Splitting CA component off puppet master

Posted by Dennis LeMioux on Server Fault See other posts from Server Fault or by Dennis LeMioux
Published on 2012-10-15T02:32:13Z Indexed on 2012/10/15 3:42 UTC
Read the original article Hit count: 421

Filed under:

puppet

We are scaling our puppet infrastructure and would like to split off the CA component from the puppet master server to another server. Part of the change involves a servername change for the puppetmaster too. I'm no puppet expert but i'm at a point where I -think- we need to create a SAN cert with both the old and new names in it (to be safe), and then re-sign all the agent nodes all over again which is going to be a royal PITA. Is there a quicker/smarter way to do this? We already have hundreds of agent nodes out there and individually re-signing them will be an arduous task.

Related posts about puppet

migrating puppet clients to a new puppet master (old puppet master server gone, only using backup)

as seen on Server Fault - Search for 'Server Fault'
My puppet master server had a hardware failure, and I have restored to another box. However this box has different hardware and hostname. If I restore the existing /etc/puppet directory to the new server, the puppetmaster will not start with the following error; # puppetmasterd --debug --verbose Could… >>> More
puppet rspec no such file to load -- rspec-puppet (LoadError)

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have no prior experience at all of ruby. I am not interested in ruby (and so have no knowledge of rails etc) as such but am using puppet to manage a group of servers. I have written some modules and the rspec-puppet system looks like it would be very useful. However, I cannot get rspec-puppet… >>> More
Puppet: Making Windows Awesome Since 2011

as seen on Geeks with Blogs - Search for 'Geeks with Blogs'
Originally posted on: http://geekswithblogs.net/robz/archive/2014/08/07/puppet-making-windows-awesome-since-2011.aspxPuppet was one of the first configuration management (CM) tools to support Windows, way back in 2011. It has the heaviest investment on Windows infrastructure with 1/3 of the platform… >>> More
What causes this logrotate behavior in Puppet?

as seen on Server Fault - Search for 'Server Fault'
After running logrotate, Puppet starts writing it's logs into /var/log/puppet/masterhttp.log-20130616. How come it doesn't keep logging in /var/log/puppet/masterhttp.log? It seems normal behavior is renaming the original log-file and start with a clean fresh log-file to start writing in that log… >>> More
solved: puppet master REST API returns 403 when running under passenger works when master runs from command line

as seen on Server Fault - Search for 'Server Fault'
I am using the standard auth.conf provided in puppet install for the puppet master which is running through passenger under Nginx. However for most of the catalog, files and certitifcate request I get a 403 response. ### Authenticated paths - these apply only when the client ### has a valid certificate… >>> More

Developer IT