Puppet, a popularly known configuration management tool for Unix and Windows based systems that allows an administrator to easily automate repetitive and error-prone system administration tasks – which includes provisioning, installation of packages/software, configurations and management of the entire infrastructure. Puppet comes in two flavors – Puppet Enterprise and Puppet open source. As the name suggests, the enterprise version is a commercial product and open source version is free to download. This tutorial will cover how to install and configure open source Puppet (version 4) on CentOS and Ubuntu based systems.
Before we start with the installation procedure, let’s us understand the architecture of puppet.
Puppet Master/Agent Architecture
Puppet generally works based on Client/Server model – that’s Master/Agent based architecture, namely Puppet Master and Puppet Agent. The Puppet master controls the configuration information and managed Puppet Agent nodes requests their own configuration catalogs. The below diagram depicts the flow of communication between the master and agent nodes.
What is catalog?
Catalog is a document that contains information about the desired state of a system. The Puppet master compiles the catalog and Puppet agents apply those.
Puppet Installation environment
In this tutorial, I’ll be using two nodes – puppetmaster.test.in (Puppet Master) and puppetagent.test.in (Puppet Agent) (they are VMs running on OpenStack)
How to Install and Configure Puppet 4?
Step 1: The first step is to check the network visibility between the master and agent node. You will have ensure that these domains are resolved via DNS or from hosts file.
On Puppet Master node:
# ping puppetagent PING puppetagent.test.in (10.180.141.126) 56(84) bytes of data. 64 bytes from puppetagent.test.in (10.180.141.126): icmp_seq=1 ttl=64 time=0.347 ms --- puppetagent.test.in ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.347/0.347/0.347/0.000 ms
On Puppet Agent node:
# ping puppetmaster PING puppetmaster.test.in (10.180.141.125) 56(84) bytes of data. 64 bytes from puppetmaster.test.in (10.180.141.125): icmp_seq=1 ttl=64 time=0.711 ms 64 bytes from puppetmaster.test.in (10.180.141.125): icmp_seq=2 ttl=64 time=0.316 ms --- puppetmaster.test.in ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 0.316/0.513/0.711/0.198 ms
Step 2: Install NTP
The Puppet Master node will act as a Certificate Authority (CA) and issue certificates for the agent nodes. It means, the Master node must sync with the proper time to avoid problems while issuing certificates to the agent nodes. So, you need to install NTP and sync it with the time server of your choice.
Check the available timezones in the Master node:
# timedatectl list-timezones
Set the proper regional timezone:
# timedatectl set-timezone Asia/Kolkata
Install NTP:
# yum install ntp
Sync with the time server of your choice:
# ntpdate pool.ntp.org
Open ntp.conf and add the time servers of your choice.
# vim /etc/ntp.conf
Save and exit.
Start and enable NTP service:
# systemctl restart ntpd # systemctl enable ntpd
Note: You may also configure NTP on agent nodes – To do that, just follow Step 2 on Puppet Agent nodes as well.
Install Puppet Server (on Master node)
Puppet server is a program that runs on Puppet master node and as depicted in the architecture diagram, this service will create catalog and push the configurations to Puppet agent nodes.
Step 1: In order to install Puppet services, you need to enable Puppet collection repository or release packages. For Yum based operating systems, you can find the packages at yum.puppetlabs.com and for Apt based systems at apt.puppetlabs.com.
On CentOS, I’ll be using puppet repository based on rpm packages.
# rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm puppetlabs-release-pc1-1.0.0-2.el################################# [100%]
On Ubuntu:
# wget https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb
# dpkg -i puppetlabs-release-pc1-xenial.deb Selecting previously unselected package puppetlabs-release-pc1. (Reading database ... 205725 files and directories currently installed.) Preparing to unpack puppetlabs-release-pc1-xenial.deb ... Unpacking puppetlabs-release-pc1 (1.0.0-2xenial) ... Setting up puppetlabs-release-pc1 (1.0.0-2xenial) ...
# apt-get update
Install Puppet server package:
On CentOS:
# yum -y install puppetserver
On Ubuntu:
# apt-get install puppetserver
Start Puppet server:
# systemctl start puppetserver
(or)
# service puppetserver start
Enable puppet server to start during the system boot
# systemctl enable puppetserver
(or)
# chkconfig puppetserver on
Installing Puppet Agent (on Agent nodes)
We’ll be installing Puppet Agent service on the agent nodes and these are the nodes that receive catalog from Puppet master node and apply those.
Enable Puppet collection repository:
# rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
On Ubuntu:
# wget https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb
# dpkg -i puppetlabs-release-pc1-xenial.deb Selecting previously unselected package puppetlabs-release-pc1. (Reading database ... 205725 files and directories currently installed.) Preparing to unpack puppetlabs-release-pc1-xenial.deb ... Unpacking puppetlabs-release-pc1 (1.0.0-2xenial) ... Setting up puppetlabs-release-pc1 (1.0.0-2xenial) ...
$ sudo apt-get update
Install Puppet Agent:
On CentOS:
# yum -y install puppet-agent
On Ubuntu:
# apt-get install puppet-agent
Start Puppet Agent:
By default, the agent will be referring the Puppet master node as ‘puppet’. Also the below command will display the hostname that the Agent will be using to connect to Master.
# /opt/puppetlabs/puppet/bin/puppet agent --configprint server puppet
# /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true
Notice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running'
service { 'puppet':
ensure => 'running',
enable => 'true',
}Note: Lookout for the server setting in puppet.conf to change the hostname of the Puppet Master.
Note: By default, Puppet will be installed under /opt/puppetlabs folder.
Request certificate for Agent node to the certificate authority
The Puppet master node will act as the certificate authority, which signs the certificate of agent nodes.
# /opt/puppetlabs/puppet/bin/puppet agent -t Info: Caching certificate for ca Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for puppetagent.test.in Info: Certificate Request fingerprint (SHA256): BF:E9:8B:85:ED:61:B4:D5:61:2E:F2:C4:0B:0A:24:A3:D5:17:B5:E3:B4:54:53:4F:C7:39:7F:FE:49:1B:AF:4A Info: Caching certificate for ca Exiting; no certificate found and waitforcert is disabled
On Puppet Master node – Sign the Agent’s certificate request
List the current certificate requests:
# /opt/puppetlabs/puppet/bin/puppet cert list "puppetagent.test.in" (SHA256) BF:E9:8B:85:ED:61:B4:D5:61:2E:F2:C4:0B:0A:24:A3:D5:17:B5:E3:B4:54:53:4F:C7:39:7F:FE:49:1B:AF:4A
Sign the certificate:
# /opt/puppetlabs/puppet/bin/puppet cert sign puppetagent.test.in Notice: Signed certificate request for puppetagent.test.in Notice: Removing file Puppet::SSL::CertificateRequest puppetagent.test.in at '/etc/puppetlabs/puppet/ssl/ca/requests/puppetagent.test.in.pem'
View all signed requests:
# /opt/puppetlabs/puppet/bin/puppet cert list --all + "puppetagent.test.in" (SHA256) 0F:41:D0:67:78:BB:7B:48:F8:4B:10:10:C4:F9:FD:DD:46:19:34:4B:BE:4D:6F:4B:2F:45:57:86:33:C2:BC:45 + "puppetmaster.test.in" (SHA256) 4A:F3:F7:C0:81:7D:76:49:77:31:81:B1:70:50:AE:EE:F9:49:95:22:B0:24:0C:08:C3:5E:30:E6:29:75:28:07 (alt names: "DNS:puppet", "DNS:puppetmaster.test.in")
And you are done! Your first Puppet Infrastructure is ready.
Let’s test Puppet
Puppet uses a tool called Facter to gather information (facts) about the Puppet Agents. By default, the informations such as Operating system name, version, hostname, IP address, SSH Keys etc. are gathered. But it allows you to add custom facts as well, which I will be discussing in a separate article.
How facts are useful?
While creating a configuration template, you might want to automatically fetch a fact (say IP address of an agent node) and fill-in at the appropriate location. Similarly, you might want to read a hostname of an agent node and use it in the configuration template.
The below command (execute it on Master node) will list all gathered facts of an Agent node.
# /opt/puppetlabs/puppet/bin/facter
Sample output:
:::::::::::::::::::::::::::::::
partitions => {
/dev/vda1 => {
filesystem => "xfs",
mount => "/",
size => "39.99 GiB",
size_bytes => 42943138304,
uuid => "6c8f1327-a7c0-40a2-8bb3-89ea95a69d82"
}
}
path => /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
processors => {
count => 2,
isa => "x86_64",
models => [
"Intel Core Processor (Haswell, no TSX)",
"Intel Core Processor (Haswell, no TSX)"
],
physicalcount => 2
}
:::::::::::::::::::::::::::::::::::::::::That’s it! Now you need to understand Manifests and modules to use Puppet effectively.
