Ask Your Question
0

What client certificate does Puppet Master use with PuppetDB?

asked 2013-10-28 18:25:34 -0500

Joseph Carlos gravatar image

I am trying to set up PuppetDB and having some problems.

It appears that when a Puppet Master attempts to connect to the PuppetDB server, not only does the PuppetDB service authenticate itself with an SSL certificate, the PuppetDB service expects the Puppet Master to submit a client certificate.

What key-pair does the Puppet Master use when authenticating against PuppetDB? Can that key-pair be specified in a configuration file?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2013-10-29 08:40:16 -0500

The Puppet master uses its own host keys, generally this is the same as what the agent would use on the master:

# puppet master --configprint hostprivkey
/etc/puppet/ssl/private_keys/puppetdb1.vm.pem
# puppet master --configprint hostcert
/etc/puppet/ssl/certs/puppetdb1.vm.pem

As far as whether this can be configured, yes - you can override this in your puppet.conf using the configuration items above, however this changes the certificates the master will use itself. This is probably less of a problem with passenger.

Having said that, its very odd that changing this is going to fix your SSL ... (more)

edit flag offensive delete link more

Comments

The Puppet Master is a puppet client of a puppet system that does not use the same CA as it uses itself when acting as a Puppet Master. I need ...(more)

Joseph Carlos gravatar imageJoseph Carlos ( 2013-10-29 10:06:57 -0500 )edit

Short answer is "you can't". The code doesn't support it in the terminus. The long answer is either a) we modify the code to do this or b ...(more)

ken gravatar imageken ( 2013-10-29 15:41:09 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2013-10-28 18:25:34 -0500

Seen: 232 times

Last updated: Oct 29 '13