Puppet Enterprise 2018.1
- Welcome to Puppet Enterprise® 2018.1.8
- Release notes
- New features
- Enhancements
- Deprecations and removals
- Known issues
- Installation and upgrade known issues
- High availability known issues
- PuppetDB and PostgreSQL known issues
- Puppet Server known issues
- Puppet and Puppet services known issues
- Supported platforms known issues
- Configuration and maintenance known issues
- Console and console services known issues
- Orchestration services known issues
- Permissions known issues
- SSL and certificate known issues
- Code management known issues
- Razor known issues
- Internationalization known issues
- Resolved issues
- What's new since PE 2016.4
- Getting started
- Installing
- Choosing an architecture
- System requirements
- What gets installed and where?
- Installing Puppet Enterprise
- Purchasing and installing a license key
- Installing agents
- Installing network device agents
- Installing compile masters
- Installing ActiveMQ hubs and spokes
- Installing PE client tools
- Enabling the PE tools repository
- Installing external PostgreSQL
- Uninstalling
- Upgrading
- Configuring Puppet Enterprise
- Configuring and tuning your Puppet Enterprise infrastructure
- Configuring and tuning Puppet Server
- Configuring and tuning the console
- Configuring and tuning PuppetDB
- Configuring and tuning orchestration
- Configuring proxies
- Configuring Java arguments for Puppet Enterprise
- Configuring ulimit for PE services
- Tuning monolithic installations
- Writing configuration files
- Analytics data collection
- Static catalogs in Puppet Enterprise
- Configuring high availability
- Accessing the console
- Managing access
- Inspecting your infrastructure
- Managing nodes
- Adding and removing nodes
- Running Puppet on nodes
- Grouping and classifying nodes
- Making changes to node groups
- Environment-based testing
- Preconfigured node groups
- Designing system configs: roles and profiles
- Node classifier service API
- Forming node classifier requests
- Groups endpoint
- Classes endpoint
- Classification endpoint
- Commands endpoint
- Environments endpoint
- Nodes check-in history endpoint
- Group children endpoint
- Rules endpoint
- Import hierarchy endpoint
- Last class update endpoint
- Update classes endpoint
- Validation endpoints
- Node classifier errors
- Managing applications
- Orchestrating Puppet and tasks
- Running jobs with Puppet orchestrator
- Configuring Puppet orchestrator
- Using Bolt
- Direct Puppet: a workflow for controlling change
- Running Puppet on demand
- Running tasks
- Writing tasks
- Reviewing jobs
- Puppet orchestrator API v1 endpoints
- Puppet orchestrator API: forming requests
- Puppet orchestrator API: command endpoint
- Puppet orchestrator API: events endpoint
- Puppet orchestrator API: inventory endpoint
- Puppet orchestrator API: jobs endpoint
- Puppet orchestrator API: scheduled jobs endpoint
- Puppet orchestrator API: plan jobs endpoint
- Puppet orchestrator API: tasks endpoint
- Puppet orchestrator API: root endpoint
- Puppet orchestrator API: error responses
- Managing and deploying Puppet code
- Provisioning with Razor
- SSL and certificates
- Regenerating certificates: monolithic installs
- Regenerating certificates: split installs
- Individual PE component cert regeneration (split installs only)
- Regenerate Puppet agent certificates
- Regenerate compile master certs
- Use the PE CA as an intermediate CA
- Use a custom SSL certificate for the console
- Change the hostname of a monolithic master
- Generate a custom Diffie-Hellman parameter file
- Disable TLSv1 in PE
- Managing MCollective
- Maintenance
- Troubleshooting
From time to time, you may encounter a situation in which you need to regenerate a certificate for a compile master. Perhaps there is a security vulnerability in your infrastructure that you can remediate with a certificate regeneration, or maybe you're receiving strange SSL errors on your compile master that are preventing you from performing normal operations.
Unless otherwise indicated, the following steps are performed on your compile master nodes.
- Log into the master of masters (MoM) as
root. - On the MoM, run
puppet cert clean <COMPILE MASTER HOSTNAME>. - Log into the compile master node as
root. - Back up the
/etc/puppetlabs/puppet/ssl/directory. Runcp -r /etc/puppetlabs/puppet/ssl/ /etc/puppetlabs/puppet/ssl_bak/.If something goes wrong, you can restore this directory to keep your deployment functioning. - Stop the Puppet agent, MCollective, and PXP agent services.
puppet resource service puppet ensure=stopped puppet resource service pe-puppetserver ensure=stopped puppet resource service mcollective ensure=stopped puppet resource service pxp-agent ensure=stopped - Delete the compile master's SSL directory. Run
rm -rf /etc/puppetlabs/puppet/ssl. - Remove the compile master's cached catalog. Run
rm -f /opt/puppetlabs/puppet/cache/client_data/catalog/<CERT NAME>.json. - Re-start the Puppet agent service and manually trigger a Puppet run, or wait for the next automatically scheduled run.
puppet resource service puppet ensure=running - Log into the MoM as
root. - On the MoM, sign the compile master's certificate request. Run
puppet cert --allow-dns-alt-names sign <compile master hostname>. - Log into the compile master as
root. - Run Puppet. PE performs a full catalog run, and the compile master will resume its role in your PE deployment.