Accessing Console in Puppet

Accepting the console's certificate

The console is a website over SSL on whichever port you choose when installing the console component. Your regional Puppet certificate authority issues the SSL certificate used by the console. You must create a security exception to access the console because web browsers won't recognize or accept this authority because it is unique to your site.

It is okay to add a security exception for the console. Your web browser alerts you that the console hasn't had its identification confirmed by one of the outside organizations it is aware of, but it doesn't make it unreliable. The authority certifying the site is you because the administrator at your site, have complete control over certification of the Puppet certificate authority signs.

When your browser flags the certificate authority as invalid or unknown:

• In Chrome, click Advanced, then Proceed.
• In Firefox, click Advanced, then Add exception.
• In Microsoft Edge, click Continue.
• In Safari, click Continue.

Logging in

Use the username/password when installing PE if you are an administrator configuring or accessing the PE interface for the first time. Otherwise, request credentials from the administrator of your website.
Don't let your browser save the login information because the console is the primary control point for your infrastructure.

Generate a user password reset token

You must create a password reset token when users forget their passwords or lock themselves out of the console by repeatedly entering the wrong information. Follow the following steps.

• Click the Users tab on the Access control page of the console.
• To request a token for a password reset, click the user's name.
• Copy the link after selecting Generate password reset, then send it to the user.

Reset the console administrator password

Reset the password from the command line running console services if you cannot get in as admin.

puppet infrastructure console_password --password=<MY_PASSWORD>

Troubleshooting PE admin account access

• The PE admin account can't log in if your directory has multiple users with admin as their login name.
• If you are logged out, ask another user to Generate a user password reset token for the admin user.
  You can use the following code to achieve the same.
   

type_header='Content-Type: application/json'
cert="$(puppet config print hostcert)"
cacert="$(puppet config print localcacert)"
key="$(puppet config print hostprivkey)"
uri="https://$(puppet config print server):4433/rbac-api/v1/ds"
data='{}'

curl --header "$type_header" --cert "$cert" --cacert "$cacert" --key "$key" --request PUT "$uri" --data "$data"

Create a custom login disclaimer

To the console login page, you can add a unique banner. You may, for instance, include a warning about the usage of any personally identifiable information found in the console.

The use of a disclaimer.txt file for your unique disclaimer is described in these instructions. You don't have to specify a specific file location on the disc when configuring the disclaimer using the RBAC API Disclaimer endpoints.

• The disclaimer text should be placed in a file called disclaimer.txt.
   
• Put the file in the console-services directory under /etc/puppetlabs.
  By adjusting the puppet enterprise::profile::console::disclaimer content path, you can alter the disclaimer file path on the console if you want to store the file somewhere else.
   
• To try the new banner, sign in to the console.

Require LDAP group membership to log in

Excluding LDAP users with no group bindings from signing in and generating Puppet Enterprise (PE) accounts is possible using the exclude-groupless-ldap-users configuration. By default, this parameter is turned off.

• Create a new .conf file at location by going to /etc/puppetlabs/console-services/conf.d/ on your main server.
   
• The puppet must run on your main server to incorporate this set into your RBAC configuration.
   
• The .conf file with the following text:
   

rbac: {
   feature-flags: {
    exclude-groupless-ldap-users: true
  }
} 

Frequently Asked Questions

What is Puppetboard?

Puppetboard is used to replace the reporting features of the Puppet Enterprise console (previously known as Puppet Dashboard) for the open-source Puppet, Puppetboard provides a web interface to PuppetDB.

What is Puppet Enterprise?

The commercial version of Puppet, called Puppet Enterprise (PE), is based on the Puppet platform. You may handle the configuration of thousands of nodes using both solutions. This is accomplished through open-source Puppet's intended state management.

How does puppet use SSL?

For all of its secure socket layer (SSL) communications, Puppet can either leverage an existing external CA or its own internal PKI and certificate authority (CA) tools.

What is Puppet?

Puppet is a software configuration management tool. It is a platform to configure the system and software settings. Puppet has its declarative language to manage the settings. You do not need much knowledge of programming to use Puppet. 

Is Puppet a tool for ongoing monitoring?

It continuously checks the server for configurations, and if any are changed, it instantly switches the hosts' configuration to one that has been pre-defined. It has control over a large number of infrastructures, allowing centralized configurations to be applied to each one.

Conclusion

In the article, we learned about Accessing Console in Puppet. We hope this article will help you understand the concept of puppets. Check out our other blogs on the topic of Puppet:

• Installing and Configuring Puppet Enterprise
• Managing Access in Puppet
• LDAP Authentication in Puppet
• Token based authentication in Puppet
   

Refer to our guided paths on Coding Ninjas Studio to learn about Data Structure and Algorithms, Competitive Programming, JavaScript, etc. Enrol in our courses and refer to our mock test available. Have a look at the interview experiences and interview bundle for placement preparations.

Happy Coding!