Puppet Enterprise 2017.3
- Overview
- Release notes
- New features
- Enhancements
- Deprecations and removals
- Known issues
- Installation and upgrade known issues
- Console and console services known issues
- Puppet Server known issues
- PuppetDB and PostgreSQL known issues
- Orchestration services known issues
- Puppet and Puppet services known issues
- Supported platforms known issues
- Razor known issues
- Code management known issues
- Internationalization known issues
- High availability known issues
- Resolved issues
- Getting started guides
- Installing
- Choosing an architecture
- System requirements
- What gets installed and where?
- Installing Puppet Enterprise
- Purchasing and installing a license key
- Installing agents
- Installing network device agents
- Installing compile masters
- Installing ActiveMQ hubs and spokes
- Installing PE client tools
- Installing external PostgreSQL
- Uninstalling
- Upgrading
- Configuring Puppet Enterprise
- Configuring and tuning your Puppet Enterprise infrastructure
- Configuring and tuning Puppet Server
- Configuring and tuning the console
- Configuring and tuning PuppetDB
- Configuring and tuning orchestration
- Configuring Java arguments for Puppet Enterprise
- Configuring ulimit for PE services
- Tuning monolithic installations
- Writing configuration files
- Analytics data collection
- Static catalogs in Puppet Enterprise
- Configuring high availability
- Accessing the console
- Managing access
- Inspecting your infrastructure
- Managing nodes
- Adding and removing nodes
- Running Puppet on nodes
- Grouping and classifying nodes
- Making changes to node groups
- Environment-based testing
- Preconfigured node groups
- Designing system configs: roles and profiles
- Node classifier service API
- Forming node classifier requests
- Groups endpoint
- Classes endpoint
- Classification endpoint
- Commands endpoint
- Environments endpoint
- Nodes endpoint
- Group children endpoint
- Rules endpoint
- Import hierarchy endpoint
- Last class update endpoint
- Update classes endpoint
- Validation endpoints
- Node classifier errors
- Managing Windows nodes
- Managing applications
- Orchestrating Puppet and tasks
- Running jobs with Puppet orchestrator
- Configuring Puppet orchestrator
- Direct Puppet: a workflow for controlling change
- Running Puppet on demand
- Running tasks
- Reviewing jobs
- Puppet orchestrator API v1 endpoints
- Puppet orchestrator API: forming requests
- Puppet orchestrator API: commands endpoint
- Puppet orchestrator API: events endpoint
- Puppet orchestrator API: inventory endpoint
- Puppet orchestrator API: jobs endpoint
- Puppet orchestrator API: tasks endpoint
- Puppet orchestrator API: root endpoint
- Puppet orchestrator API: error responses
- Managing and deploying Puppet code
- Managing environments with a control repository
- Managing environment content with a Puppetfile
- Managing code with Code Manager
- Managing code with r10k
- About file sync
- Provisioning with Razor
- SSL and certificates
- Regenerating certificates: monolithic installs
- Regenerating certificates: split installs
- Individual PE component cert regeneration (split installs only)
- Regenerate Puppet agent certificates
- Regenerate compile master certs
- Using an External Certificate Authority with Puppet Enterprise
- Use a custom SSL certificate for the console
- Generate a custom Diffie-Hellman parameter file
- Disable TLSv1 in PE
- Managing MCollective
- Maintenance
- Troubleshooting
The console uses a certificate signed by PE's built-in certificate authority (CA). Since this CA is specific to PE, web browsers don't know it or trust it, and you have to add a security exception in order to access the console. You may find that this is not an acceptable scenario and want to use a custom CA to create the console's certificate.
Before you begin
- You should have a X.509 cert, signed by the custom party CA, in PEM format, with matching private and public keys.
- If your custom cert is issued by an intermediate CA, the CA bundle needs to contain a complete chain, including the applicable root CA.
- The keys and certs used in this procedure must be in PEM format.
- Retrieve the custom certificate's public and private keys, and, for ease of use, name them as follows:
- public-console.cert.pem
- public-console.private_key.pem
- Add the files from step 1 to
/opt/puppetlabs/server/data/console-services/certs/.If you have a split install, this directory is on the console node. - Use the console to edit the parameters of the
puppet_enterprise::profile::consoleclass.- Click Classification, and in the PE Infrastructure group, select the PE Console group.
- On the Configuration tab, in the
puppet_enterprise::profile::consoleclass, add the following parameters:Parameter Value browser_ssl_cert/opt/puppetlabs/server/data/console-services/certs/public-console.cert.pembrowser_ssl_private_key/opt/puppetlabs/server/data/console-services/certs/public-console.private_key.pem - Commit changes.
- Run Puppet.If you have a split install, the Puppet run needs to happen on the PE console node.
You should now be able to navigate to your console and see the custom certificate in your browser.