As your Puppet environment grows, manually signing certificates can become an issue. This is particularly true in cases where machines are being created automatically due to scaling, or because a cluster is expanding.
Puppet contains two primary methods to assist with this. They are basic autosign and policy-based autosign. In basic autosign, we give a list of hosts that we will sign certificates for. With policy-based autosign, we call an external script that allows us to determine whether a given certificate request is signed. We'll now cover these types of autosign methodologies and their potential use cases.
There exists a third type of autosign, which is used to simply tell the master to sign all certificates. It is known as naïve autosign. This should not be used except in certain test cases, so here, we'll cover only how to enable it. Besides, we're focusing on security, and in most cases, you can use at least basic autosign.
In these examples, we're going to...