A systems administrator installs the Puppet agent on a new Linux server and configures it to connect to the organization's Puppet primary server. After the initial agent run, the administrator confirms that no configuration changes are being applied and the new node is not recognized as managed. Which of the following commands must be run on the Puppet primary server to establish the trusted connection required to manage the new agent node?
The correct action is to sign the agent's certificate on the primary server. When a Puppet agent connects for the first time, it generates a public/private key pair and sends a certificate-signing request (CSR) to the primary server. For security, an administrator must explicitly approve this request. Starting with Puppet 6, all certificate-authority tasks are performed with the puppetserver ca CLI. Running puppetserver ca sign --certname <agent_hostname> signs the pending CSR, establishes mutual trust, and allows the primary server to begin managing the agent.
puppet agent --test is executed on the agent, not the server, to initiate a configuration run. puppet apply applies manifests locally in a masterless setup and does not sign certificates. puppet module install downloads modules from the Forge and is unrelated to certificate management.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a certificate-signing request (CSR) in Puppet?
Open an interactive chat with Bash
What is the role of the `puppetserver ca` CLI in certificate management?
Open an interactive chat with Bash
Why doesn’t the `puppet apply` command sign certificates?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Automation, Orchestration, and Scripting
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access