The Puppet Master
Many Puppet-based workflows are centered on the master, which is the central source of configuration data and authority. The master hands instructions to all the computer systems in the infrastructure (where agents are installed). It serves multiple purposes in the distributed system of Puppet components.
The master will perform the following tasks:
Storing and compiling manifests
Serving as the SSL certification authority
Processing reports from the agent machines
Gathering and storing information about the agents
As such, the security of your master machine is paramount. The requirements for hardening are comparable to those of a Kerberos Key Distribution Center.
During its first initialization, the Puppet master generates the CA certificate. This self-signed certificate will be distributed among and trusted by all the components of your infrastructure. This is why its private key must be protected very carefully. New agent machines request individual certificates, which are...
