puppet Certificate Automatic certification of learning summary
This article mainly introduces briefly puppet Certificate automatic authentication, due to manual authentication is more cumbersome. puppet installation is not described here, refer to the previous document "puppet Introduction and based on httpd instance Deployment".
First, the system environment
System Platform: centos6.6_x86_64
Host Planning:
192.168.115.21 puppet1.hnr.com Master
192.168.115.22 puppet2.hnr.com Agent
192.168.115.23 puppet3.hnr.com Agent
Second, clear the original certificate
If the original client has already checked the certificate, the following actions are required to empty the old certificate, otherwise the authentication will fail
1. Execute the following command on the server where "puppet2.hnr.com" is the relevant client host
# Puppet cert Clean puppet2.hnr.com
2. Execute the following command on the client
# Find/var/lib/puppet/ssl-name Puppet2.hnr.com.pem-delete
Third, Puppet Master server-side configuration
1. allow hosts for all hnr.com domains to automatically issue certificates
# vi/etc/puppet/autosign.conf
*.hnr.com
2. Modify fileserver.conf
grant to this file /etc/puppet/files permissions for the directory
# vi/etc/puppet/fileserver.conf
[Files]
Path/etc/puppet/files
Allow *.hnr.com
Four, Puppet Agent Client Configuration
1. increase the listening and specifying the server domain name
# vi/etc/puppet/puppet.conf
[Agent]
listen = true # Monitor 8139 Port
Server = Puppet 1 . hnr.com
2. Modify auth.conf
Allow Master initiating Kick command, in Path/ before increase
# vi/etc/puppet/auth.conf
Path/run
Method Save
Allow puppet 1 . hnr.com
v. Start the server and client puppet program
1. After the boot, view on the service side
650) this.width=650; "title=" 01.png "src=" http://s3.51cto.com/wyfs02/M02/6F/EA/wKioL1WtqVeCyk8SAAGKP14VShM835.jpg "alt=" Wkiol1wtqvecyk8saagkp14vshm835.jpg "/>
At this point, the certificate has been automatically certified complete
2. Execute the following command on the client
650) this.width=650; "title=" 02.png "src=" http://s3.51cto.com/wyfs02/M02/6F/EE/wKiom1Wtp4izmIT1AAGhoXH3bWQ481.jpg "alt=" Wkiom1wtp4izmit1aaghoxh3bwq481.jpg "/>
At this point, the client communicates properly with the server
This article is from the "Linux Road" blog, make sure to keep this source http://hnr520.blog.51cto.com/4484939/1676614
Puppet Learning Summary Certificate Automatic Certification