SSL cert isn't created for compilers

[unixsurfer]

In my use-case I want to build a compiler and I use the following snippet:

class { 'puppet::server':
    version  => '7.3.0-1bionic',
    foreman  => false,
    ca  => false,
    jvm_min_heap_size   => $jvm_min_heap_size,
    jvm_max_heap_size   => $jvm_max_heap_size,
  }

but the puppetservice service fails to start as it doesn't find the certificate:

 "Unable to open 'ssl-cert' file: /etc/puppetlabs/puppet/ssl/certs/puppet-dev-bionic.pem",

In hiera I point to the correct CA server and I was expecting to see code to run puppet ssl bootstrap but I didn't. what am I doing wrong?

[alexjfisher]

Is declaring puppet::server directly supported? I've always declared the base puppet class and set server => true (and other options) there.

[ekohl]

Technically I guess it's supported. I know that there are also people do essentially use this in their base profile:

class { 'puppet':
  server => false,
}

And then in another profile:

class { 'puppet::server':
  ...
}

In hiera I point to the correct CA server and I was expecting to see code to run puppet ssl bootstrap but I didn't.

I don't think we really considered this use case that much. Personally I've always set up hosts to provision, including Puppet setup. Then in profiles I added additional functionality. At that point the bootstrapping was already done.

[unixsurfer]

@ekohl this is what I am doing as well. I think my issue is rather a process issue for bootstrapping a compiler. I just need to adjust the process to run puppet ssl bootstrap before I apply the corresponding role+profile on the 1st compiler of the region.

Having said that, it would be nice if the module could generate the certs on a compiler as well.