Setup Puppet Certs Autosign

@andrzej, I think you have to add, “autosign = true” under [master] section of puppet.conf file.

The same result for me

i dont think so, u see in screenshots that autosign works fine.

1 Like

Thanks for reporting this guys, this question was having some missing information and we have modified it to add required details. This task has been marked as Pending for all who failed it so they can give it an another shot.

@Inderpreet

I kept getting
puppet-agent[494]: bad component(expected host component): jump_host.stratos.xfusioncorp.com
at the client restart puppet.

what did i do wrong?

Have you did entry alias name in your /etc/hosts?

Why does it says to use dns_alt_name instead of dns_alt_names.

Is this correct?

It is partially correct. The option is dns_alt_names and list all aliases for puppetserver. So to add one alias you can unofficially name it dns_alt_name.

Hi all! I got this message:

- Make sure puppet has signed certificates for ‘master’ node as well as for all ‘agent’ nodes

but testing puppet agents works…

I had the same problem with this task yesterday but mine is still marked as failed. Will mine be marked as pending so I can do it again?

- puppet 'autosign' config file is not found under '/etc/puppetlabs/puppet' on puppet master i.e Jump Server

My task is still marked as failed, will it be marked as pending like the other people?

@Inderpreet my initial attempt at this task is still marked as failed, I just redid that task with I believe the same steps and it worked this time and is marked as successful. According to this thread there was a bug in this task and people got another chance to re do it (marked as pending) or in another thread with a user named Jenna you marked it as complete (successful). Can you please either mark my first attempt as pending or sucessful?

@raiveton @blindcant can you please share your KKE username ?

I sent it through as a message, did you get it?

@blindcant can you please share here instead.

I’d rather not since it is my email address, which I have already sent to you personally.

@Inderpreet

Can you help me, I got this task as failed
image

However as you can see below app server 1 was able to request and I got the autosigned on puppet server

image

We need to do autosign for each agent node. For that, we need to create autosign.conf as below on the puppet master node i.e. on jump_host,

[email protected]_host /# vi /etc/puppetlabs/puppet/autosign.conf
jump_host.stratos.xfusioncorp.com
stapp01.stratos.xfusioncorp.com
stapp02.stratos.xfusioncorp.com
stapp03.stratos.xfusioncorp.com

Then, restart a puppet service using a command,

[email protected]_host /# systemctl restart puppet

Now edit the hosts files on jump host as well as on all app servers and add an alias as a puppet for a jump host node,

[email protected]_host /# vi /etc/hosts
172.16.238.1    jump_host.stratos.xfusioncorp.com puppet
172.16.238.2    jump_host.stratos.xfusioncorp.com puppet

As on App server you can do as below,

[[email protected] tony]# cat /etc/hosts
127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.16.238.3    jump_host.stratos.xfusioncorp.com puppet
172.16.239.5    stapp01.stratos.xfusioncorp.com stapp01
172.16.238.10   stapp01.stratos.xfusioncorp.com stapp01

Finally, run a test on agent nodes respectively and check the ca list --all on puppet master node.

NOTE: This might be corrected after pointing out in here the first time. Thanks all for your feedback and concerns.

3 Likes

My task failed with strange error… @Inderpreet @rahul456 cam you help here?

@ramnamy, sorry for the issue, this is marked pending for you, please give it an another try.