Ask Your Question

Can I connect the puppet master server as a puppet client to another master server?

asked 2014-09-11 10:38:58 -0600

davidlin20001 gravatar image

We have an idea. We want to store the hiera data,puppet modules and other configure files in the center master server labeled "MasterOfMaster". Some puppet master servers labeled "Masterxxx" will locate in other cities.We will publish all the correct hiera data, puppet modules and other configure files from the "MasterOfMaster" master server to the other "MasterServer" servers. We do some tests. The puppet client in the same "MasterServer" servers cannot connect to the "MasterOfMaster" server, but it can connect to the own "MasterServer" server. Can we connect the puppet client in the master server to other master servers?

edit retag flag offensive close merge delete


I have ran into issues trying to attempt this due to CA issues. It can work if your 'MasterOfMasters' takes on the role of the CA server for the master connecting to it as well as the master connecting to it's nodes.

ptierno gravatar imageptierno ( 2014-09-11 19:43:51 -0600 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2014-09-12 05:01:54 -0600

We have the same idea. We call our "MasterOfMaster" puppetking.

The trick is to give the agent part and the master part of the 'MasterServer' different SSL directories, so you prevent any CA / SSL problems.

Here is the puppet.conf I used on the system on the puppetmaster ('MasterServer'), installed on the system named 'server01'. I installed Puppet Enterprise as an all-in-one / monolithic system, and after that adjusted the puppet.conf to below setup.

    certname = server01

    vardir = /var/opt/lib/pe-puppet
    logdir = /var/log/pe-puppet
    rundir = /var/run/pe-puppet
    basemodulepath = /etc/puppetlabs/puppet/modules:/opt/puppet/share/puppet/modules

    user  = pe-puppet
    group = pe-puppet
    archive_files = true
    archive_file_server = puppetking

    certname = puppetmaster
    ca_name = 'Puppet CA generated on suct2v100 at 2014-08-25 11:49:52 +0200'
    dns_alt_names = puppetmaster
    reports = console,puppetdb
    node_terminus = console
    ssl_client_header = SSL_CLIENT_S_DN
    ssl_client_verify_header = SSL_CLIENT_VERIFY
    storeconfigs = true
    storeconfigs_backend = puppetdb

    server = puppetking
    report = true
    classfile = $vardir/classes.txt
    localconfig = $vardir/localconfig
    graph = true
    pluginsync = true
    environment = production
    ssldir = /etc/puppetlabs/puppet/agent_ssl
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2014-09-11 10:38:58 -0600

Seen: 289 times

Last updated: Sep 12 '14