Puppet is a system that is used for automating system administration tasks. Almost all system administrators try to get rid of their daily repetitive and boring routine tasks with the help of scripting to automate them.
But there are issues with scripting and automating, that’s why we prefer to use Puppet configuration management tool that is extremely powerful in deploying, configuring and managing a server machine. Puppet keeps the configurations of your hosts under check and can used in one shot to configure a machine from scratch like installing packages, configurations and to create and manage users.
Let’s see how it works for a master and client installation and configuration on Ubuntu 14.04 that will consists of central Puppet Master Server where all of your configuration data will be managed and distributed, while the remaining servers will be acting as Puppet Agent nodes, which can be configured by Puppet Master Server.
Prerequisites
We will be using two virtual machines in this tutorial with Ubuntu 14.04 operating system installed on these with their static IP addresses and hostnames configured properly.
Let’s open the /etc/hosts
file and configure it according to your infrastructure environment.
root@ubuntu-puppet:~# vim /etc/hosts
192.168.1.90 ubuntu-puppet.test.com ubuntu-puppet
192.168.1.91 ubuntu-client.test.com ubuntu-client
Where the ubuntu-puppet
will serve as Master Puppet while we will install its agent on ubuntu-client
.
Since Puppet is not in basic Ubuntu distribution repositories, we have to add a custom repository provided by Puppet Labs. On all servers in which you want to use Puppet, download and install the repository by executing following commands on each server.
root@ubuntu-puppet:~# wget http://apt.puppetlabs.com/puppetlabs-release-trusty.deb
root@ubuntu-client:~# wget http://apt.puppetlabs.com/puppetlabs-release-trusty.deb
To install the downloaded repository from puppet labs, let run the following commands to install.
root@ubuntu-puppet:~# dpkg -i puppetlabs-release-trusty.deb
root@ubuntu-client:~# dpkg -i puppetlabs-release-trusty.deb
Now update
your system with latest packages and repositories with below command on each server.
root@ubuntu-puppet:~# apt-get update
root@ubuntu-puppet:~# apt-get update
The server acting as a puppet master should have its system time set accurately. To set, accurate system time you should probably use NTP service. Use the following command to install ntp
server on your master puppet server.
root@ubuntu-puppet:~# apt-get -y install ntp
root@ubuntu-puppet:~# service ntp restart
Puppet Master Installation
Now we are ready to proceed with the install installation of puppet packages which will fetch all necessary prerequisites and requirements.
Once system time is set correctly, you can install latest versions of Puppet using Puppet Labs package repository on your correspondent Linux versions.
root@ubuntu-puppet:~# apt-get install puppetmaster
The output shows the successful installation of puppetserver
and its running services. We can check the puppet version with below command.
root@ubuntu-puppet:~# puppet -V
3.8.1
Now we need to lock the puppet version update as this will hamper the configurations while updating Puppet. It will not update Puppet while running updates in the system. We can do these settings by creating a new file with following configurations as shown.
root@ubuntu-puppet:~# vim /etc/apt/preferences.d/00-puppet.pref
# /etc/apt/preferences.d/00-puppet.pref
Package: puppet puppet-common puppetmaster-passenger
Pin: version 3.8*
Pin-Priority: 501
:wq!
Puppet Master Configuration
To configure puppetmaster
, we need to change its puppet.conf
file, where we will just comment out this line templatedir=$confdir/templates
while other parameters will remain as same.
After making required changes to the configuration file now restart master puppet services.
root@ubuntu-puppet:~# service puppetmaster stop
root@ubuntu-puppet:~# service puppetmaster start
At this stage our master puppet server is ready, now let’s move towards its client setup on another virtual machine with Ubuntu 14.04 Operating system installed.
Puppet Client Installation
As we had already done with installation of its prerequisites, now simply run the following command to installpuppet
client on the host that will be interacted with Puppet Master Ubuntu server.
root@ubuntu-client:~# apt-get install puppet
Puppet Version Lock
In the same way as we did for Puppet master server, we will lock the Puppet version so that it may not cause any issue during the operating system updates.
To check the installed puppet version use puppet -V
command and then create a new file called in the apt preferences directory with following configurations changes.
root@ubuntu-client:~# puppet -V
3.8.1
root@ubuntu-client:~# vim /etc/apt/preferences.d/00-puppet.pref
# /etc/apt/preferences.d/00-puppet.pref
Package: puppet puppet-common puppetmaster-passenger
Pin: version 3.8*
Pin-Priority: 501
:wq!
Now it will not update the Puppet while running updates in the system, so let’s proceed with Puppet client configuration in following steps.
Puppet Client Configurations
Open the configuration file of puppet client by using any of your favorite editor and configure its parameters as shown. We will comment out the [master]
configurations here and will add the new lines under[agent]
as shown.
root@ubuntu-client:~# vim /etc/puppet/puppet.conf
Enable Puppet Service
To enable puppet service we have to make changes in its default configurations file. Setting this to “yes” allows the puppet agent service to run.
root@ubuntu-client:~# vim /etc/default/puppet
START=yes
:wq!
Save the changes and start puppet agent services with below command.
root@ubuntu-client:~# service puppet start
* Starting puppet agent
The output shown confirms that our client machine is ready to communicate with puppet master server.
Exchange Certificates from Master to Client Puppet
Now we are going to generate new certificates for Master Puppet to Client Puppet communications because after successful configuration of Puppet client it will search for Puppet master Server and ask for cert request before accepting any administrative instructions from Master puppet server.
Let’s run the command at Puppet Master Ubuntu server to view such cert requests.
root@ubuntu-puppet:~# puppet cert list
"ubuntu-client.test.com" (SHA256) 37:23:4B:89:F4:F4:35:A1:4E:53:A8:BE:D6:98:C6:C5:39:98:62:6F:02:3E:5A:D0:B6:3C:C9:3D:F5:F7:09:94
The above output shows that the ubuntu-client came to master Puppet and ask for certs request. Now the puppet master server must sign the cert requested from puppet client with following command.
root@ubuntu-puppet:~# puppet cert sign ubuntu-client.test.com
Notice: Signed certificate request for ubuntu-client.test.com
Notice: Removing file Puppet::SSL::CertificateRequest ubuntu-client.test.com at '/var/lib/puppet/ssl/ca/requests/ubuntu-client.test.com.pem'
It means that the request from the Client Puppet has been accepted by the Puppet Master server. To confirm we can check this by executing the following command at Master Puppet server as.
root@ubuntu-puppet:~# puppet cert list -all
+ "ubuntu-client.test.com" (SHA256) 5D:7F:0A:A3:48:D3:65:69:94:91:3E:C3:1C:0F:56:63:BA:1C:2C:8A:DB:F5:18:68:76:BB:41:04:4B:DD:56:0C
+ "ubuntu-puppet.test.com" (SHA256) E1:C7:3C:CE:81:EB:C0:24:1F:5C:B6:D5:0D:93:58:12:18:00:70:D2:7A:8F:C0:47:1C:74:FD:CA:D6:DC:A2:77 (alt names: "DNS:puppet", "DNS:puppet.test.com", "DNS:ubuntu-puppet.test.com")
Where the + sign in the output shows the successful certificate signing at the master puppet server.
We can also view the certificates fingerprint on the client puppet machine by running the following command on the Client Puppet machine as below.
root@ubuntu-client:~# puppet agent --fingerprint
Similarly we can add any number of clients with Puppet master Ubuntu Server and sign the cert requests from the clients and do the administrations centrally through the Puppet Master server.
Once ipaddress is provided in puppet master as well as client, then in the client :
please enter: puppet agent -t
It will throw some error like Exiting; no certificate found and waitforcert is disabled
do not worry about it, go back to master and there we have to execute the command: puppet cert list
First we need to update the host name in puppet master and agent , and then try to ping from each other ,if they are able to ping each other then it is working fine.
they are able to connect to each other.
next step is to create hand shake between puppet master and puppet client.
for this we have to mention in the puppet client conf.file server=puppethostname
once it is done: execute the command from the puppet client : puppet agent -t
This command will send an request to puppet master, there you will the request by executing the command : puppet cert list :
Now handshake is made, you have to confirm the communication.
Set Up the Puppet Master
enable the puppetlabs-release
repository on Ubuntu 14.04, unpackage it, and update your system. This process downloads a .deb
file that will configure the repositories for you:
wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
dpkg -i puppetlabs-release-trusty.deb
apt-get update
wget puppetlabs-release-pc1-OS-VERSION.noarch.rpm
[main]
dns_alt_names = puppet,puppet.example.com
In Agent Node
[main]
serverserver = puppet.example.com
service puppet restart