Puppet agent certs: do they live in /etc/puppet/ssl or /var/lib/puppet/ssl?
21 views
Skip to first unread message
Graham Leggett
Aug 10, 2015, 12:37:10 PM8/10/15
to Puppet Users
Hi all,
I have been trying to configure a number of puppet agents with certificates and keys that are pregenerated. In theory, this means putting the certs in the right place and starting puppet agent.
In practise this seems to be hard.
After installing the "puppet" v3.4.3 package on ubuntu 14.04, a directory tree is created under /var/lib/puppet/ssl as follows:
/var/lib/puppet/ssl
/var/lib/puppet/ssl/private_keys
/var/lib/puppet/ssl/public_keys
/var/lib/puppet/ssl/certs
/var/lib/puppet/ssl/private
/var/lib/puppet/ssl/certificate_requests
I place the key and cert in this tree expecting puppet to "do the right thing", but when I start puppet agent for the first time as below a new directory tree is created below /etc/puppet/ssl, new keys are created and all my pregenerated keys and certs are ignored:
/etc/puppet/ssl
/etc/puppet/ssl/private_keys
/etc/puppet/ssl/private_keys/zonza-hogarth-dev-black-pup01.northeurope.azure.zonza.zone.pem
/etc/puppet/ssl/public_keys
/etc/puppet/ssl/public_keys/zonza-hogarth-dev-black-pup01.northeurope.azure.zonza.zone.pem
/etc/puppet/ssl/certs
/etc/puppet/ssl/private
/etc/puppet/ssl/certificate_requests
Is there a way to make puppet agent's behaviour predictable when it comes to certs and keys? Which directory is the one a puppet agent should be using, /etc/puppet/ssl or /var/lib/puppet/ssl?
In all cases puppet is being run as root (with sudo).
root@snip-brk01:~# sudo cat /etc/puppet/puppet.conf
[main]
certname = snip-pup01.snip
server = snip-pup01.snip
environment = dev
runinterval = 1h
Regards,
Graham
--
I have been trying to configure a number of puppet agents with certificates and keys that are pregenerated. In theory, this means putting the certs in the right place and starting puppet agent.
In practise this seems to be hard.
After installing the "puppet" v3.4.3 package on ubuntu 14.04, a directory tree is created under /var/lib/puppet/ssl as follows:
/var/lib/puppet/ssl
/var/lib/puppet/ssl/private_keys
/var/lib/puppet/ssl/public_keys
/var/lib/puppet/ssl/certs
/var/lib/puppet/ssl/private
/var/lib/puppet/ssl/certificate_requests
I place the key and cert in this tree expecting puppet to "do the right thing", but when I start puppet agent for the first time as below a new directory tree is created below /etc/puppet/ssl, new keys are created and all my pregenerated keys and certs are ignored:
/etc/puppet/ssl
/etc/puppet/ssl/private_keys
/etc/puppet/ssl/private_keys/zonza-hogarth-dev-black-pup01.northeurope.azure.zonza.zone.pem
/etc/puppet/ssl/public_keys
/etc/puppet/ssl/public_keys/zonza-hogarth-dev-black-pup01.northeurope.azure.zonza.zone.pem
/etc/puppet/ssl/certs
/etc/puppet/ssl/private
/etc/puppet/ssl/certificate_requests
Is there a way to make puppet agent's behaviour predictable when it comes to certs and keys? Which directory is the one a puppet agent should be using, /etc/puppet/ssl or /var/lib/puppet/ssl?
In all cases puppet is being run as root (with sudo).
root@snip-brk01:~# sudo cat /etc/puppet/puppet.conf
[main]
certname = snip-pup01.snip
server = snip-pup01.snip
environment = dev
runinterval = 1h
Regards,
Graham
--
Reply all
Reply to author
Forward
0 new messages