When using puppet with vagrant, is it necessary after the first vagrant up to run the next vagrant up with --no-provision?

asked 2017-01-21 13:04:10 -0600

leeand00 gravatar image

I kept running into a problem with my puppet development environment in Vagrant which would bring up more than one VirtualBox Virtual Machine.

I use the shell provisioner to install puppet on the puppet master and the puppet client and this is run during the first vargrant up, I then allow each machine to see the others using /etc/hosts via the vagrant hostsupdater plugin.

Then I run sudo puppet apply site.pp on the Puppet Server; and run sudo puppet agent --server puppet-server --verbose --no-daemonize --waitforcert 10 --noop on the puppet client.

Then when the certificate shows up on the puppet server in the sudo puppet cert list, I sign the cert with sudo puppet cert <client-host-name>, the cert gets cached on the client;

Back on the client I run sudo puppet agent --server puppet-server --verbose --no-daemonize --waitforcert 10, and note that the changes are made to that machine.

Now the next thing I did was shutdown all of the machines using sudo shutdown -h now

And then previously when I would bring them back online with vagrant up the connection between the two would stop working, puppet citing some error about the certificates not matching.

But recently when I tried these steps again, I took a different way of doing it, instead of running vagrant up I ran vagrant up --no-provision second time the machines booted up, and it appears that the two can again communicate.

My theory is that the reason for this is that when the machines are re-provisioned the second time they are booted up excluding the --no-provision parameter the CA is re-generated, and thus it causes an issue because the two machines no longer have each others certificates.

Is this correct? It's been really annoying having to re-create the machines and setup puppet manually all the time.

Also is it possible for my vagrant SHELL provisioner to check if puppet has already been installed to automatically skip the re-installation of puppet if it is already installed?

Additionally, is there a way to automatically run the sudo puppet apply site.pp on the Puppet Server after installation and run sudo puppet agent --server puppet-server --verbose --no-daemonize --waitforcert 10 --noop on the puppet client, and back to the server to add the certificate, in the correct order using the shell provisioner?

P.S. Yes, I already know there is a puppet provisioner for vagrant, but I'm learning the client/server end of puppet.

edit retag flag offensive close merge delete