https://puppet:8140/puppet-ca/v1
Error: The certificate for ‘CN=stapp03.stratos.xfusioncorp.com’ does not match its private key
Error: Could not run: The certificate for ‘CN=stapp03.stratos.xfusioncorp.com’ does not match its private key

nashwan · June 17, 2020, 11:58am

@Nautilus have you managed to fix your issue with app server 3? I am getting same issue?

kleansoul · June 17, 2020, 3:57pm

did you configured the hosts file in stapp03 ? what about the autosign.conf file ?

nashwan · June 17, 2020, 11:58pm

yes both were configured properly. I managed to fix the issue, but the tasks was really glitchy. I tried couple of times, always same config, for some weird reasons one server wasn’t getting it properly. last time I tried same config everything worked.

Inderpreet · June 19, 2020, 2:04am

@kleansoul @Salim this is marked as Success for you.

Salim · June 19, 2020, 2:05am

@Inderpreet thank you.

Inderpreet · June 19, 2020, 2:06am

@nashwan on stapp03 can you please check if there is a correct entry for puppet master node alias puppet in /etc/hosts file?

Inderpreet · June 19, 2020, 2:06am

@Tej-Singh-Rana Do you have any screenshots for your task ? Please share the same if you have.

kleansoul · June 19, 2020, 5:38am

Thanks @Inderpreet . Will you kindly restore the bonus points as well for the same task as I completed it within 12min. Thank you once again for your response

Salim · June 19, 2020, 5:50am

@Inderpreet please check the issue for me as well. The bonus points have disappeared for my two tasks!

Setup Puppet Cert Autosing (150 points)

Linux Nginx as Reverse Proxy (150 points)

I appreciate the hard work

Cheers,
Salim

Salim · June 30, 2020, 12:33pm

Dear @Inderpreet,

It has been a while I have not received any update from you. Still, the bonus points for the below tasks have not been restored.

150 points!

Regards,
Salim

kleansoul · June 30, 2020, 2:24pm

Same with my task, no bonus points restored … loss of 150 points!

antonysavio1111 · June 30, 2020, 4:09pm

Hi @balu.networks7 , @Tej-Singh-Rana ,@inderpreet for the host entries on master and the app servers , do you just add the alias as puppet to the existing jump host entries as below or
On master /etc/hosts:

root@jump_host etc]# cat hosts
127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.16.238.10   stapp01.stratos.xfusioncorp.com
172.16.238.11   stapp02.stratos.xfusioncorp.com
172.16.238.12   stapp03.stratos.xfusioncorp.com
172.16.239.2    jump_host.stratos.xfusioncorp.com jump_host **puppet**
172.16.238.3    jump_host.stratos.xfusioncorp.com jump_host **puppet**

On app server1 /etc/hosts:

[tony@stapp01 etc]$ cat hosts
127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.16.238.3    jump_host.stratos.xfusioncorp.com **puppet**
172.16.239.4    stapp01.stratos.xfusioncorp.com stapp01
172.16.238.10   stapp01.stratos.xfusioncorp.com stapp

Tej-Singh-Rana · July 1, 2020, 5:18am

Actually I have used both. 172.16.239.2 and 172.16.238.3