Puppet autosign certs

@Inderpreet Any update on this ? Did you checked? Can you please update.

Thank you in advance for your assistance!

I got this error message even though all the certificates were automatically signed:

  • it seems like ‘autosign’ config file under ‘/etc/puppetlabs/puppet’ is not configured properly on puppet master i.e Jump Server

I configured autosign to be true in the puppet.conf file and updated the /etc/hosts files on each host with the dns entries puppet and puppet.stratos.xfusioncorp.com appended to the jump host line.

Hello guys,
any ideas why only stapp03 agent is not getting the certs:

[root@stapp03 ~]# puppet agent -t
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for stapp03.stratos.xfusioncorp.com
Info: Certificate Request fingerprint (SHA256): 28:66:E5:3E:CE:B8:82:2C:14:46:BC:93:B0:09:DF:F1:BD:A8:AC:DE:09:83:F1:49:1E:93:EC:E2:98:8F:32:D3
Info: Downloaded certificate for stapp03.stratos.xfusioncorp.com from https://puppet:8140/puppet-ca/v1
Error: The certificate for ‘CN=stapp03.stratos.xfusioncorp.com’ does not match its private key
Error: Could not run: The certificate for ‘CN=stapp03.stratos.xfusioncorp.com’ does not match its private key

@Nautilus have you managed to fix your issue with app server 3? I am getting same issue?

did you configured the hosts file in stapp03 ? what about the autosign.conf file ?

yes both were configured properly. I managed to fix the issue, but the tasks was really glitchy. I tried couple of times, always same config, for some weird reasons one server wasn’t getting it properly. last time I tried same config everything worked.

@kleansoul @Salim this is marked as Success for you.

1 Like

@Inderpreet thank you.

@nashwan on stapp03 can you please check if there is a correct entry for puppet master node alias puppet in /etc/hosts file?

@Tej-Singh-Rana Do you have any screenshots for your task ? Please share the same if you have.

Thanks @Inderpreet . Will you kindly restore the bonus points as well for the same task as I completed it within 12min. Thank you once again for your response :slightly_smiling_face:

@Inderpreet please check the issue for me as well. The bonus points have disappeared for my two tasks!

Setup Puppet Cert Autosing (150 points)

Linux Nginx as Reverse Proxy (150 points)

I appreciate the hard work :slightly_smiling_face:

Cheers,
Salim

Dear @Inderpreet,

It has been a while I have not received any update from you. Still, the bonus points for the below tasks have not been restored.

150 points!

150 points!

Regards,
Salim

Same with my task, no bonus points restored … loss of 150 points!

Hi @balu.networks7 , @Tej-Singh-Rana ,@inderpreet for the host entries on master and the app servers , do you just add the alias as puppet to the existing jump host entries as below or
On master /etc/hosts:

root@jump_host etc]# cat hosts
127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.16.238.10   stapp01.stratos.xfusioncorp.com
172.16.238.11   stapp02.stratos.xfusioncorp.com
172.16.238.12   stapp03.stratos.xfusioncorp.com
172.16.239.2    jump_host.stratos.xfusioncorp.com jump_host **puppet**
172.16.238.3    jump_host.stratos.xfusioncorp.com jump_host **puppet**

On app server1 /etc/hosts:

[tony@stapp01 etc]$ cat hosts
127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.16.238.3    jump_host.stratos.xfusioncorp.com **puppet**
172.16.239.4    stapp01.stratos.xfusioncorp.com stapp01
172.16.238.10   stapp01.stratos.xfusioncorp.com stapp

Actually I have used both. 172.16.239.2 and 172.16.238.3

Hi @Tej-Singh-Rana , but is my /etc/hosts setup correct ,ie, do i just add puppet to the existing entries as shown above ?

127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.16.238.3 jump_host.stratos.xfusioncorp.com
172.16.239.4 stapp01.stratos.xfusioncorp.com stapp01
172.16.238.10 stapp01.stratos.xfusioncorp.com stapp01
172.16.239.2 jump_host.stratos.xfusioncorp.com jump_host puppet
172.16.238.3 jump_host.stratos.xfusioncorp.com jump_host puppet

should be like this.

Thanks @Tej-Singh-Rana , will try like that

@Salim @kleansoul points issue should be resolved for you guys now.

2 Likes