Ask Your Question

DNS_ALT_NAME or Loadbalance traffic between 2016.4 Puppet master and 3.8 Puppet Master

asked 2017-02-11 15:33:32 -0600

winningpanthers gravatar image

Can someone please help/advise?

I am trying to migrate Puppet to 2016, but would like to explore either changing DNS/CNAME from old to new server or use a loadbalancer. How do I migrate DNSALTNAME certificate or configuration from Old to New Puppetmaster? I would like to avoid making any changes to the Puppet.conf file on the agents. Is this possible?

Temporarily I would like to have some agents talk to new PM using either Loadbalancer or DNSALTNAME.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2017-02-12 15:30:56 -0600

MichaelSmith gravatar image

If your old Puppetmaster has DNSALTNAME set (say, to "puppet"), then this is easy. Ensure your new Puppetmaster gets the same DNSALTNAME in its certificate. Something like puppet cert generate <puppet master's certname> --dns_alt_names=<comma-separated list of DNS names> run on your new master (pointing at the old) should allow you to setup the new with DNSALTNAMES using the old CA. seems like it directly applies. If using PE, you may want to look at instead. seems like a similar problem that might help if you run into issues. If you have the option, you'll likely want to make your new Puppetmaster refer to the old one as its certificate authority. If you want to migrate your CA, then may also help.

edit flag offensive delete link more


Thank you. I have already copied the ssldir contents according to the Puppet E migration documentation.

winningpanthers gravatar imagewinningpanthers ( 2017-02-12 20:56:17 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2017-02-11 15:33:32 -0600

Seen: 76 times

Last updated: Feb 12 '17