configure puppet

Jump toUpdate content

How to Configure Puppet on Ubuntu Xenial

Reviewed on 19 January 2022Published on 10 August 2018
  • Instances
  • Puppet
  • Ubuntu-Xenial

Puppet Overview

Puppet is a configuration management tool which helps in the automation of tasks with respect to system administrators. It helps system administrators automate the provisioning, configuration and management of a server infrastructure.

Puppet comes in two varieties, Puppet Enterprise and open source Puppet. Both of them run on most Linux distributions, various UNIX platforms, and Windows.

  • You have an account and are logged into the Scaleway console
  • You have configured your SSH Key
  • You have sudo privileges or access to the root user
  • One Puppet master. The Puppet master will run Puppet Server, which is resource intensive and requires:
    • at least 4GB of memory
    • at least 2 CPU cores
  • Two Puppet agent nodes

Configuring /etc/hosts

Puppet master server and the puppet agents nodes need to be able to communicate with each other.

  1. On each machine, edit the /etc/hosts file.

    nano /etc/hosts
  2. Specify the Puppet master server as follows, substituting the IP address for your Puppet master.

    puppet_ip_address    puppet
  3. Save and exit.

    Note: By default, Puppet agents will look for the Puppet master at puppet to make it easier to get Puppet set up. This means we must use the name puppet in /etc/hosts. Otherwise, you need to configure the server value in the agent's puppet.conf.

Installing Puppet Server

Puppet Server is the software that pushes configuration from the Puppet master to the other servers. It runs only on the Puppet master; the other hosts will run the Puppet Agent.

  1. Enable the official Puppet Labs collection repository

    curl -O https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb
    dpkg -i puppetlabs-release-pc1-xenial.deb
    apt-get update
  2. Install the puppet server package

    apt-get install puppetserver

(Optional) Configuring Memory Allocation

By default, Puppet Server is configured to use 2 GB of RAM. You can customize this setting based on how much free memory the master server has and how many agent nodes it will manage.

To customize it:

  1. Open /etc/default/puppetserver:

    sudo nano /etc/default/puppetserver
  2. Find the JAVA_ARGS line, and use the -Xms and -Xmx parameters to set the memory allocation. We’ll increase ours to 3 gigabytes:

    JAVA_ARGS="-Xms3g -Xmx3g -XX:MaxPermSize=256m"
  3. Save and exit

Opening the Firewall

  1. Ensure that port 8140 is open for the Puppet server to communicate.

    ufw allow 8140
  2. To activate the updated configuration, reload ufw

    sudo ufw reload

Starting Puppet Server

  1. Start the puppet server. It takes time to complete.

    systemctl start puppetserver
  2. Verify that the installation is successful

    systemctl status puppetserver

    which returns

    ● puppetserver.service - puppetserver Service
    Loaded: loaded (/lib/systemd/system/puppetserver.service; disabled; vendo
    Active: active (running) since Fri 2018-08-10 10:00:56 UTC; 28s ago
    Process: 32404 ExecStart=/opt/puppetlabs/server/apps/puppetserver/bin/pupp
    Main PID: 32414 (java)
    CGroup: /system.slice/puppetserver.service
    └─32414 /usr/bin/java -Xms3g -Xmx3g -XX:MaxPermSize=256m -Djava.s

    Aug 10 09:59:55 puppet-master systemd[1]: Starting puppetserver Service...
    Aug 10 09:59:55 puppet-master puppetserver[32404]: OpenJDK 64-Bit Server VM
    Aug 10 10:00:56 puppet-master systemd[1]: Started puppetserver Service.
  3. Configure your puppet server to start at boot

    systemctl enable puppetserver

With the server running, now we’re ready to set up Puppet Agent on our two agent machines.

Installing the Puppet Agent

The Puppet agent software must be installed on any server that the Puppet master will manage. In most cases, this will include every server in your infrastructure. In our case, it will be installed on the two puppet agents.

Installing the Puppet Agent Package

  1. Enable the official Puppet Labs collection repository

    wget https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb
    sudo dpkg -i puppetlabs-release-pc1-xenial.deb
    sudo apt-get update
  2. Install the puppet-agent Package

    sudo apt-get install puppet-agent
  3. Enable the puppet agent to start on boot

    systemctl start puppet
    systemctl enable puppet

If it has not been done already, make sure you repeat these steps on every puppet agent.

Signing Certificates on Puppet Master

  1. List all unsigned certificate requests on the puppet master

    sudo /opt/puppetlabs/bin/puppet cert list

    which returns

    "puppet-agent1.cloud.online.net" (SHA256) 2C:82:B1:9E:59:2F:C6:5F:B9:EB:31:E4:E8:C5:4E:43:1C:D2:63:68:66:71:1E:45:0C:7D:BF:F1:6D:AA:4C:A0
    "puppet-agent2.cloud.online.net" (SHA256) F3:0E:94:5F:3D:43:FD:C5:16:2E:D0:6D:9C:13:01:3E:28:95:E1:7E:2A:58:4B:FE:B6:7E:4B:61:EE:6B:66:5A

    A + in front of a certificate indicates it has been signed. The absence of a plus sign indicates our new certificate has not been signed yet.

  2. Sign puppet-agent1 certificate using the puppet cert sign subcommand and the hostname of the certificate as it is displayed in the certificate request

    sudo /opt/puppetlabs/bin/puppet cert sign puppet-agent1.cloud.online.net

    which returns

    Notice: Signed certificate request for puppet-agent1.cloud.online.net
    Notice: Removing file Puppet::SSL::CertificateRequest puppet-agent1.cloud.online.net at '/etc/puppetlabs/puppet/ssl/ca/requests/puppet-agent1.cloud.online.net.pem'

Repeat the process for the puppet-agent2.

The Puppet master can now communicate and control the node that the signed certificate belongs to.


You can use the --all option to sign the remaining certificate: sudo /opt/puppetlabs/bin/puppet cert sign --all

Verifying the Installation

Puppet uses a domain-specific language to describe system configurations, and these descriptions are saved to files called “manifests”, which have a .pp file extension. To learn more about manifests, refer to Puppet official documentation.

We’ll create a brief directive to verify that the Puppet Server can manage the Agents as expected.

  1. Create a default manifest (we’ll use testsite.pp)

    sudo nano /etc/puppetlabs/code/environments/production/manifests/testsite.pp
  2. Create a file called it_works.txt on agent nodes located in the tmp directory which contains the public IP address of the agent server

    file {'/tmp/it_works.txt':                        # resource type file and filename
    ensure => present, # make sure it exists
    mode => '0644', # file permissions
    content => "It works on ${ipaddress_eth0}!\n", # Print the eth0 IP fact

    By default Puppet Server runs the commands in its manifests every 30 minutes. If the file is removed, the ensure option recreates it. The mode directive will set the file permissions, and the content directive add content to the directive.

  3. Apply the manifest on your puppet-agent1

    /opt/puppetlabs/bin/puppet agent --test

    which returns

    Info: Using configured environment 'production'
    Info: Retrieving pluginfacts
    Info: Retrieving plugin
    Info: Caching catalog for puppet-agent1.cloud.online.net
    Info: Applying configuration version '1534164688'
    Notice: Applied catalog in 0.04 seconds
  4. Check the file contents

    nano /tmp/it_works.txt

    which returns

    It works on ip_adress!

What’s next ?

If you want to learn more about Puppet, check out how to install and configure Foreman on ubuntu xenial.