Table of Contents
In this article, I will take you through the steps to install and setup puppet master and agent in RedHat/CentOS 7.
Puppet spans across your hybrid environments to automate infrastructure and application workflows and ongoing management. We meet teams where they are and take them to where they need to be by leveraging automation code across teams, deployments, applications, and infrastructure in a secure and scalable way.
Setup Puppet Master and Agent
Prerequisites
a)You need atleast 2 nodes:-
1)puppet-master(IP: 192.168.0.106) - Puppet Master Node
2)puppet-agent(IP: 192.168.0.105) - Puppet Agent Node
b)Make sure both nodes have an entry of all the puppet master and agent nodes.
[root@puppet-master ~]#cat /etc/hosts 192.168.0.106 puppet-master 192.168.0.105 puppet-agent [root@puppet-agent ~]#cat /etc/hosts 192.168.0.106 puppet-master 192.168.0.105 puppet-agent
c)Allow Incoming Connections from Puppet Agent to Port 8140
or
Stop the Firewall Service on Puppet Master using below command
[root@puppet-master ~]# systemctl stop firewalld [root@puppet-master ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: inactive (dead) since Sat 2019-12-07 16:34:04 EST; 51s ago Docs: man:firewalld(1) Process: 775 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS) Main PID: 775 (code=exited, status=0/SUCCESS) Dec 07 16:34:04 puppet-master systemd[1]: Stopping firewalld - dynamic firewall daemon... Dec 07 16:34:04 puppet-master systemd[1]: Stopped firewalld - dynamic firewall daemon. Hint: Some lines were ellipsized, use -l to show in full.
d)Allow Agent to reach to 8140 of puppet Master
or
Stop the Firewall Service on Puppet Agent using below command.
[root@puppet-agent ~]# systemctl stop firewalld [root@puppet-agent ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: inactive (dead) since Sun 2019-12-08 01:33:23 +04; 8s ago Docs: man:firewalld(1) Process: 723 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS) Main PID: 723 (code=exited, status=0/SUCCESS) Dec 08 01:33:21 puppet-agent systemd[1]: Stopping firewalld - dynamic firewall daemon... Dec 08 01:33:23 puppet-agent systemd[1]: Stopped firewalld - dynamic firewall daemon. Hint: Some lines were ellipsized, use -l to show in full.
e)Minimum 2048 MB memory must be free on Puppet Master node.
Step 1: Install NTP
Firstly we need to make sure time is in sync between all nodes. Hence we to use ntp server for that. We will go ahead and install ntp service on puppet-master using yum install ntp command.
[root@puppet-master ~]# yum install ntp -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.excellmedia.net
* epel: repos.del.extreme-ix.org
* extras: centos.excellmedia.net
* updates: centos.excellmedia.net
Resolving Dependencies
--> Running transaction check
---> Package ntp.x86_64 0:4.2.6p5-29.el7.centos will be installed
--> Processing Dependency: ntpdate = 4.2.6p5-29.el7.centos for package: ntp-4.2. 6p5-29.el7.centos.x86_64
--> Processing Dependency: libopts.so.25()(64bit) for package: ntp-4.2.6p5-29.el 7.centos.x86_64
--> Running transaction check
---> Package autogen-libopts.x86_64 0:5.18-5.el7 will be installed
---> Package ntpdate.x86_64 0:4.2.6p5-29.el7.centos will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository
Size
================================================================================
Installing:
ntp x86_64 4.2.6p5-29.el7.centos base 548 k
Installing for dependencies:
autogen-libopts x86_64 5.18-5.el7 base 66 k
ntpdate x86_64 4.2.6p5-29.el7.centos base 86 k
Transaction Summary
================================================================================
Install 1 Package (+2 Dependent packages)
Total download size: 701 k
Installed size: 1.6 M
Step 2: Update NTP Configuration
Once NTP installed, we will use the default ntp server for time syncing. You can also use other ntp servers here.
[root@puppet-master ~]# cat /etc/ntp.conf | grep -i centos
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
Once configured, let's sync the date and time using ntpdate command.
[root@puppet-master ~]# ntpdate centos.pool.ntp.org
7 Dec 15:06:32 ntpdate[27313]: step time server 5.103.139.163 offset 196.570703 sec
Restart the NTP Service.
[root@puppet-master ~]# systemctl restart ntpd
Check the status of the NTP service
[root@puppet-master ~]# systemctl status ntpd
● ntpd.service - Network Time Service
Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2019-12-07 15:08:33 EST; 11s ago
Main PID: 27562 (ntpd)
CGroup: /system.slice/ntpd.service
└─27562 /usr/sbin/ntpd -u ntp:ntp -g
Dec 07 15:08:33 puppet-master ntpd[27562]: Listen normally on 4 docker0 172.17.0.1 UDP 123
Dec 07 15:08:33 puppet-master ntpd[27562]: Listen normally on 5 lo ::1 UDP 123
Dec 07 15:08:33 puppet-master ntpd[27562]: Listen normally on 6 enp0s3 fe80::cc8e:623:39bb:e465 UDP 123
Dec 07 15:08:33 puppet-master ntpd[27562]: Listening on routing socket on fd #23 for interface updates
Dec 07 15:08:33 puppet-master ntpd[27562]: 0.0.0.0 c016 06 restart
Dec 07 15:08:33 puppet-master ntpd[27562]: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM
Dec 07 15:08:33 puppet-master ntpd[27562]: 0.0.0.0 c011 01 freq_not_set
Dec 07 15:08:40 puppet-master ntpd[27562]: 0.0.0.0 c61c 0c clock_step -9.708154 s
Dec 07 15:08:31 puppet-master ntpd[27562]: 0.0.0.0 c614 04 freq_mode
Dec 07 15:08:32 puppet-master ntpd[27562]: 0.0.0.0 c618 08 no_sys_peer
Once service is started, you need to enable the service using systemctl enable ntpd command.
[root@puppet-master ~]# systemctl enable ntpd
Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
Step 3: Add Puppet Server Repository
Before installing the puppet server, we need to add the repo using rpm command.
[root@puppet-master ~]# rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
Retrieving https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
warning: /var/tmp/rpm-tmp.TlXrRj: Header V4 RSA/SHA1 Signature, key ID ef8d349f: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:puppetlabs-release-pc1-1.1.0-5.el################################# [100%]
Step 4: Install Puppet Server
Once repo is added, you can install puppet server using yum -y install puppetserver.
[root@puppet-master ~]# yum -y install puppetserver
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.excellmedia.net
* epel: mirror2.totbb.net
* extras: centos.excellmedia.net
* updates: centos.excellmedia.net
puppetlabs-pc1 | 2.5 kB 00:00:00
puppetlabs-pc1/x86_64/primary_db | 234 kB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package puppetserver.noarch 0:2.8.1-1.el7 will be installed
--> Processing Dependency: puppet-agent >= 1.6.0 for package: puppetserver-2.8.1-1.el7.noarch
--> Processing Dependency: net-tools for package: puppetserver-2.8.1-1.el7.noarch
--> Processing Dependency: java-1.8.0-openjdk-headless for package: puppetserver-2.8.1-1.el7.noarch
--> Running transaction check
---> Package java-1.8.0-openjdk-headless.x86_64 1:1.8.0.232.b09-0.el7_7 will be installed
--> Processing Dependency: tzdata-java >= 2015d for package: 1:java-1.8.0-openjdk-headless-1.8.0.232.b09-0.el7_7.x86_64
--> Processing Dependency: copy-jdk-configs >= 3.3 for package: 1:java-1.8.0-openjdk-headless-1.8.0.232.b09-0.el7_7.x86_64
--> Processing Dependency: pcsc-lite-libs(x86-64) for package: 1:java-1.8.0-openjdk-headless-1.8.0.232.b09-0.el7_7.x86_64
--> Processing Dependency: lksctp-tools(x86-64) for package: 1:java-1.8.0-openjdk-headless-1.8.0.232.b09-0.el7_7.x86_64
--> Processing Dependency: jpackage-utils for package: 1:java-1.8.0-openjdk-headless-1.8.0.232.b09-0.el7_7.x86_64
--> Processing Dependency: cups-libs(x86-64) for package: 1:java-1.8.0-openjdk-headless-1.8.0.232.b09-0.el7_7.x86_64
---> Package net-tools.x86_64 0:2.0-0.25.20131004git.el7 will be installed
---> Package puppet-agent.x86_64 0:1.10.14-1.el7 will be installed
--> Running transaction check
---> Package copy-jdk-configs.noarch 0:3.3-10.el7_5 will be installed
---> Package cups-libs.x86_64 1:1.6.3-40.el7 will be installed
--> Processing Dependency: libavahi-common.so.3()(64bit) for package: 1:cups-libs-1.6.3-40.el7.x86_64
--> Processing Dependency: libavahi-client.so.3()(64bit) for package: 1:cups-libs-1.6.3-40.el7.x86_64
---> Package javapackages-tools.noarch 0:3.4.1-11.el7 will be installed
--> Processing Dependency: python-javapackages = 3.4.1-11.el7 for package: javapackages-tools-3.4.1-11.el7.noarch
---> Package lksctp-tools.x86_64 0:1.0.17-2.el7 will be installed
---> Package pcsc-lite-libs.x86_64 0:1.8.8-8.el7 will be installed
---> Package tzdata-java.noarch 0:2019c-1.el7 will be installed
--> Running transaction check
...........................................................................................
Step 5: Start Puppet Server
Once puppet server is installed, you need to start the puppet service using systemctl start puppetserver command.
[root@puppet-master ~]# systemctl start puppetserver
Check the status of puppetserver service
[root@puppet-master ~]# systemctl status puppetserver
● puppetserver.service - puppetserver Service
Loaded: loaded (/usr/lib/systemd/system/puppetserver.service; disabled; vendo r preset: disabled)
Active: active (running) since Sat 2019-12-07 15:44:11 EST; 5min ago
Process: 11530 ExecStart=/opt/puppetlabs/server/apps/puppetserver/bin/puppetse rver start (code=exited, status=0/SUCCESS)
Main PID: 11537 (java)
CGroup: /system.slice/puppetserver.service
└─11537 /usr/bin/java -Xms2g -Xmx2g -XX:MaxPermSize=256m -Djava.se...
Dec 07 15:41:33 puppet-master systemd[1]: Starting puppetserver Service...
Dec 07 15:41:33 puppet-master puppetserver[11530]: OpenJDK 64-Bit Server VM w...
Dec 07 15:44:11 puppet-master systemd[1]: Started puppetserver Service.
Hint: Some lines were ellipsized, use -l to show in full
After starting the service, you need to enable it using systemctl enable puppetserver command.
[root@puppet-master ~]# systemctl enable puppetserver
Created symlink from /etc/systemd/system/multi-user.target.wants/puppetserver.service to /usr/lib/systemd/system/puppetserver.service.
Note:-
Please note that sometime when you don't have enough memory allocated in your system, it will show you below error whenever you try to start the service. Hence you need to make sure you have atleast 2048 MB free memory in your node for puppetserver to work.
[root@puppet-master ~]# systemctl start puppetserver Job for puppetserver.service failed because the control process exited with error code. See "systemctl status puppetserver.service" and "journalctl -xe" for details. [root@puppet-master ~]# systemctl status puppetserver ● puppetserver.service - puppetserver Service Loaded: loaded (/usr/lib/systemd/system/puppetserver.service; disabled; vendor preset: disabled) Active: activating (start) since Sat 2019-12-07 15:20:23 EST; 1min 32s ago Control: 29402 (bash) CGroup: /system.slice/puppetserver.service ├─29402 bash /opt/puppetlabs/server/apps/puppetserver/cli/apps/start ├─29409 /usr/bin/java -Xms2g -Xmx2g -XX:MaxPermSize=256m -Djava.security.egd=/dev/urandom -XX:OnOutOfMemoryError=kill -9 %p -cp /opt/puppetlabs/server/app... └─29733 sleep 1 Dec 07 15:20:23 puppet-master systemd[1]: Starting puppetserver Service... Dec 07 15:20:23 puppet-master puppetserver[29402]: OpenJDK 64-Bit Server VM warning: ignoring option MaxPermSize=256m; support was removed in 8.0
Step 6: Install Puppet Agent
Add the repository in puppet-agent host using below rpm command.
[root@puppet-agent ~]# rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
Retrieving https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
warning: /var/tmp/rpm-tmp.othn49: Header V4 RSA/SHA1 Signature, key ID ef8d349f: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:puppetlabs-release-pc1-1.1.0-5.el################################# [100%]
Once repo is added, install it through yum -y install puppet-agent command.
[root@puppet-agent ~]# yum -y install puppet-agent
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.excellmedia.net
* extras: centos.excellmedia.net
* updates: centos.excellmedia.net
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
kubernetes/signature | 454 B 00:00:00
kubernetes/signature | 1.4 kB 00:00:00 !!!
puppetlabs-pc1 | 2.5 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/2): puppetlabs-pc1/x86_64/primary_db | 234 kB 00:00:00
(2/2): updates/7/x86_64/primary_db | 5.8 MB 00:00:01
Resolving Dependencies
--> Running transaction check
---> Package puppet-agent.x86_64 0:1.10.14-1.el7 will be installed
--> Finished Dependency Resolution
........................................................................................
Step 7: Start Puppet Agent
Once puppet agent is installed you need to start the puppet agent service using below command.
[root@puppet-agent ~]# /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true
Notice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running'
service { 'puppet':
ensure => 'running',
enable => 'true',
}
Step 8: Sign the Certificate
Check all the certificate which is currently in requested state for signing the certificate in Puppet Master.
[root@puppet-master ~]# /opt/puppetlabs/bin/puppet cert list
"puppet-agent" (SHA256) F6:BA:F7:3A:50:8D:05:6D:D8:80:B0:84:A6:19:95:E9:10:4D:C1:48:1C:A3:E8:4F:92:91:3F:E2:2C:43:D9:5B
Sign the Certificate using /opt/puppetlabs/bin/puppet cert sign command.
[root@puppet-master ~]# /opt/puppetlabs/bin/puppet cert sign puppet-agent
Signing Certificate Request for:
"puppet-agent" (SHA256) F6:BA:F7:3A:50:8D:05:6D:D8:80:B0:84:A6:19:95:E9:10:4D:C1:48:1C:A3:E8:4F:92:91:3F:E2:2C:43:D9:5B
Notice: Signed certificate request for puppet-agent
Notice: Removing file Puppet::SSL::CertificateRequest puppet-agent at '/etc/puppetlabs/puppet/ssl/ca/requests/puppet-agent.pem'
Check all the Signed Certificate using below command.
[root@puppet-master ~]# /opt/puppetlabs/bin/puppet cert list --all
+ "puppet-agent" (SHA256) BF:0E:2C:B5:B6:9E:11:91:A8:28:94:57:73:FB:3A:F4:13:A9:2C:2E:06:DD:FF:94:FE:2E:2E:A8:E9:D4:AE:58
+ "puppet-master" (SHA256) C3:10:34:33:83:BC:0A:EA:A5:FA:BF:6F:96:EA:CF:1D:B8:E7:A1:8A:03:0E:1E:7F:6A:E5:E6:C1:20:A8:9B:31 (alt names: "DNS:puppet", "DNS:puppet-master")
Step 9: Test the Configuration
Congratulations Puppet has been set up successfully. Let's Test the Configuration using below command.
[root@puppet-agent puppet]# /opt/puppetlabs/bin/puppet agent --test
Info: Caching certificate for puppet-agent
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for puppet-agent
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppet-agent
Info: Applying configuration version '1575757117'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Applied catalog in 0.02 seconds
Also Read: 50 Best Puppet Interview Questions
Reference: Puppet Documentation