Using Ruby Gems
If you have any server-side Ruby code in your modules, then the puppet server will use JRuby to run the code.
The puppet server will not load the ruby gems as the value of GEM_HOME and GEM_PATH will get reset by the puppet server.
Installing and removing gems
Puppet server is configured in a way that it should not load any gems using the load paths. In case you want to load any additional gems you can use the puppet server-specific gem command to install them.
The command is mentioned below:
sudo puppetserver gem install <GEM NAME> --no-document
Gems with Native (C) Extensions
You cannot install a ruby gem that requires a native C extension. You can go for an alternative if you need to install that ruby gem. For example, there is jdbc-mysql available instead of mysql.
Infrastructure certificate revocation list (CRL)
The Puppet Server CA can provide a CRL that only includes the revocations of the nodes that agents are expected to communicate with during routine activities, such as compilers or hosts that agents connect to as part of agent-side operations. Instead of maintaining a CRL with all node revocations, Puppet Server CA can send this CRL to agents.
Manage the information in the file located at $cadir/infra inventory.txt to reduce the size of the CRL. Give a list of the certnames that is separated by newlines. They are added to the Infra CRL when they are revoked. Existing certificates issued and kept up to date by the Puppet Server CA must match the certnames. When the certs that match those certnames are revoked, Puppet Server updates both its Full CRL and its Infra CRL by setting the value certificate-authority.enable-infra-crl to true.
A CRL that solely contains the revocations of certnames listed in the infra inventory.txt is given to agents when they initially check in.
External SSL termination
Follow the below mentioned things to configure external SSL termination.
Disable HTTPS for Puppet Server
Remove the ssl-port and ssl-host values from the conf.d/webserver.conf file and replace them with port and host settings to force Puppet Server to utilise the HTTP protocol instead of SSL.
Allow Client Cert Data From HTTP Headers
The client certificate information is shared through the HTTP header with the Puppet server.
Reading this information from headers is by default not enabled.The authorization config section of the /etc/puppetlabs/puppetserver/conf.d/auth.conf file needs to have allow-header-cert-info to true so that Puppet Server can recognize it.
Configure SSL Terminating Proxy to Set HTTP Headers
Three HTTP headers must be filled out by the device that ends SSL for Puppet Server. This device must extract data from the client's certificate.
X-Client-Verify, X-Client-DN, and X-Client-Cert are the headers that must be set.
Frequently Asked Questions
What is the Puppet tool?
A puppet is a tool that allows you to manage and automate server setup. Puppet comprises various packages. These are referred to as the Puppet platform, which you use to organize, store, and run your Puppet code.
Is Puppet free to use?
Puppet is open-source software, which means it can be altered and customised without cost. Right out of the box, you receive a full tool with the fundamental CM functionalities and capabilities.
Can Puppet Server be installed in Windows?
No, we can install a puppet server in a Linux environment only.
Conclusion
In this article, we have discussed the puppet server and the different subcommands that we can use to configure the server. We have also discussed the configuration of external SSL termination.
If you think this blog has helped you enhance your knowledge about the above question, and if you would like to learn more, check out our articles
🔥 Concept of Status API in Puppet
🔥 Deploying Puppet Code in Continuous Delivery
🔥 Puppet Service and Tools
🔥 Directories and Files in Puppet
And many more on our website.
Visit our website to read more such blogs. Make sure that you enrol in the courses provided by us, take mock tests and solve problems available and interview puzzles. Also, you can pay attention to interview stuff- interview experiences and an interview bundle for placement preparations. Do upvote our blog to help fellow ninjas grow.
Please upvote our blog to help other ninjas grow.
Happy Learning!
19+ registered 
