Puppet
  • 28 Mar 2023
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Puppet

  • Dark
    Light
  • PDF

Article summary

Puppet is an open-source software configuration management tool.

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices

Parameters

  1. Server Name (required) - The hostname or IP address of the Puppet server along with port 8081.
  2. CA File (required) - The Certificate Authority certificate for the Puppet master instance.
  3. Certificate File (required) - The certificate file containing the public key for the keypair being used to authenticate. Please see instructions below for generating the certificate in Puppet.
  4. Private Key File (required) - The private key file for the certificate being used to authenticate.
  5. For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.

image.png

Advanced Settings

Note:

Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters

  1. Exclude IPv6 addresses (required, default: false) - Select whether to fetch IPv6 addresses.
    • If enabled, all connections for this adapter will fetch only IPv4 addresses.
    • If disabled, all connections for this adapter will fetch both IPv4 and IPv6 addresses.
  2. Exclude Loopback addresses (optional, default: false) - Select whether to exclude any loopback addresses from fetching devices.
  3. Enter prefix to fetch dynamic Puppet fields - Enter a prefix used on your system for dynamic Puppet fields. Axonius will then fetch all Puppet fields with this prefix and add them to the devices.
Note:

For details on general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.

Creating Certificate

It is highly recommended to create a dedicated certificate for the Puppet adapter. The name used for the certificate (“axonius" in this example), must be unique and not currently in use.
Please follow the steps below to generate a certificate in Puppet and upload the needed files to Axonius:

  1. Connect to the Puppet master instance with SSH.
  2. Run the following command to remove any previous instances of the certificate:
    sudo /opt/puppetlabs/bin/puppet cert clean axonius
  3. Run the following command to create the certificate:
    sudo /opt/puppetlabs/bin/puppet cert generate axonius
  4. Copy the following files to your workstation:
  • CA cert: /etc/puppetlabs/puppet/ssl/certs/ca.pem
  • Public key cert: /etc/puppetlabs/puppet/ssl/certs/axonius.pem
  • Private key file: /etc/puppetlabs/puppet/ssl/private_keys/axonius.pem (you will need to chmod the private key file to copy it)
  1. Upload the respective files to the Axonius adapter configuration page and click Save.

Certificate Permissions

In cases where there are certificate permission issues that require generating a new CA.
On Puppet v.6 and above, use the following commands:

  1. # Clear old certificate

    puppetserver ca clear axonius

  2. # Generate new certificate

    puppetserver ca generate --certname axonius

  3. Copy over the files (as described in step 4 above)

  4. Make sure that the certificate name is in the PuppetDB certificate-allowlist (by default, in /etc/puppetlabs/puppetdb/certificate-allowlist )

  5. Reload the PuppetDB to save the change to the certificate-allowlist:

    [sudo] puppetdb reload

Required Ports

  • Port 8081

Was this article helpful?