Sectigo.com
Shop Enterprise Partners Resources

Configuring the integration

To use the integration package, you need to configure your directory structure and a number of other artifacts, and then you can start interacting with the software.

Extract the contents

  1. Switch to the root user using the sudo su command.

    sudo su

  2. Unzip the Puppet integration package and navigate to the Sectigo-Puppet-Integration directory.

  3. Copy the files from the Sectigo-Puppet-Integration/Sample/ directory to the /opt/puppetlabs/facter/facts.d directory.

    cp Sectigo-Puppet-Integration/Sample/* /opt/puppetlabs/facter/facts.d/

  4. Copy the child directories of the /Sectigo-Puppet-Integration/modules/sectigo_puppet_module directory to the /etc/puppetlabs/code/environments/production/modules/ directory.

    cp -r /Sectigo-Puppet-Integration/modules/sectigo_puppet_module /etc/puppetlabs/code/environments/production/modules/

  5. Copy the Sectigo-Puppet-Integration/manifests/site.pp file to the /etc/puppetlabs/code/environments/production/manifests/ directory.

    cp Sectigo-Puppet-Integration/manifests/site.pp /etc/puppetlabs/code/environments/production/manifests/

Configure the work directory structure

The manifest, Sample, and module directories that are included in the integration package contain all the files that are required by the Sectigo Puppet module. These directories must be placed in the /etc/puppetlabs/code/environment/<environment_name>/ directory on the master server.

Configure the Puppet master

Once you have the Puppet Server installed on your Linux system, you must configure the Facter path and Facter files. The Facter path should be /opt/puppetlabs/facter/facts.d/. By default, this path does not exist so you must create its directories and subdirectories manually. The Facter values are typically stored in a JSON file. The following is a sample Facter JSON configuration that is a part of the integration package.

{
    "sectigo_ssl_config": {
        "sectigo_cert_type":"ssl",
        "sectigo_ssl_cert_file_path":"/etc/ssl/",
        "sectigo_ssl_cert_file_name":"Sectigo_ssl",
        …
        }
}

When working on the master node, you must include the config_sample_account.json file and the config_sample_issue_ssl.json or config_sample_issue_client.json Facter files in your Facter directory (samples of these files are provided with the integration package).

If you are generating certificates on the Puppet master, you must set the generate_cert_on Facter value in the config_sample_account.json file to master.

If you intend to transfer SSL certificates from a Puppet master to a Puppet agent, then you must also include the config_sample_node_ssl.json file in your Facter directory and the fileserver.conf file in your Puppet environment directory typically located in the /etc/puppetlabs/puppet directory (samples of these files are provided with the integration package).

The path in the fileserver.conf file should match the path that you have specified in the sectigo_ssl_cert_file_path or sectigo_client_cert_file_path Facter value.

Configure the Puppet agent

Once you have the Puppet agent installed on your Linux system, you must also configure the Facter path and Facter files. The Facter path should be /opt/puppetlabs/facter/facts.d/. If the path does not exist, you must create its directories and subdirectories manually. The configuration of the Puppet agent depends on your use case. If you are planning to generate certificates on the Puppet master and then move them to the Puppet agent, you only need to configure the Facter values that are set in the config_sample_node_ssl.json (for SSL) sample file provided with the integration.

If you want to generate certificates and interact with SCM directly on the Puppet agent instead of using the Puppet master, then you must set the certificate issuance and account-related Facter values on your Puppet agent. These values are provided in the config_sample_account.json and config_sample_issue_ssl.json or config_sample_issue_client.json sample files, respectively.

If you are generating certificates on the Puppet agent, you must set the generate_cert_on Facter value in the config_sample_account.json file to node.

Define the account-based Facter values

The following shows how to define the account-based values in a different Facter file in JSON format as key:value pairs.

{
    "sectigo_account_config": {
        "sectigo_cm_user":"<your_username>",
        "sectigo_cm_password":"<your_password>",
        "sectigo_cm_uri":"<your_customer_uri>",
        "generate_cert_on":"<master/node>"
        }
}