Puppet Certification Management

Before starting Puppet Certification Management, those who have missed the early posts can go through:
Start Automation with Puppet
Puppet Enterprise Stack
Puppet Enterprise Master Installation
Puppet Agent Installation
Puppet Master-Agent Communication Model

We have discussed about Facts, Catalog and Reports in our last post. Its time to understand how actually this works. We know Puppet is based on Master-Agent Model, which means it should have some robust communication mechanism which is provided by Puppet in the form of Certification Management.


Puppet Certification Management:

Puppet Master serves as a certification authority center for all connected clients. Whenever client wants to connect to the master for communication, client have to make sure it has a valid Puppet Certificate authorized and signed by Puppet Master server or else Puppet Master will refuse the connection request and hence no communication will happen. Now question comes we have Installed and Configured Puppet Master, we have also Installed and Configured Puppet Agent on Clients then how we can start the communication between Master and Client. The answers lie in the next step which will ensure the certification management and master-client communication.

Whenever we run puppet agent (puppet agent -tv) or start the puppet agent services on client for the “FIRST TIME” the client will:

Generate a new certification (which will be visible on CLI as well as on Console)

The Client sends the generated certificate to the master for approval (i.e certificate sign request)

The certificate can be signed from CLI or Console by Puppet Master

Once done run the puppet agent again and the communication will start.

Common CLI Commands:

puppet cert list (List outstanding certificates which are not signed)

puppet cert list –all (List all certificates)

puppet cert sign <certificate name> (Sign a certificate for communication)

puppet cert clean <certificate name> (Clean a certificate)

puppet help cert (help or man page for all certification management options)

This is all about Puppet Certification Management, this is the most important task in Puppet Setup and System Admins have to perform this to take any Puppet Client under Puppet Server for Continuous Deployment. In our next post we will learn about Puppet Resources to start a foundation for Puppet Coding.

Leave a Comment

Your email address will not be published.