Puppet autosign certs

Hi @Inderpreet ,

I was assigned a task to configure autosign cert for nodes.
The task never said to configure it using ‘dns_alt_name’.

I successfully created the autosign and verified that its signed. But still the task failed with the below msg.

it seems like 'autosign' config file under '/etc/puppetlabs/puppet' is not configured properly as per 'dns_alt_name' on puppet master i.e Jump Server

I used the below autosign.conf

$ cat /etc/puppetlabs/puppet/autosign.conf
stapp01.stratos.xfusioncorp.com
stapp02.stratos.xfusioncorp.com
stapp03.stratos.xfusioncorp.com

Can you please recheck the question and confirm where in the question was it clear to use dns_alt_name?

If it’s a technical glitch then take a look at my task too. @KodeKloud

The task text seems to be truncated to me.
Screenshot from 2020-06-12 11-16-09
What was supposed to be after “All hosts are having”?

The task text seems to be truncated to me.

Agreed; looks like there was some text missing from the task directions.

@Inderpreet
I had similar problem with this task.

@Inderpreet same issue for me :frowning:

Thanks for reporting this guys, this question have been modified to fix issues. This task has been marked Pending for all users so you can give it an another try.

1 Like

Failed again with the below error …

Task Status - Failed
  • Make sure puppet has signed certificates for ‘master’ node as well as for all ‘agent’ nodes

image

Can someone help me understand what did I missed to get the task failed?

Same issue for me :

@kleansoul and @b.kamal , did you create a autosign.conf file?

Yes, as shown in the picture

Seems like master node i.e jump_host entry is missing in your autosign.conf which failed the task.

Thanks… Its worked for me.

@Inderpreet Please check my screenshot the jump_host entry is correct and visible. Still the task failed.

What he did mistake then @balu.networks7?

@Inderpreet

I’m able to generate certificates for stapp01 and stapp02 but for stapp03 it keeps on giving me following error:

Error: The certificate for ‘CN=stapp03.stratos.xfusioncorp.com’ does not match its private key
Error: Could not run: The certificate for ‘CN=stapp03.stratos.xfusioncorp.com’ does not match its private key

Any idea why?

This message i got :-- “Make sure puppet has signed certificates for ‘master’ node as well as for all ‘agent’ nodes”
@KodeKloud I guess i did config correctly and entry as well. Can you tell me what is the issue? something i missed? or validation check error?

I faced when i run from non sudo users. i mean to say without use sudo.

This is what I did:

  1. Added /etc/puppetlabs/puppet/autosign.conf

jump_host.stratos.xfusioncorp.com

stapp01.stratos.xfusioncorp.com

stapp02.stratos.xfusioncorp.com

stapp03.stratos.xfusioncorp.com

  1. And /etc/puppetlabs/puppet/puppet.conf:

[master]
dns_alt_names = jump_host.stratos.xfusioncorp.com,puppet

[main]
certname = jump_host.stratos.xfusioncorp.com
server = puppet
runinterval = 1h
strict_variables = true

In clients for example:

certname = stapp01.stratos.xfusioncorp.com
server = puppet
runinterval = 1h

  1. Added Hosts entries on Master and all Agents

@Inderpreet @kleansoul The task has been marked failed for me with the same message “Make sure puppet has signed certificates for ‘master’ node as well as for all ‘agent’ nodes”.

I have autosign.conf in the location /etc/puppetlabs/puppet/autosign.conf.

I added a line “*.stratos.xfusioncorp.com” to auto-assign the SSL certificate for any host from the domain xfusioncorp.com as instructed.

Please check.

Thanks.

Cheers,
Salim