Ask Your Question

Create and Sign Certificates for Puppet Master

asked 2013-06-27 20:44:55 -0600

louis gravatar image


I am trying to automate the installation of a a new VM with a Puppet Master. I have everything setup with Passenger but i need to generate the certificates before starting httpd services.

class passenger{

  package { [ 'httpd','gcc','make','ruby-devel','gcc-c++','libcurl-devel','openssl-devel','zlib-devel','httpd-devel','apr-devel','apr-util-devel'] :
    ensure => installed,

  package { 'mod_ssl':
    ensure  =>  installed,
    require =>  Package['httpd']

  package { 'passenger':
    ensure   => installed,
    provider => gem,
    require  => [ Package['ruby-devel'],

  file { [ '/etc/puppet/rack','/etc/puppet/rack/public' ] :
    ensure => directory,
    mode   => '0755'

  file { 'config':
    name   =>  '/etc/puppet/rack ...
edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2013-06-28 14:12:13 -0600

louis gravatar image

Fixed with this guy.

exec {'generate-cert':
    creates   => '/var/lib/puppet/ssl/ca/puppetmaster.localdomain.pem',
    command   => '/usr/bin/puppet cert generate puppetmaster.localdomain',
    logoutput => true,
    before    => Exec['httpd-restart']
edit flag offensive delete link more

answered 2013-06-28 09:43:38 -0600

GregLarkin gravatar image

updated 2013-06-28 12:03:02 -0600

You are deploying a VM to be a Puppet master node, and when you first start the puppetmaster on that node, it will generate and sign a CA certificate. Puppet agents that contact the master will submit their certificate requests which then must be signed by the master.

If that not the problem you are trying to solve, please provide some additional details in your question.

This post describes a way to replace the Puppet CA certificate, and it should also work for your use case where you pre-generate the CA certificate. The post doesn't mention it, and I ... (more)

edit flag offensive delete link more


I get your point. But in this case would need to have the certificates in place before I start the puppet master. Unless i have an Exec resource somewhere and ...(more)

louis gravatar imagelouis ( 2013-06-28 10:13:13 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2013-06-27 20:44:55 -0600

Seen: 771 times

Last updated: Jun 28 '13