Puppet in action
Client-server communication is done using REST-like API calls on an SSL socket; basically, it's all HTTPS traffic from clients to the server's port 8140/TCP.
The first time we execute Puppet on a node, its x509 certificates are created and placed in ssldir
, and then the Puppet Master is contacted in order to retrieve the node's catalog.
On the Puppet Master, unless we have autosign
enabled, we must manually sign the client's certificates using the cert
subcommand:
puppet cert list # List the unsigned clients certificates puppet cert list --all # List all certificates puppet cert sign <certname> # Sign the given certificate
Once the node's certificate has been recognized as valid and been signed, a trust relationship is created, ...
Get Extending Puppet now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.