Description of problem:

The configuration of the Puppet agent/client section on a Satellite server to have puppet connected to another puppet server is giving some challenges:

• satellite-installer has only 1 ssldir option that is set in main and applies to both server and agent. To have the agent connected to another server a dedicated ssl directory for the agent has to be set to override the generic (=server) directory
  ~~~
  [agent]
  ssldir = /etc/puppetlabs/puppet/agentssl
  ~~~
• the dns_alt_name (used for a friendly CNAME on the Puppet server) that is only used for the server is also implicitly added to the client, confusing the client/agent certname to the other server that it has 2 dns names. The dnt_alt_name has then to be overridden with an empty value
  ~~~
  [agent]
  dns_alt_names =
  ~~~

To support the configuration of connecting the satellite to another puppet server correctly in the satellite-installer is it possible to make the following improvements:

• have also a puppet-client-ssl-dir option to configure in the [agent] block the ssldir
• settings only related to the server to the [server] block. E.g. dns_alt_name
• settings for the client, e.g. also the 'server=' directive to the [agent] block