puppet-master.png

Setting up your First Puppet Master Server

| Posted on |

Setting up your First Puppet Master Server

 If you’re managing servers and aren’t using an infrastructure-as-code solution such as Puppet, Ansible or Chef, be warned: you should be.

Other viable solutions are in the past, infrastructure-as-code tools allow businesses and IT to become much more agile, bringing entire environments up and down quickly with ease.

puppet.png

Puppet is one of the first of these solutions and is arguably still the most popular. Its architecture consists of a having one or more Puppet “masters” and nodes that are managed by the master. The master allows you to create the configurations as code, which then grabbed by nodes and applied. One important note: although Windows support is available with Puppet, the master can only run on Linux.

In this article, I’ll walk you through the process of setting up your very first as well as Puppet agent on a client machine. Keep in mind, this will not be a production-ready setup, it will be a no-nonsense guide to getting Puppet up and running so that you can test out the solution.

Prerequisites

For our example setup, I’ll be installing the Puppet master on a CentOS 7 VM and Puppet agent on another CentOS VM. Before we install Puppet, we need to ensure proper networking is in place. You’ll need name resolution working, either by DNS or via the host’s file. By default, the Puppet will assume that the hostname of your Puppet master is “puppet” and nodes will look for the master by this name. I’ll leave this configuration as is for this example.

First, let’s get some prerequisites in order. I want to set NTP and set my firewall to allow port 8140 , which is required for communication with the .

Here, I ensure firewalld is started and enabled. I then allow port 8140:

[dan@puppet ~]$ sudo systemctl start firewalld

[dan@puppet ~]$ sudo systemctl enable firewalld

[dan@puppet ~]$ sudo firewall-cmd --permanent --zone=public --add-port=8140/tcp

Now I’ll install NTP, which is necessary since the puppet master acts as a certificate authority. To do this I will use the package manager Yum.


[dan@puppet ~]$ sudo yum install ntp

Next, let’s set our time zone and start the NTP service:


[dan@puppet ~]$ sudo timedatectl set-timezone America/New_York

[dan@puppet ~]$ sudo systemctl start ntpd

Finally, I’ll enable NTP through the firewall:


[dan@puppet ~]$ sudo firewall-cmd --add-service=ntp --permanent
 

Installing the Puppet Master Server

Now it’s time to install the actual Puppet software. Once again, we can do this with Yum. Before we do this though, enable the puppet repository with the “rpm” command.


[dan@puppet ~]$ sudo rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm

[dan@puppet ~]$ sudo yum -y install puppetserver

As we did with NTP, we need to enable the puppetservice service and start it. This will ensure it starts boot:


[dan@puppet ~]$ sudo systemctl enable puppetserver

[dan@puppet ~]$ sudo systemctl start puppetserver

Lastly, let’s reload the firewall:


[dan@puppet ~]$ sudo firewall-cmd --reload

At this point, your Puppet master server is up and running and ready for adding nodes to manage!

Please note that depending on the amount of memory on the server, you may want to change the default memory allocation, as documented here.

Installing Puppet agent on a node

wouldn’t really be very handy if it weren’t for the fact it can manage the configurations of its clients or “nodes.” On my CentOS node, I can use Yum one last time to install the puppet agent:


[dan@puppetagent ~]$ sudo rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm

[dan@puppetagent ~]$ sudo yum -y install puppet-agent

Now we run puppet agent for the first time to request a certificate from the puppet master server:


[dan@puppetagent ~]$ sudo /opt/puppetlabs/bin/puppet agent --test

Here we switch to our Puppet master and sign the certificate for the “ ” node, officially making the node managed. Using the command “puppet cert list” will show any certificate requests:


[dan@puppet ~]$ puppet cert list

[dan@puppet ~]$ sudo /opt/puppetlabs/bin/puppet cert list

  "puppetagent " (SHA256) B1:78:9D:20:16:AA:45:77:86:56:9B:BA:2D:2C:BA:F0:99:78:ED:8F:6E:9B:02:51:66:54:E1:DB:F8:27:CD:3B

[dan@puppet ~]$ sudo /opt/puppetlabs/bin/puppet cert sign puppetagent

Signing Certificate Request for:

  "puppetagent " (SHA256) B1:78:9D:20:16:AA:45:77:86:56:9B:BA:2D:2C:BA:F0:99:78:ED:8F:6E:9B:02:51:66:54:E1:DB:F8:27:CD:3B

Try Puppet for yourself


For those who want to give Puppet a try, I made a Vagrant file that you can use to quickly get it up and running using the setup in this article.

  • Install Vagrant and Virtualbox on your machine
  • Make a directory, you can call it anything, such as “puppet”
  • Change that directory and make a file called “Vagrantfile” (no extension)
  • Place this code into Vagrantfile
  • Now run vagrant up

The result will be the VM “puppetagent” as a managed node on the VM “puppet” master server. Note that since this is an automated deployment the .conf file is open to any machine that wants to request a certificate on the Puppet master.

As you can see, installing the puppet master and agent is very straightforward! Obviously, there is a lot more configuring and securing you can do, but this guide can be a great tool to get started using Puppet.

Related Posts

Comments
Comments are disabled in preview mode.
Loading animation
Loading animation