Blog

Installation and configuration of Puppet Master and Agent

Introduction

Puppet is an open-source configuration management tool that allows users to configure any number of servers in an automated way.

This tutorial covers the basic steps to set up a Puppet Master / Agent environment on Ubuntu 20.04. This tutorial does not cover the master / agent configuration options in their entirety, nor does it cover the Puppet modules. Further information can be found here.

Prerequisites

  • 2 Ubuntu 20.04 Server
  • Use an NTP service (time differences can lead to problems)
  • Allow port 8140 in the firewall for incoming traffic (INPUT chain)
  • DNS entries of the servers. If these are missing, they must be written in the /etc/hosts file: (please replace IP and hostname from the example appropriately)
10.0.0.20 puppetmaster.example.com
10.0.0.21 puppetagent.example.com

Step 1 – Install Puppet Master

The following commands install Puppet Master, obtaining the package directly from Puppetlabs in the latest version.

wget https://apt.puppetlabs.com/puppet-release-focal.deb
sudo dpkg -i puppet-release-focal.deb
sudo apt-get update
sudo apt-get install puppetserver

The following commands are used to start the Puppetserver and to start automatically after a reboot.

sudo systemctl start puppetserver
sudo systemctl enable puppetserver

sudo systemctl status puppetserver should indicate that the service has been started successfully.

If you are getting the following error when you start the Puppetserver:

Job for puppetserver.service failed because the control process exited with error code

This may indicate a lack of RAM. Here it can help to adjust the memory size in the Puppetserver configuration, e.g. to 1g.

sudo vim /etc/default/puppetserver
JAVA_ARGS="-Xms1g -Xmx1g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"

If you encounter problems with the certificate, you can delete the CA using sudo rm -r /etc/puppetlabs/puppet/ssl/ and recreate it using sudo puppetserver ca setup.

Step 2 – Install Puppet Agent

To install the Puppet Agent, follow a similar procedure:

wget https://apt.puppetlabs.com/puppet-release-focal.deb
sudo dpkg -i puppet-release-focal.deb
sudo apt-get update 
sudo apt-get install puppet-agent

The Puppet Master must be specified in the Puppet Agent configuration. Here you can also define an interval for the Puppet runs: sudo vim /etc/puppetlabs/puppet/puppet.conf

[main]
certname = puppetagent.example.com
server = puppetmaster.example.com
runinterval = 30m

Again, start Puppet and enable it to start automatically on reboot.

sudo systemctl start puppet
sudo systemctl enable puppet

sudo systemctl status puppet confirms the successful launch of the service.

Step 3 – Sign certificate

Now that Puppet Master and Puppet Agent are installed and configured, it’s time for the communication. For this purpose, Puppet uses certificates, which must be signed by the Puppet master. By starting the Puppet Agent, a certificate request has already been sent to the Puppet Master. You can view all open certificate requests on the Puppet Master as follows.

sudo puppetserver ca list

Example output:

Requested Certificates:
    puppetagent.example.com       (SHA256)  55:F3:8B:8D:E8:41:25:0D:A1:CC:0C:D9:73:98:99:6E:73:77:83:97:9D:30:98:03:14:62:3B:F8:7A:25:35:41

In the output you will see all requesting agents, here you should make sure to sign only certificates known to you.

sudo puppetserver ca sign --certname puppetagent.example.com

You can check if the connection between Puppet Master and Agent is working on the Puppet Agent using the following command: sudo /opt/puppetlabs/bin/puppet agent --test

The output should look something like this:

Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppetagent.example.com
Info: Certificate Request fingerprint (SHA256): 55:F3:8B:8D:E8:41:25:0D:A1:CC:0C:D9:73:98:99:6E:73:77:83:97:9D:30:98:03:14:62:3B:F8:7A:25:35:41
Info: Downloaded certificate for puppetclient from https://puppetmaster.example.com:8140/puppet-ca/v1
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppetclient
Info: Applying configuration version '1621334490'
Info: Creating state file /opt/puppetlabs/puppet/cache/state/state.yaml
Notice: Applied catalog in 0.01 seconds

You can now start managing your servers in an automated way via Puppet.

Step 4 – Create example file

To describe a system configuration, so-called manifests are required. At this point a simple example is given to show the basic function. The Puppet standard manifest can be found at /etc/puppetlabs/code/environments/production/manifests/site.pp.

If the file does not already exist, create it. This example shows how to create a simple file on the Puppet Agent:

node ‘puppetagent.example.com’ { # will be executed only for this node, use FQDN file { ‘/tmp/example-hello’: # resource type and filename ensure => present, # must be present mode => ‘0644’, # file permission content => “Hello World!\n”, # file content } }

node default {} # will be executed for all nodes not mentioned explicitly

Now when the automated Puppet run is performed on the Puppet Agent this file will be created. Alternatively, you can run ``sudo /opt/puppetlabs/bin/puppet agent --test`` on the Puppet Agent. After a successful Puppet run, ```cat /tmp/example-hello``` should return the output ```Hello World!```.

##### License: MIT

<!--

Contributor's Certificate of Origin

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I have
    the right to submit it under the license indicated in the file; or

(b) The contribution is based upon previous work that, to the best of my
    knowledge, is covered under an appropriate license and I have the
    right under that license to submit that work with modifications,
    whether created in whole or in part by me, under the same license
    (unless I am permitted to submit under a different license), as
    indicated in the file; or

(c) The contribution was provided directly to me by some other person
    who certified (a), (b) or (c) and I have not modified it.

(d) I understand and agree that this project and the contribution are
    public and that a record of the contribution (including all personal
    information I submit with it, including my sign-off) is maintained
    indefinitely and may be redistributed consistent with this project
    or the license(s) involved.

Signed-off-by: Nadine Metzger

-->

Reprint: https://community.hetzner.com/tutorials/install-and-configure-puppet-master-and-agent

Posted

in

by

admin

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *