puppet自動認證授權

puppet自動授權認證後可以自動化地為每個agent簽發證書，不需要手動執行
在puppet服務端的主配置檔案中新增以下語句
[root@master puppet]# cat puppet.conf |grep autosign
    # Whether to enable autosign.  Valid values are true (which
    # autosigns any key request, and is a very bad idea), false (which
    # never autosigns any key request), and the path to a file, which
    # The default value is '$confdir/autosign.conf'.
    autosign = /etc/puppet/autosign.conf
    autosign = true
    autosign = /etc/puppet/autosign.conf
新增autosign.conf檔案
[root@master puppet]# cat autosign.conf
*.andy.com
允許所有andy.com域下的主機
刪除失效證書
puppet cert --clean agent3.andy.com
client端刪除認證
rm -rf /var/lib/puppet/ssl/*
重新請求證書
puppet agent --server master.andy.com --test