=====Overview===== In this section talk only about management and possible configurations. We will also describe the DSL and use it to create a lot of configurations. =====Puppet Configurations===== There are a lot of things which we can do with puppet, so let's get started. ====Auto Signing==== Remember when we had to sign our certificate. What if we have 100 new servers, do you want to sign each certificate. With puppet we can configure auto signing, let's see how that will work with a new server: "puppetslavetwo" To create auto signing, we need to re-configure our master, by creating the following file: ===Configure Master=== [root@puppetmaster ~]# vi /etc/puppetlabs/puppet/autosign.conf *.example.com :wq [root@puppetmaster ~]# systemctl restart puppetserver.service [root@puppetmaster ~]# service puppetserver status Redirecting to /bin/systemctl status puppetserver.service ● puppetserver.service - puppetserver Service Loaded: loaded (/usr/lib/systemd/system/puppetserver.service; disabled; vendor preset: disabled) Active: active (running) since Fri 2020-11-13 19:36:53 EST; 22s ago Process: 10616 ExecStop=/opt/puppetlabs/server/apps/puppetserver/bin/puppetserver stop (code=exited, status=0/SUCCESS) Process: 10788 ExecStart=/opt/puppetlabs/server/apps/puppetserver/bin/puppetserver start (code=exited, status=0/SUCCESS) Main PID: 10811 (java) Tasks: 40 (limit: 4915) CGroup: /system.slice/puppetserver.service └─10811 /usr/bin/java -Xms2g -Xmx2g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger -XX:OnOutOfMemoryError="kill -9 %p" -XX:ErrorFile=/var/log/puppetlabs/p... Nov 13 19:36:21 puppetmaster.example.com systemd[1]: puppetserver.service: control process exited, code=exited status=1 Nov 13 19:36:21 puppetmaster.example.com systemd[1]: Stopped puppetserver Service. Nov 13 19:36:21 puppetmaster.example.com systemd[1]: Unit puppetserver.service entered failed state. Nov 13 19:36:21 puppetmaster.example.com systemd[1]: puppetserver.service failed. Nov 13 19:36:21 puppetmaster.example.com systemd[1]: Starting puppetserver Service... Nov 13 19:36:53 puppetmaster.example.com systemd[1]: Started puppetserver Service. [root@puppetmaster ~]# ===Configure Slave=== After, we have restarted the master, we can start the agent on the puppetslavetwo server: [root@puppetslavetwo ~]# service puppet start Redirecting to /bin/systemctl start puppet.service [root@puppetslavetwo ~]# service puppet status Redirecting to /bin/systemctl status puppet.service ● puppet.service - Puppet agent Loaded: loaded (/usr/lib/systemd/system/puppet.service; disabled; vendor preset: disabled) Active: active (running) since Mon 2020-11-16 11:48:32 EST; 3min 6s ago Main PID: 1594 (puppet) Tasks: 2 CGroup: /system.slice/puppet.service └─1594 /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/puppet agent --no-daemonize Nov 16 11:48:32 puppetslavetwo.example.com systemd[1]: Started Puppet agent. Nov 16 11:48:39 puppetslavetwo.example.com puppet-agent[1594]: Starting Puppet client version 6.19.1 Nov 16 11:48:42 puppetslavetwo.example.com puppet-agent[1606]: Applied catalog in 0.02 seconds [root@puppetslavetwo ~]# ===Verification=== To verify, we can check both the master, if he signed it and/or check the agent --Check certificate [root@puppetmaster ~]# puppetserver ca list --all Signed Certificates: puppetmaster.example.com (SHA256) ED:77:D9:A2:F5:86:51:C3:98:F2:61:10:C6:38:14:A3:6B:0C:8D:31:A5:36:46:B4:7C:FC:6E:D7:5F:6E:F6:4B alt names: ["DNS:puppet", "DNS:puppetmaster.example.com"] authorization extensions: [pp_cli_auth: true] puppetslave.example.com (SHA256) A4:24:76:E7:3D:B8:5B:35:15:1D:79:61:6B:44:F7:1B:D8:B9:8A:03:C9:5B:C4:0D:10:23:8B:00:75:7F:9A:DA puppetslavetwo.example.com (SHA256) C2:99:06:28:F5:D5:22:1C:FB:0C:40:33:87:96:7C:87:DB:A0:ED:0B:EF:6A:4B:FB:55:B8:95:4B:70:B5:AD:72 --Log 2020-11-13T19:37:32.353-05:00 INFO [qtp1885695266-36] [p.p.certificate-authority] Signed certificate request for puppetslavetwo.example.com 2020-11-13T19:37:35.736-05:00 INFO [qtp1885695266-35] [puppetserver] Puppet Compiled catalog for puppetslavetwo.example.com in environment production in 0.36 seconds [root@puppetslavetwo ~]# puppet agent -tv Info: Using configured environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Retrieving locales Info: Caching catalog for puppetslavetwo.example.com Info: Applying configuration version '1605314475' Notice: Applied catalog in 0.02 seconds [root@puppetslavetwo ~]#