Aus immerda

Inhaltsverzeichnis 1 Installation and configuration 1.1 Client 1.2 how to set up certificates for a new node $nodefqdn 1.2.1 on the puppetmaster 1.2.2 on the new client node ($nodefqdn) 2 CentOS 3 Debian 3.1 tutorials

• Homepage
• Introduction
• Redhat Introduction
• Puppet on we.riseup.net
• Debugging Puppet

Installation and configuration

Client

• install the package
• client run

puppetd --server $server --waitforcert 60 --test

• server run

puppetca --list

• see the requested cert and run

puppetca --sign $client

• on the client again run:

puppetd --server $server --waitforcert 60 --test

• restart the daemon

how to set up certificates for a new node $nodefqdn

on the puppetmaster

• generate cert for client fqdn

# puppetca --generate $nodefqdn

• get the cert from /var/lib/puppet/ssl/certs/$nodefqdn.pem
• get the private key from /var/lib/puppet/ssl/private_keys/$nodefqdn.pem
• get the public key from /var/lib/puppet/ssl/public_keys/$nodefqdn.pem
• get the ca from /var/lib/puppet/ssl/certs/ca.pem

on the new client node ($nodefqdn)

• copy the cert to /var/lib/puppet/ssl/cert/$nodefqdn.pem
• copy the ca to /var/lib/puppet/ssl/cert/ca.pem
• copy the private key to /var/lib/puppet/ssl/private_keys/$nodefqdn.pem
• copy the public key to /var/lib/puppet/ssl/public_keys/$nodefqdn.pem
• test:

# puppetd --test --verbose

CentOS

• Repo: http://people.redhat.com/dlutter/yum/dlutter.repo
• define server in /etc/sysconfig/puppet

Debian

tutorials

• http://www.debian-administration.org/articles/526
• http://www.debian-administration.org/articles/528