Get Rewarded! We will reward you with up to €50 credit on your account for every tutorial that you write and we publish!
ProductsContributeDocsCareer

Installation and configuration of Puppet Master and Agent

profile picture
Author
Nadine Metzger
Published
2021-05-27
Time to read
5 minutes reading time
Table of Contents

Introduction

Puppet is an open-source configuration management tool that allows users to configure any number of servers in an automated way.

This tutorial covers the basic steps to set up a Puppet Master / Agent environment on Ubuntu 20.04. This tutorial does not cover the master / agent configuration options in their entirety, nor does it cover the Puppet modules. Further information can be found here.

Prerequisites

  • 2 Ubuntu 20.04 Server
  • Use an NTP service (time differences can lead to problems)
  • Allow port 8140 in the firewall for incoming traffic (INPUT chain)
  • DNS entries of the servers. If these are missing, they must be written in the /etc/hosts file: (please replace IP and hostname from the example appropriately)
10.0.0.20 puppetmaster.example.com
10.0.0.21 puppetagent.example.com

Step 1 - Install Puppet Master

The following commands install Puppet Master, obtaining the package directly from Puppetlabs in the latest version.

wget https://apt.puppetlabs.com/puppet-release-focal.deb
sudo dpkg -i puppet-release-focal.deb
sudo apt-get update
sudo apt-get install puppetserver

The following commands are used to start the Puppetserver and to start automatically after a reboot.

sudo systemctl start puppetserver
sudo systemctl enable puppetserver

sudo systemctl status puppetserver should indicate that the service has been started successfully.

If you are getting the following error when you start the Puppetserver:

Job for puppetserver.service failed because the control process exited with error code

This may indicate a lack of RAM. Here it can help to adjust the memory size in the Puppetserver configuration, e.g. to 1g.

sudo vim /etc/default/puppetserver
JAVA_ARGS="-Xms1g -Xmx1g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"

If you encounter problems with the certificate, you can delete the CA using sudo rm -r /etc/puppetlabs/puppet/ssl/ and recreate it using sudo puppetserver ca setup.

Step 2 - Install Puppet Agent

To install the Puppet Agent, follow a similar procedure:

wget https://apt.puppetlabs.com/puppet-release-focal.deb
sudo dpkg -i puppet-release-focal.deb
sudo apt-get update 
sudo apt-get install puppet-agent

The Puppet Master must be specified in the Puppet Agent configuration. Here you can also define an interval for the Puppet runs: sudo vim /etc/puppetlabs/puppet/puppet.conf

[main]
certname = puppetagent.example.com
server = puppetmaster.example.com
runinterval = 30m

Again, start Puppet and enable it to start automatically on reboot.

sudo systemctl start puppet
sudo systemctl enable puppet

sudo systemctl status puppet confirms the successful launch of the service.

Step 3 - Sign certificate

Now that Puppet Master and Puppet Agent are installed and configured, it's time for the communication. For this purpose, Puppet uses certificates, which must be signed by the Puppet master. By starting the Puppet Agent, a certificate request has already been sent to the Puppet Master. You can view all open certificate requests on the Puppet Master as follows.

sudo puppetserver ca list

Example output:

Requested Certificates:
    puppetagent.example.com       (SHA256)  55:F3:8B:8D:E8:41:25:0D:A1:CC:0C:D9:73:98:99:6E:73:77:83:97:9D:30:98:03:14:62:3B:F8:7A:25:35:41

In the output you will see all requesting agents, here you should make sure to sign only certificates known to you.

sudo puppetserver ca sign --certname puppetagent.example.com

You can check if the connection between Puppet Master and Agent is working on the Puppet Agent using the following command: sudo /opt/puppetlabs/bin/puppet agent --test

The output should look something like this:

Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppetagent.example.com
Info: Certificate Request fingerprint (SHA256): 55:F3:8B:8D:E8:41:25:0D:A1:CC:0C:D9:73:98:99:6E:73:77:83:97:9D:30:98:03:14:62:3B:F8:7A:25:35:41
Info: Downloaded certificate for puppetclient from https://puppetmaster.example.com:8140/puppet-ca/v1
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppetclient
Info: Applying configuration version '1621334490'
Info: Creating state file /opt/puppetlabs/puppet/cache/state/state.yaml
Notice: Applied catalog in 0.01 seconds

You can now start managing your servers in an automated way via Puppet.

Step 4 - Create example file

To describe a system configuration, so-called manifests are required. At this point a simple example is given to show the basic function. The Puppet standard manifest can be found at /etc/puppetlabs/code/environments/production/manifests/site.pp.

If the file does not already exist, create it. This example shows how to create a simple file on the Puppet Agent:

node 'puppetagent.example.com' {  # will be executed only for this node, use FQDN
  file { '/tmp/example-hello':    # resource type and filename
    ensure => present,            # must be present
    mode => '0644',               # file permission
    content => "Hello World!\n",  # file content
  }
}

node default {} # will be executed for all nodes not mentioned explicitly

Now when the automated Puppet run is performed on the Puppet Agent this file will be created. Alternatively, you can run sudo /opt/puppetlabs/bin/puppet agent --test on the Puppet Agent. After a successful Puppet run, cat /tmp/example-hello should return the output Hello World!.

License: MIT
Want to contribute?

Get Rewarded: Get up to €50 in credit! Be a part of the community and contribute. Do it for the money. Do it for the bragging rights. And do it to teach others!

Submit an articleFind out more
Report Issue
Try Hetzner Cloud

Get 20€ free credit!

Valid until: 31 December 2024 Valid for: 3 months and only for new customers
Get started
Want to contribute?

Get Rewarded: Get up to €50 credit on your account for every tutorial you write and we publish!

Find out more
Report Issue