puppet_management

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

puppet_management [2020/11/16 16:31] – created andonovjpuppet_management [2020/11/16 16:54] (current) – [Auto Signing] andonovj
Line 8: Line 8:
  
 ====Auto Signing==== ====Auto Signing====
-Remember when we had to sign our certificate. What if we have 100 new servers, do you want to sign each certificate. With puppet we can configure auto signing, let's see how that will work with a new server: "puppetagentnew"+Remember when we had to sign our certificate. What if we have 100 new servers, do you want to sign each certificate. With puppet we can configure auto signing, let's see how that will work with a new server: "puppetslavetwo"
  
 +
 +To create auto signing, we need to re-configure our master, by creating the following file:
 +
 +===Configure Master===
 +<Code:bash|Create autosign.conf File & Restart>
 +[root@puppetmaster ~]# vi /etc/puppetlabs/puppet/autosign.conf
 +*.example.com
 +:wq
 +
 +[root@puppetmaster ~]# systemctl restart puppetserver.service
 +[root@puppetmaster ~]# service puppetserver status
 +Redirecting to /bin/systemctl status puppetserver.service
 +● puppetserver.service - puppetserver Service
 +   Loaded: loaded (/usr/lib/systemd/system/puppetserver.service; disabled; vendor preset: disabled)
 +   Active: active (running) since Fri 2020-11-13 19:36:53 EST; 22s ago
 +  Process: 10616 ExecStop=/opt/puppetlabs/server/apps/puppetserver/bin/puppetserver stop (code=exited, status=0/SUCCESS)
 +  Process: 10788 ExecStart=/opt/puppetlabs/server/apps/puppetserver/bin/puppetserver start (code=exited, status=0/SUCCESS)
 + Main PID: 10811 (java)
 +    Tasks: 40 (limit: 4915)
 +   CGroup: /system.slice/puppetserver.service
 +           └─10811 /usr/bin/java -Xms2g -Xmx2g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger -XX:OnOutOfMemoryError="kill -9 %p" -XX:ErrorFile=/var/log/puppetlabs/p...
 +
 +Nov 13 19:36:21 puppetmaster.example.com systemd[1]: puppetserver.service: control process exited, code=exited status=1
 +Nov 13 19:36:21 puppetmaster.example.com systemd[1]: Stopped puppetserver Service.
 +Nov 13 19:36:21 puppetmaster.example.com systemd[1]: Unit puppetserver.service entered failed state.
 +Nov 13 19:36:21 puppetmaster.example.com systemd[1]: puppetserver.service failed.
 +Nov 13 19:36:21 puppetmaster.example.com systemd[1]: Starting puppetserver Service...
 +Nov 13 19:36:53 puppetmaster.example.com systemd[1]: Started puppetserver Service.
 +[root@puppetmaster ~]#
 +</Code>
 +
 +===Configure Slave===
 +After, we have restarted the master, we can start the agent on the puppetslavetwo server:
 +
 +<Code:bash|Start Agent on the target Server>
 +[root@puppetslavetwo ~]# service puppet start
 +Redirecting to /bin/systemctl start puppet.service
 +[root@puppetslavetwo ~]# service puppet status
 +Redirecting to /bin/systemctl status puppet.service
 +● puppet.service - Puppet agent
 +   Loaded: loaded (/usr/lib/systemd/system/puppet.service; disabled; vendor preset: disabled)
 +   Active: active (running) since Mon 2020-11-16 11:48:32 EST; 3min 6s ago
 + Main PID: 1594 (puppet)
 +    Tasks: 2
 +   CGroup: /system.slice/puppet.service
 +           └─1594 /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/puppet agent --no-daemonize
 +
 +Nov 16 11:48:32 puppetslavetwo.example.com systemd[1]: Started Puppet agent.
 +Nov 16 11:48:39 puppetslavetwo.example.com puppet-agent[1594]: Starting Puppet client version 6.19.1
 +Nov 16 11:48:42 puppetslavetwo.example.com puppet-agent[1606]: Applied catalog in 0.02 seconds
 +[root@puppetslavetwo ~]#
 +</Code>
 +
 +===Verification===
 +To verify, we can check both the master, if he signed it and/or check the agent
 +
 +<Code:bash|Check Master>
 +--Check certificate
 +[root@puppetmaster ~]# puppetserver ca list --all
 +Signed Certificates:
 +    puppetmaster.example.com         (SHA256)  ED:77:D9:A2:F5:86:51:C3:98:F2:61:10:C6:38:14:A3:6B:0C:8D:31:A5:36:46:B4:7C:FC:6E:D7:5F:6E:F6:4B  alt names: ["DNS:puppet", "DNS:puppetmaster.example.com" authorization extensions: [pp_cli_auth: true]
 +    puppetslave.example.com          (SHA256)  A4:24:76:E7:3D:B8:5B:35:15:1D:79:61:6B:44:F7:1B:D8:B9:8A:03:C9:5B:C4:0D:10:23:8B:00:75:7F:9A:DA
 +    puppetslavetwo.example.com       (SHA256)  C2:99:06:28:F5:D5:22:1C:FB:0C:40:33:87:96:7C:87:DB:A0:ED:0B:EF:6A:4B:FB:55:B8:95:4B:70:B5:AD:72
 +
 +--Log
 +2020-11-13T19:37:32.353-05:00 INFO  [qtp1885695266-36] [p.p.certificate-authority] Signed certificate request for puppetslavetwo.example.com
 +2020-11-13T19:37:35.736-05:00 INFO  [qtp1885695266-35] [puppetserver] Puppet Compiled catalog for puppetslavetwo.example.com in environment production in 0.36 seconds
 +</Code>
 +
 +<Code:bash|Check Agent>
 +[root@puppetslavetwo ~]# puppet agent -tv
 +Info: Using configured environment 'production'
 +Info: Retrieving pluginfacts
 +Info: Retrieving plugin
 +Info: Retrieving locales
 +Info: Caching catalog for puppetslavetwo.example.com
 +Info: Applying configuration version '1605314475'
 +Notice: Applied catalog in 0.02 seconds
 +[root@puppetslavetwo ~]#
 +</Code>
  
  
  • puppet_management.1605544277.txt.gz
  • Last modified: 2020/11/16 16:31
  • by andonovj