When using puppet with vagrant, is it necessary after the first vagrant up to run the next vagrant up with --no-provision?
I kept running into a problem with my puppet development environment in Vagrant which would bring up more than one VirtualBox Virtual Machine.
I use the shell provisioner to install puppet on the puppet master and the puppet client and this is run during the first
vargrant up, I then allow each machine to see the others using /etc/hosts via the
vagrant hostsupdater plugin.
Then I run
sudo puppet apply site.pp on the Puppet Server; and run
sudo puppet agent --server puppet-server --verbose --no-daemonize --waitforcert 10 --noop on the puppet client.
Then when the certificate shows up on the puppet server in the
sudo puppet cert list, I sign the cert with
sudo puppet cert <client-host-name>, the cert gets cached on the client;
Back on the client I run
sudo puppet agent --server puppet-server --verbose --no-daemonize --waitforcert 10, and note that the changes are made to that machine.
Now the next thing I did was shutdown all of the machines using
sudo shutdown -h now
And then previously when I would bring them back online with
vagrant up the connection between the two would stop working, puppet citing some error about the certificates not matching.
But recently when I tried these steps again, I took a different way of doing it, instead of running
vagrant up I ran
vagrant up --no-provision second time the machines booted up, and it appears that the two can again communicate.
My theory is that the reason for this is that when the machines are re-provisioned the second time they are booted up excluding the
--no-provision parameter the CA is re-generated, and thus it causes an issue because the two machines no longer have each others certificates.
Is this correct? It's been really annoying having to re-create the machines and setup puppet manually all the time.
Also is it possible for my vagrant SHELL provisioner to check if puppet has already been installed to automatically skip the re-installation of puppet if it is already installed?
Additionally, is there a way to automatically run the
sudo puppet apply site.pp on the Puppet Server after installation and run
sudo puppet agent --server puppet-server --verbose --no-daemonize --waitforcert 10 --noop on the puppet client, and back to the server to add the certificate, in the correct order using the shell provisioner?
P.S. Yes, I already know there is a puppet provisioner for vagrant, but I'm learning the client/server end of puppet.