This module adds a Task for perform puppet cert signing.

For Puppet Enterprise users, this means you can allow users or admins to sign nodes without giving them SSH access to your Puppet master! The ability to run this task remotely or via the Console is gated and tracked by the RBAC system built in to PE.

This module is compatible with Puppet Enterprise and Puppet Bolt.

• To run tasks with Puppet Enterprise, PE 2017.3 or later must be used.

• To run tasks with Puppet Bolt, Bolt 0.5 or later must be installed on the machine from which you are running task commands. The master receiving the task must have SSH enabled.

With Puppet Enterprise 2017.3 or higher, you can run this task from the console or the command line.

Here's a command line example where we are signing the foo, bar, and baz nodes from the Puppet master, master.corp.net:

[abir@workstation]$ puppet task run cert_sign agent_certnames=foo,bar,baz -n master.corp.net

Starting job ...
New job ID: 24
Nodes: 1

Started on master.corp.net ...
Finished on node master.corp.net
  bar :
    result : Cert successfully signed for bar

  baz :
    result : Cert successfully signed for baz

  foo :
    result : Cert successfully signed for foo

Job completed. 1/1 nodes succeeded.
Duration: 6 sec

With Bolt, you can run this task on the command line like so:

bolt task run cert_sign agent_certnames=foo,bar,baz --nodes master.corp.net

• agent_certnames: A comma-separated list of Puppet agent certificate names.
• allow_dns_alt_names: Sign a certificate request even if it contains one or more alternate DNS names. Defaults to no.

NOTE: You can not specify all or --all in the agent_certnames parameter. Attempts to sign the Puppet master cert will be ignored.