Ubuntu UEC/EC2 Puppet Client Howto

Tags: , , , , , , , ,

Configuring an amazon EC2 image to associate itself with your puppet master on boot was once an involved manual process requiring custom boot scripts and hand-rolling your own AMI. With the UEC (Ubuntu Enterprise Cloud) AMIs this is much more straightforward. As long as you use an AMI from this list you’ll be able to pass information about the puppet master into the user-data field when booting the instance.

Simply modify the following and place it in the user-data field when booting your instance to automatically connect to your puppet master.

Note: indentation counts!

# This is an example file to automatically setup and run puppetd
# when the instance boots for the first time.
# Make sure that this file is valid yaml before starting instances.
# It should be passed as user-data when starting the instance.
 # Every key present in the conf object will be added to puppet.conf:
 # [name]
 # subkey=value
 # For example the configuration below will have the following section
 # added to puppet.conf:
 # [puppetd]
 # server=puppetmaster.example.org
 # certname=i-0123456.ip-X-Y-Z.cloud.internal
 # The puppmaster ca certificate will be available in 
 # /var/lib/puppet/ssl/certs/ca.pem
     server: "puppetmaster.mydomain.com"
     # certname supports substitutions at runtime:
     #   %i: instanceid 
     #       Example: i-0123456
     #   %f: fqdn of the machine
     #       Example: ip-X-Y-Z.cloud.internal
     # NB: the certname will automatically be lowercase as required by puppet
     certname: "%i-%f"
   # ca_cert is a special case. It won't be added to puppet.conf.
   # It holds the puppetmaster certificate in pem format. 
   # It should be a multi-line string (using the | yaml notation for 
   # multi-line strings).
   # The puppetmaster certificate is located in 
   # /var/lib/puppet/ssl/ca/ca_crt.pem on the puppetmaster host.
   ca_cert: |
     -----BEGIN CERTIFICATE-----
     -----END CERTIFICATE-----

That’s really all there is to it! Give the machine a few minutes to initialize and soon you will see a new certificate waiting to be signed by puppetca!

Thanks to this post.

Join the Conversation