what is the best way to bootstrap the puppet node/client automatically

4
votes

i have puppet master and node/agent setup configured manually. using the self signed certificates by master, all client nodes are bootstrapped and now they are under puppet master controlled. i mean registered with puppet master.

i have done this registration manually using commands like puppet cert sign and puppet agent --test and puppet cert list etc however, my question is, what is the best automatic way to bootstrap a particular node..

1: Is it recommended that , write shell script (on UNIX) and get these commands automated ? any better way ?

2: does puppet already provides an automated configuration/resource which i can simply call in someway and get node registered ?

please suggest.

Regards,

1
puppet
Recommendations on matters of opinion are off-topic on SO. This almost always applies to "what is the best way to ..." questions. As for what Puppet actually provides, I'm pretty sure Puppet Enterprise supports what you want, as do some third-party products, but OS Puppet does not. Specific product recommendations are, again, off-topic here. - John Bollinger
Thanks John. i feel, OS puppet also should have something. if not , need to dependent on some thirdparty libs. do u aware of any such lib which does that ? - user2315104
Well, you can turn on autosigning at the master. Perhaps that's close to what you're looking for, especially if you configure your name resolver to resolve the agent's default name for the master (puppet) to your actual master. There are all sorts of caveats around the safety of autosigning and around reusing machine names. Also, it's completely hands-off only if the agent's default configuration is sufficient to bootstrap it in your environment. - John Bollinger
Honestly, I use Ansible to do this in an orchestrated process across all of the nodes, no joke. Best way? No idea. Works well? Definitely yes. - Matt Schuchard
thanks. adding Ansible means adding another moving part in the pipeline. just for the bootstrapping, introducing Ansible does not really justify the presence of ansible. as i understand, Ansible and puppet are competitor to each other , so why they should exist in same pipeline. auto sign can be considered but it is security breach in some way i guess..... plz suggest Regards, - user2315104

1 Answers

0
votes

you can get very close to your goal with external node classifiers and autosigning

i used this to fully automate the process of creating and deploying virtual machines.