Difference between revisions of "Puppet"
From RiceFamily Wiki
Line 2: | Line 2: | ||
There is a group of Puppet clients that need to be upgraded before we can point them to the new Puppet Master. | There is a group of Puppet clients that need to be upgraded before we can point them to the new Puppet Master. | ||
+ | |||
+ | Autosigning appears to be enabled on the Puppet Master. I think we might want to adjust this at some point. It's considered insecure according to enable naive auto-signing : [https://docs.puppet.com/puppet/latest/reference/ssl_autosign.html#nave-autosigning documentation]. Currently, the autosign.conf file contains "*" which I understand to mean that EVERYONE is allowed to have their CSR auto-signed. | ||
= Useful Documentation Pages = | = Useful Documentation Pages = |
Revision as of 17:09, 19 October 2016
The current Puppet environment is running on a single instance server. We are not sure yet if we will stick with Puppet or switch to Ansible (or Ansible Tower), but in the mean time, it was decided that making the existing Puppet environment more resilient would be a good idea.
There is a group of Puppet clients that need to be upgraded before we can point them to the new Puppet Master.
Autosigning appears to be enabled on the Puppet Master. I think we might want to adjust this at some point. It's considered insecure according to enable naive auto-signing : documentation. Currently, the autosign.conf file contains "*" which I understand to mean that EVERYONE is allowed to have their CSR auto-signed.
Useful Documentation Pages
Tutorials from the Web
Things to remember
- RITM1393607 - Server Request for a fail over for the Puppet environment.
- TASK1852223 - Requested access to the current Puppet server