...
After a new puppetserver is installed it needs SSL-certificates which contains the puppetmaster name as an DNS-ALT name in addition to the nodes hostname. This certificate is not created manuallyautomatically, so the following procedure has to be performed on the new puppetmaster and the puppetca.
...
Code Block | ||
---|---|---|
| ||
root@newpuppetmaster:~# systemctl stop puppetserver root@newpuppetmaster:~# rm -r $(puppet master --configprint ssldir) root@puppetca:~# puppetpuppetserver certca clean --certname newpuppetmaster.fqdn.com root@newpuppetmaster:~# puppet agent --test --waitforcert 10 root@puppetca:~# puppetpuppetserver certca sign puppet2.sky.rothaugane.com --allow-dns-alt-names--certname newpuppetmaster.fqdn.com |
Deploy environments from shiftleader
After a new puppetserver is successfully installed, remember to deploy puppet environments to it from shiftleader