Puppet 4.x and later stores the Puppet certificates under /var/lib/puppet/ssl rather than /etc/puppetlabs/puppet/ssl on running 'puppet agent -t'

Solution Verified - Updated 13 Jun 2024

Environment

Red Hat Enterprise Linux 7.x

Issue

Running the following command on a system with Puppet 4.x and later (for example while applying this solution) results in the Puppet certificates being stored under the /var/lib/puppet/ssl directory rather than the default /etc/puppetlabs/puppet/ssl for Puppet 4.x and later:

# puppet agent -t

Resolution

It depends on the system admin's preference whether to keep the ssldir parameter set in /etc/puppetlabs/puppet/puppet.conf, and take this into consideration when dealing with Puppet certificates on the system, or remove this parameter (or comment it out) in /etc/puppetlabs/puppet/puppet.conf to revert back to the default /etc/puppetlabs/puppet/ssl for Puppet 4.x and later.

For more KB articles/solutions related to Red Hat Satellite 6.x Puppet Issues, please refer to the Red Hat Satellite Consolidated Troubleshooting Article for Red Hat Satellite 6.x Puppet Issues

Root Cause

The following parameter is set in /etc/puppetlabs/puppet/puppet.conf on the system:

ssldir = /var/lib/puppet/ssl

SBR

SysMgmt

Product(s)

Red Hat Satellite

Components

puppet

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.