Puppet Plan: puppet::cert::sign

Defined in:
plans/cert/sign.pp

Summary

Signs node certificates on the Puppet server.

Overview

This Bolt plan executes the ‘puppetserver ca sign’ command for each specified node on the Puppet controller node, with the plan targets being the nodes themselves. It supports specifying either a list of nodes via the ‘targets` parameter or a single node by its certificate name (`certname`)

Parameters:

  • targets (TargetSpec)

    Nodes for which the certificate signing requests should be signed. This parameter is used unless a specific ‘certname` is provided.

  • server (Stdlib::Fqdn)

    The Puppet controller server(s) on which the certificates should be signed.

  • certname (Optional[String]) (defaults to: undef)

    Optional. The certificate name of a single node to sign. If specified, this takes precedence over the list of ‘targets`.



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'plans/cert/sign.pp', line 19

plan puppet::cert::sign (
  TargetSpec $targets,
  Stdlib::Fqdn $server,
  Optional[String] $certname = undef,
) {
  $server_name = get_targets($server)

  run_plan(facts, $targets)

  # By default, the certname of the node is the host's fully qualified domain name (FQDN), as
  # determined by Facter.
  if $certname {
    $nodes = [$certname]
  }
  else {
    $nodes = get_targets($targets).map |$node| { $node.facts['fqdn'] }
  }

  return run_plan('puppet::server::sign', 'targets' => $server_name, 'nodes' => $nodes)
}