Puppet is a configuration management tool which helps in the automation of tasks with respect to system administrators. It helps system administrators automate the provisioning, configuration and management of a server infrastructure.
Puppet comes in two varieties, Puppet Enterprise and open source Puppet. Both of them run on most Linux distributions, various UNIX platforms, and Windows.
Requirements:
- You have an account and are logged into console.scaleway.com
- You have configured your SSH Key
- You have sudo privileges or access to the root user
- One Puppet master. The Puppet master will run Puppet Server, which is resource intensive and requires:
- at least 4GB of memory
- at least 2 CPU cores
- Two Puppet agent nodes
Puppet master server and the puppet agents nodes need to be able to communicate with each other.
1 . On each machine, edit the /etc/hosts file.
nano /etc/hosts
2 . Specify the Puppet master server as follows, substituting the IP address for your Puppet master.
puppet_ip_address puppet
3 . Save and exit.
Note: By default, Puppet agents will look for the Puppet master at puppet to make it easier to get Puppet set up. This means we must use the name puppet in /etc/hosts. Otherwise, you need to configure the server value in the agent’s puppet.conf.
Puppet Server is the software that pushes configuration from the Puppet master to the other servers. It runs only on the Puppet master; the other hosts will run the Puppet Agent.
1 . Enable the official Puppet Labs collection repository
curl -O https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb
dpkg -i puppetlabs-release-pc1-xenial.deb
apt-get update
2 . Install the puppet server package
apt-get install puppetserver
By default, Puppet Server is configured to use 2 GB of RAM. You can customize this setting based on how much free memory the master server has and how many agent nodes it will manage.
To customize it:
1 . Open /etc/default/puppetserver:
sudo nano /etc/default/puppetserver
2 . Find the JAVA_ARGS
line, and use the -Xms
and -Xmx
parameters to set the memory allocation. We’ll increase ours to 3 gigabytes:
JAVA_ARGS="-Xms3g -Xmx3g -XX:MaxPermSize=256m"
3 . Save and exit
1 . Ensure that port 8140 is open for the Puppet server to communicate.
ufw allow 8140
2 . To activate the updated configuration, reload ufw
sudo ufw reload
1 . Start the puppet server. It takes time to complete.
systemctl start puppetserver
2 . Verify that the installation is successful
systemctl status puppetserver
which returns
â—Ź puppetserver.service - puppetserver Service
Loaded: loaded (/lib/systemd/system/puppetserver.service; disabled; vendo
Active: active (running) since Fri 2018-08-10 10:00:56 UTC; 28s ago
Process: 32404 ExecStart=/opt/puppetlabs/server/apps/puppetserver/bin/pupp
Main PID: 32414 (java)
CGroup: /system.slice/puppetserver.service
└─32414 /usr/bin/java -Xms3g -Xmx3g -XX:MaxPermSize=256m -Djava.s
Aug 10 09:59:55 puppet-master systemd[1]: Starting puppetserver Service...
Aug 10 09:59:55 puppet-master puppetserver[32404]: OpenJDK 64-Bit Server VM
Aug 10 10:00:56 puppet-master systemd[1]: Started puppetserver Service.
3 . Configure your puppet server to start at boot
systemctl enable puppetserver
With the server running, now we’re ready to set up Puppet Agent on our two agent machines.
The Puppet agent software must be installed on any server that the Puppet master will manage. In most cases, this will include every server in your infrastructure. In our case, it will be installed on the two puppet agents.
1 . Enable the official Puppet Labs collection repository
wget https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb
sudo dpkg -i puppetlabs-release-pc1-xenial.deb
sudo apt-get update
2 . Install the puppet-agent Package
sudo apt-get install puppet-agent
3 . Enable the puppet agent to start on boot
systemctl start puppet
systemctl enable puppet
If it has not be done already, make sure you repeat these steps on every puppet agent.
1 . List all unsigned certificate requests on the puppet master
sudo /opt/puppetlabs/bin/puppet cert list
which returns
"puppet-agent1.cloud.online.net" (SHA256) 2C:82:B1:9E:59:2F:C6:5F:B9:EB:31:E4:E8:C5:4E:43:1C:D2:63:68:66:71:1E:45:0C:7D:BF:F1:6D:AA:4C:A0
"puppet-agent2.cloud.online.net" (SHA256) F3:0E:94:5F:3D:43:FD:C5:16:2E:D0:6D:9C:13:01:3E:28:95:E1:7E:2A:58:4B:FE:B6:7E:4B:61:EE:6B:66:5A
A +
in front of a certificate indicates it has been signed. The absence of a plus sign indicates our new certificate has not been signed yet.
2 . Sign puppet-agent1
certificate using the puppet cert sign
subcommand and the hostname of the certificate as it is displayed in the certificate request
sudo /opt/puppetlabs/bin/puppet cert sign puppet-agent1.cloud.online.net
which returns
Notice: Signed certificate request for puppet-agent1.cloud.online.net
Notice: Removing file Puppet::SSL::CertificateRequest puppet-agent1.cloud.online.net at '/etc/puppetlabs/puppet/ssl/ca/requests/puppet-agent1.cloud.online.net.pem'
Repeat the process for the puppet-agent2
.
The Puppet master can now communicate and control the node that the signed certificate belongs to.
Note: You can use the
--all
option to sign the remaining certificate:sudo /opt/puppetlabs/bin/puppet cert sign --all
Puppet uses a domain-specific language to describe system configurations, and these descriptions are saved to files called “manifests”, which have a .pp
file extension. To learn more about manifests, refer to Puppet official documentation.
We’ll create a brief directive to verify that the Puppet Server can manage the Agents as expected.
1 . Create a default manifest (we’ll use testsite.pp)
sudo nano /etc/puppetlabs/code/environments/production/manifests/testsite.pp
2 . Create a file called it_works.txt
on agent nodes located in the tmp
directory which contains the public IP address of the agent server
file {'/tmp/it_works.txt': # resource type file and filename
ensure => present, # make sure it exists
mode => '0644', # file permissions
content => "It works on ${ipaddress_eth0}!\n", # Print the eth0 IP fact
}
By default Puppet Server runs the commands in its manifests every 30 minutes. If the file is removed, the ensure
option recreates it. The mode directive will set the file permissions, and the content directive add content to the directive.
3 . Apply the manifest on your puppet-agent1
/opt/puppetlabs/bin/puppet agent --test
which returns
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppet-agent1.cloud.online.net
Info: Applying configuration version '1534164688'
Notice: Applied catalog in 0.04 seconds
4 . Check the file contents
nano /tmp/it_works.txt
which returns
It works on ip_adress!
If you want to learn more about Puppet, check out how to install and configure Foreman on ubuntu xenial.