Try Puppet 
Search Puppet.com
Why Puppet

Puppet is the industry standard for IT automation.

Manage and automate more infrastructure and complex workflows in a simple, yet powerful way.

Customers
Open source
Cloud & Hybrid Automation

Accelerate your cloud journey with an enterprise automation platform for your hybrid estate.

Continuous Compliance

Enforce compliance across hybrid infrastructure with policy as code and model-driven automation.

Scaling DevOps

Modernize faster with Puppet DevOps consulting and infrastructure as code.

Use Cases
Integrations
Products
Pricing & PackagingGet Puppet Enterprise

First 10 Nodes are free!

Custom consulting services

Get you up and running quickly with a custom solution that addresses your unique business goals and easily allows for growth as your needs evolve.

Professional services
TrainingOpen source
Support
Puppet Compass Logo
Puppet Compass

Puppet Compass is your source for tools and best practices to address common business challenges.

Get Started
Resource library
State of DevOps Report

Since launching our first DevOps survey in 2012, we’ve learned a lot about the power of DevOps to transform organizations.

Puppet Events
Join us for a Puppet event

It's our community that makes Puppet great. Connect with Puppet users and employees.

Virtual Events
Puppet Community
Connect
Puppet Events
About Us

Puppet frees you to do what robots can’t. We make automation software because you’ve got better things to do.

Company
Press & news
Our voiceWorking at Puppet

Certificates and DNS configuration

Amazon Web Services Marketplace Image1.0
Sections

Using the master's private EC2 hostname, PE generates certificates which include the master's public EC2 hostname and puppet as alternate DNS names.

For more information about EC2 hostnames, see the EC2 hostname or IP address troubleshooting topic.

Managing EC2 nodes by their private hostname (rather than the public hostname) keeps their hostnames consistent if, for example, the node is resized or changed to a different EC2 instance type. This requires less work when administering a PE managed VPC.

Changing the master's hostname and regenerating certificates

While not recommended, you can change the hostname of your Puppet master and use this hostname to generate new PE certificates. Do this before you connect any agents to the master.

Note: These instructions are specific to the PE installation contained in this AMI and include some minor variations and simplifications of the instructions outlined in the PE documentation.
  1. Connect to the master by running:
    ssh -i ~/.ssh/<EC2-KEYPAIR-PRIVATE>.pem puppetadmin@<EC2-PUBLIC-HOSTNAME>
  2. Wait for PE configuration to complete and run the check_status.sh script to confirm its status:
    /opt/puppetlabs/aws/bin/check_status.sh --wait
  3. Stop all PE services by running:
    sudo /usr/local/bin/puppet resource service puppet ensure=stopped
sudo /usr/local/bin/puppet resource service pe-puppetserver ensure=stopped
sudo /usr/local/bin/puppet resource service pe-activemq ensure=stopped
sudo /usr/local/bin/puppet resource service mcollective ensure=stopped
sudo /usr/local/bin/puppet resource service pe-puppetdb ensure=stopped
sudo /usr/local/bin/puppet resource service pe-postgresql ensure=stopped
sudo /usr/local/bin/puppet resource service pe-console-services ensure=stopped
sudo /usr/local/bin/puppet resource service pe-nginx ensure=stopped
sudo /usr/local/bin/puppet resource service pe-orchestration-services ensure=stopped
sudo /usr/local/bin/puppet resource service pxp-agent ensure=stopped
  4. Copy the SSL certificate directory (/etc/puppetlabs/puppet/ssl/) to a backup location. Should anything go wrong during this process, you can restore certificates and your PE installation.
    sudo mv /etc/puppetlabs/puppet/ssl /etc/puppetlabs/puppet/ssl.backup
  5. Delete the local cached catalog, which will be invalidated by the new hostname, by running:
    sudo rm -f /opt/puppetlabs/puppet/cache/client_data/catalog/*
  6. Set the Puppet master's new hostname. This depends on your configuration, and could be as simple as following these instructions, or this might entail configuring a DNS service like AWS's Route 53.
    1. Set the hostname: sudo hostnamectl set-hostname <NEW-MASTER-HOSTNAME>
    2. Add the hostname to /etc/hosts
    3. Add preserve_hostname: true to the main section of /etc/cloud/cloud.cfg, for example, immediately below disable_root: 1
  7. Verify that the master and agents can resolve the new hostname. Puppet must be able to contact this hostname to connect to PE services and complete the certificate generation process.
    ping <NEW-MASTER-HOSTNAME>
  8. Edit the master's /etc/puppetlabs/puppet/puppet.conf file and set the certname parameter in both the [main] and [master] sections to the new hostname.
    Note: For best compatibility, limit the certname to letters, numbers, periods, underscores, and dashes.
  9. Optional. To also include alternate DNS names, edit /etc/puppetlabs/enterprise/conf.d/pe.conf and set pe_install::puppet_master_dnsaltnames to a list of desired alternate hostnames.
    Note: If you want to change the alternate DNS names on the master later, you must repeat all of these steps.
  10. Remove the contents of the config files so Puppet can regenerate them with the new hostname:
    echo '' > /etc/puppetlabs/nginx/conf.d/proxy.conf
echo '' > /etc/puppetlabs/nginx/conf.d/http_redirect.conf
echo '' > /etc/puppetlabs/puppetdb/certificate-whitelist
echo '' > /etc/puppetlabs/console-services/rbac-certificate-whitelist
echo '<beans></beans>' > /etc/puppetlabs/activemq/activemq.xml
  11. Remove the old hostname from /etc/puppetlabs/puppet/autosign.conf.
  12. Use the Puppet Enterprise module to regenerate certificates and restart PE services. (The --no-recover and --modulepath options are required.)
    sudo /usr/local/bin/puppet infrastructure configure --no-recover --modulepath /opt/puppetlabs/server/data/enterprise/modules
  13. Remove the former master hostname from the list of PE managed nodes by running:
    sudo /usr/local/bin/puppet node purge <FORMER-MASTER-HOSTNAME>
  14. Start a local agent run on the master by running:
    sudo /usr/local/bin/puppet agent -t
  15. To confirm the master's certname, run:
    sudo /usr/local/bin/puppet config print certname
Results

For more information about parameters for configuring and tuning the Puppet master, see the supported PE versions topic. Refer to the PE configuration settings for the PE version you are currently using.

See an issue? Please file a JIRA ticket in our [DOCUMENTATION] project.
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.