Puppet autosign certs

Hi @Inderpreet ,

I was assigned a task to configure autosign cert for nodes.
The task never said to configure it using ‘dns_alt_name’.

I successfully created the autosign and verified that its signed. But still the task failed with the below msg.

it seems like 'autosign' config file under '/etc/puppetlabs/puppet' is not configured properly as per 'dns_alt_name' on puppet master i.e Jump Server

I used the below autosign.conf

$ cat /etc/puppetlabs/puppet/autosign.conf
stapp01.stratos.xfusioncorp.com
stapp02.stratos.xfusioncorp.com
stapp03.stratos.xfusioncorp.com

Can you please recheck the question and confirm where in the question was it clear to use dns_alt_name?

If it’s a technical glitch then take a look at my task too. @Ayman

The task text seems to be truncated to me.

What was supposed to be after “All hosts are having”?

The task text seems to be truncated to me.

Agreed; looks like there was some text missing from the task directions.

@Inderpreet
I had similar problem with this task.

@Inderpreet same issue for me

Thanks for reporting this guys, this question have been modified to fix issues. This task has been marked Pending for all users so you can give it an another try.

Failed again with the below error …

Task Status - Failed

• Make sure puppet has signed certificates for ‘master’ node as well as for all ‘agent’ nodes

image758×564 90.3 KB

image674×558 88.6 KB

Can someone help me understand what did I missed to get the task failed?

Same issue for me :

autosign1875×946 255 KB

@kleansoul and @b.kamal , did you create a autosign.conf file?

Yes, as shown in the picture

Seems like master node i.e jump_host entry is missing in your autosign.conf which failed the task.

Thanks… Its worked for me.

@Inderpreet Please check my screenshot the jump_host entry is correct and visible. Still the task failed.

What he did mistake then @balu.networks7?

@Inderpreet

I’m able to generate certificates for stapp01 and stapp02 but for stapp03 it keeps on giving me following error:

Error: The certificate for ‘CN=stapp03.stratos.xfusioncorp.com’ does not match its private key
Error: Could not run: The certificate for ‘CN=stapp03.stratos.xfusioncorp.com’ does not match its private key

Any idea why?

Screenshot (123)1159×994 57.8 KB

Screenshot (124)1147×991 40.8 KB

Screenshot (125)1141×951 39 KB

This message i got :-- “Make sure puppet has signed certificates for ‘master’ node as well as for all ‘agent’ nodes”
@Ayman I guess i did config correctly and entry as well. Can you tell me what is the issue? something i missed? or validation check error?

I faced when i run from non sudo users. i mean to say without use sudo.

This is what I did:

1. Added /etc/puppetlabs/puppet/autosign.conf

jump_host.stratos.xfusioncorp.com

stapp01.stratos.xfusioncorp.com

stapp02.stratos.xfusioncorp.com

stapp03.stratos.xfusioncorp.com

2. And /etc/puppetlabs/puppet/puppet.conf:

[master]
dns_alt_names = jump_host.stratos.xfusioncorp.com,puppet

[main]
certname = jump_host.stratos.xfusioncorp.com
server = puppet
runinterval = 1h
strict_variables = true

In clients for example:

certname = stapp01.stratos.xfusioncorp.com
server = puppet
runinterval = 1h

3. Added Hosts entries on Master and all Agents

@Inderpreet @kleansoul The task has been marked failed for me with the same message “Make sure puppet has signed certificates for ‘master’ node as well as for all ‘agent’ nodes”.

I have autosign.conf in the location /etc/puppetlabs/puppet/autosign.conf.

I added a line “*.stratos.xfusioncorp.com” to auto-assign the SSL certificate for any host from the domain xfusioncorp.com as instructed.

Please check.

Thanks.

Cheers,
Salim