We’ve covered a lot of ground already in our tutorials thus far. In Tutorial I we installed our Puppet server. In Tutorial II, the client, and in Tutorial III we configured the server and client to start communicating.
In this 4th installment, we’ll cover the signing of SSL certificates between your Puppet Master and Client, and running a simple test to ensure your setup is working and ready to function as a master=>slave pair.
On your server, be sure to start up the Puppet Master, so it can receive connections from outside sources, like so:
sudo service puppetmaster start sudo chkconfig puppetmaster on
Next, on your Puppet client, run a test run so the client will start, create an SSL certificate for the client host, and make an initial callout to the server. It will exit immediately, but the server will now know about the client, and we can sign the certificate over there.
puppet agent -t
When you run this command, the output should look something like this:
Now, SSH to your Puppet Master, and run the following command:
puppet cert –list
If everything has gone well, your server will have now seen your client and will report as much like so:
Finally, so sign the certificate so there is an SSL connection between the client and server, and all future Puppet actions between the two pass over that connection, simply sign the certificate request on the master as follows:
puppet cert sign puppetclient.example.com (or whatever your hostname is)
The server will sign the certificate and make a tabular listing of it in its database finalizing the connection. You can see this output by using the “list all” options as follows:
puppet cert list –all
and see the output which should resemble the following:
Now we’re ready to do work with Puppet. You can actually stop here and fully manage your site with Puppet, however there are several addons and feature-sets yet you can install to expand Puppet’s functionality. We will look at some of these tools in future installments.