[Puppet Users] Unable to bootstrap modern Puppet-agent versions via cloud-config. How to set "certname=%i.%f"?

[Martijn]

Hi all,

We deploy Ubuntu 14.04 and 16.04 instances in AWS and use cloud-init to 
bootstrap them. Specifically we pass them user-data in 'cloud-config' yaml 
format (one of the formats that cloud-init understands).

Now that we've migrated to Puppet 4.10+ I'm having trouble finding the 
correct syntax to dynamically set the certname for the agent. I'd like the 
certname to contain the instance-id and the fqdn. It seems the Cloud-config 
format was never updated to deal with modern Puppet versions.

Previously, with Puppet 3.x we used the following:

<snip>
fqdn: test01.example.com
apt:
  sources:
    puppetlabs.list:
      source: "deb http://apt.puppetlabs.com $RELEASE main dependencies"
      keyid: 6F6B15509CF8E59E6E469F327F438280EF8D349F
apt_update: true
apt_upgrade: true
packages:
 - puppet
puppet:
  conf:
    agent:
      server: "puppet.example.com"
      certname: "%i.%f"

The last hash (puppet.conf.agent) would generate a file 
/etc/puppet/puppet.conf containing a line like 
certname=i-197f2394.test01.example.com which was fine for Puppet 3, but not 
4 or 5.

For Puppet 4 the correct path is /etc/puppetlabs/puppet/puppet.conf but 
cloud-init doesn't appear to know that so I came up with the following new 
cloud-config that simply writes the correct file:

<snip>
fqdn: test01.example.com
apt:
  sources:
    puppetlabs-pc1.list:
      source: "deb http://apt.puppetlabs.com $RELEASE PC1"
      keyid: 6F6B15509CF8E59E6E469F327F438280EF8D349F
package_update: true
package_upgrade: true
packages:
  - puppet-agent
write_files:
  - path: /etc/puppetlabs/puppet/puppet.conf
    content: 
        [agent]
        certname="%i.%f"
        server=puppet.insiders.nl

Unfortunately, the %i and %f variables are never replaced by the 
instance-id and fqdn, as they were previously. I've tried half a dozen 
variations, but none appear to work. Variable interpolation appears to be 
limited to the old "puppet.conf.agent" style.

How do *you* bootstrap your Puppet nodes on AWS?
How do you dynamically set the certname these days?

Thanks, Martijn

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/68494e23-bc06-43e2-9329-d308c6fdb1c4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.