Hi all, I have been trying to configure a number of puppet agents with certificates and keys that are pregenerated. In theory, this means putting the certs in the right place and starting puppet agent.
In practise this seems to be hard. After installing the "puppet" v3.4.3 package on ubuntu 14.04, a directory tree is created under /var/lib/puppet/ssl as follows: /var/lib/puppet/ssl /var/lib/puppet/ssl/private_keys /var/lib/puppet/ssl/public_keys /var/lib/puppet/ssl/certs /var/lib/puppet/ssl/private /var/lib/puppet/ssl/certificate_requests I place the key and cert in this tree expecting puppet to "do the right thing", but when I start puppet agent for the first time as below a new directory tree is created below /etc/puppet/ssl, new keys are created and all my pregenerated keys and certs are ignored: /etc/puppet/ssl /etc/puppet/ssl/private_keys /etc/puppet/ssl/private_keys/zonza-hogarth-dev-black-pup01.northeurope.azure.zonza.zone.pem /etc/puppet/ssl/public_keys /etc/puppet/ssl/public_keys/zonza-hogarth-dev-black-pup01.northeurope.azure.zonza.zone.pem /etc/puppet/ssl/certs /etc/puppet/ssl/private /etc/puppet/ssl/certificate_requests Is there a way to make puppet agent's behaviour predictable when it comes to certs and keys? Which directory is the one a puppet agent should be using, /etc/puppet/ssl or /var/lib/puppet/ssl? In all cases puppet is being run as root (with sudo). root@snip-brk01:~# sudo cat /etc/puppet/puppet.conf [main] certname = snip-pup01.snip server = snip-pup01.snip environment = dev runinterval = 1h Regards, Graham -- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c3da4c39-f739-4836-ae4c-b56e02b79ef4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
