1 August 2015

Puppet multiple agents with same hostname issue

I have some servers in  my test environment which they have same hostanme.
It is kind of contradict to add them to puppet master as agents send certificate to be signed to master based on their hostnames. So if 2 servers have same hostname, they generate same certificate name and send to puppet master which obviously there is no way for master to differentiate them.

Solution:
We can define the certificate name for agent in its puppet config file, so we can give different certname than the hostname, and master can see those agents as though they have different hostnames.


1. Delete current agent certificates:

# rm -rf /var/lib/puppet/ssl/*


2. Define the certificate name in agent puppet config. If agent's hostname is client.example.com then:

# echo "certname=clientX.example.com" >> /etc/puppet/puppet.conf 


3. Restart puppet service in agent node:

# /etc/init.d/puppet restart


4. You should see new certificate ready to be signed in master with the "clientX" certificate name you have defined for "client" node:

# puppet cert list -all|grep clientX
  "clientX"                 (SHA256) D3:CA:74:4A:49:05:E6:8F:4C:64:A4:0E:D7:30:FD:EC:6A:24:C1:95:0C:58:2F:E0:8A:FE:93


5. So sign it and "client" node is ready to be managed by puppet master:

# puppet cert sign --all
Notice: Signed certificate request for clientX
Notice: Removing file Puppet::SSL::CertificateRequest clientX at '/var/lib/puppet/ssl/ca/requests/clientX.pem'





No comments:

Post a Comment