Puppet Enterprise, agent nodes on different domains

Hi -

I don't really understand how PE treats domains.

I have a bunch of nodes on AWS all with one domain ( I also have another bunch of nodes elsewhere under a different domain (

Can I use one PE master to manage them? They are all part of my enterprise, just with different domains. Also, could I just use IPs instead of resolvable DNS fqdns?


Puppet uses SSL certificates for security. When a node requests a cert from the master, by default, the FQDN is used. Supporting multiple domains should be no problem because each node will get a unique cert.

You can specify what is used for the certificate name in the puppet.conf file, so if you don't want to use the FQDN, you could use something else as long as it's unique from other nodes.

Great answer, thanks a lot. I take it the SSL certs are self signed, not needing to be from an authority ?

The certs are signed by the puppet ca, which is usually the same machine as the master. They aren't self-signed, but they aren't signed by a recognized internet ...(more)

As lavaman said, the Puppet Master is typically the authority. When the master is installed, it generates a CA cert/key that are used to generate certs for the client nodes.

Thanks for sharing the informative answer

