Install open puppet Master on Ubuntu

Posted on by a blogger

For the purposes of this tutorial I will be configuring the following:

  • Ubuntu 16.04.1 Server  Hostname: puppet.example.com  IP: 192.168.1.95 => Puppet Server
  • Ubuntu 16.04.1 Desktop  Hostname:  client1.example.com  IP: 192.168.1.110 => Puppet Client 1
  • CentOS 7 Desktop   Hostname:  client2.example.com  IP:  192.168.1.114  => Puppet Client 2

Install the puppet Server

Enable the Puppetlabs Repository  (replacing distro name as required)

  • wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
  • sudo dpkg -i puppetlabs-release-trusty.deb
  • sudo apt-get update && sudo apt-get upgrade -y # install all updates first
  • sudo apt-get install puppetmaster

Lock the puppet installed version (so O/S updates don’t interfere with your puppet infrastructure & rollouts)

  • puppet -V                         ## Note the version
  • sudo nano /etc/apt/preferences.d/00-puppet.conf

# ========== Start of 00-puppet.conf file =============== #
Package: puppetmaster
Pin: version 3.8*
Pin-Priority: 501
# ============= End of 00-puppet.conf file =============  #

Note: Replace version 3.8* with the version found earlier.

Install and configure GIT for versioning

  • sudo apt-get install git
  • cd /etc/puppet
  • sudo git init
  • sudo git add .
  • git config --global user.name "Your username here"
  • git config --global user.email "client email address here"
  • sudo git commit -m "Initial commit for puppet" -a

Determine if SSL Certificate is on Puppet Server

# puppet cert list --all

The puppet master should have it’s own signed Certificate here, and be listed.  The line would start with a +.  If nothing is here, then a certificate should be generated.

Check if puppet server is running

# systemctl status puppetmaster.service

Look to see if it is “active (running)”.  Should be, if not you can start it with:  systemctl start puppetmaster.service

The puppet server will listen on TCP port 8140.  You can also check to see if the system is listening with:

# netstat -antp |grep :8140

Puppet Client Install #1

For the first example system, we are going to install the puppet client on a Ubuntu 16.04.1 desktop system (64-bit).  Follow along the steps to get it configured.

First, let’s update the system:

sudo apt-get update && sudo apt-get upgrade -y
wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb  # Download repo file
sudo dpkg -i puppetlabs-release-trusty.deb # install repo
sudo apt-get install puppet # Install the puppet client package

Lock puppet version

sudo nano /etc/apt/preferences.d/00-puppet.conf

# =========== Start of 00-puppet.conf file ============= #
Package: puppet puppet-conf
Pin: version 3.8*
Pin-Priority: 501
# =============== End of 00-puppet.conf file ========= #

Stop the puppet client daemon

# systemctl status puppet.service

The service should be active.  As this is the first install, the puppet-agent should be warning about not being able to request a certificate.

Add puppet master to clients /etc/hosts file

# echo <IP address> <hostname> | sudo tee -a /etc/hosts

Note: The above line will add the IP address and hostname for the Puppet Master server previously configured to the /etc/hosts file on this desktop’s host.  Replace the <IP Address> and <hostname> as necessary.  example:  # echo 192.168.2.20 mypuppetmaster mypuppetmaster.example.com | sudo tee -a /etc/hosts

Start the puppet client daemon

Now that the desktop will be able to see the puppet master (via the local /etc/hosts file), you can now star the daemon.  It should attempt to auto-connect with the puppet master.  On the puppet master you should see a ssl-request from the client.  You can check this with:

# puppet cert list

The desktop’s client hostname should be listed.  Now you will want to sign the ssl request, so the puppet server and client can communicate.  This is accomplished with running this (from the Puppet Master):
# puppet cert sign <hostname>

Note:  Replacing hostname, with the FQDN of the displayed hostname from the puppet cert list command above.

Now that the ssl certificate is signed, the puppet client & server can communicate.  It is advisable to restart the daemon on the client by running: # sudo systemctl restart puppet.service

Puppet Client Install #2

After the O/S is installed (centOS 7), we will perform an OS upgrade so the system is up-to-date with: yum update

Next, we’ll want to grab the repository for that with:

# sudo rpm -Uvh https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm

# sudo yum install puppet

Modify the /etc/hosts file.  Add the entry for the puppet master there.

# echo 192.168.2.20 mypuppetmaster.example.com mypuppetmaster puppet | sudo tee -a /etc/hosts

Running a # puppet cert list on the puppet master confirms the SSL certficate was generated, and is now required to be signed by the puppet master.

Run: # puppet cert sign client2.example.com
Notice: Signed certificate request for client2.example.com
Notice: Removing file Puppet::SSL::CertificateRequest client2.example.com at ‘/var/lib/puppet/ssl/ca/requests/client2.example.com.pem’

Once this “node” is entered into the puppet masters configuration for management, it can do as it’s told.

=====================================================

Re-issue SSL Certificate

Note: If you are having issues with the certificate, you may need to delete it and have it re-issued.  See below.

Server Removal:  (using a hostname of client1.example.com)
# puppet cert clean client1.example.com

Client Removal: (same hostname of client1.example.com)
find ~/.puppet/ssl -name client1.example.com.pem -delete

On the client machine re-generate the SSL with:
# sudo puppet agent -t

Now sign it on the puppet server with:
# sudo puppet cert sign client1.example.com

=====================================================

Puppet Configuration

Now that the puppet server and at least one puppet agent is installed we will want to configure the puppet server further.  For this step, one would need to understand manifests, modules, etc.  For a simple test, we will create a site manifest, which should be sufficient to get things working and tested.

# vi /etc/puppet/manifests/site.pp

# ============ Contents of the site.pp file ============== #
class test_class {
file { “/tmp/testfile”:
ensure => present,
mode => 0600,
content => “It works from IP: ${ipaddress_enp0s3}!\n”,
owner => root,
group => root
}

# Tell puppet on which clients to run the class
node client1,client2 {
include test_class
}
}

# ============== End of the site.pp file ================ #

Now run: puppet agent --test on each of the puppet clients.  It should finish successfully, and create a /tmp/testfile.  The contents should list your IP address.  Assuming of course that your network interface is enp0s3.

Resources to learn more about puppet

  • https://puppet.com/download-learning-vm ## Download the learning VM.  It include a copy of Puppet Enterprise, and can walk you through learning about manifests, modules, etc.
  •  https://docs.puppet.com/  ## Document resource ***
  • https://www.digitalocean.com/community/tutorials/getting-started-with-puppet-code-manifests-and-modules
  • https://www.digitalocean.com/community/tutorials/configuration-management-101-writing-puppet-manifests
  • http://www.thegeekstuff.com/2015/07/puppet-configuration-examples

 

 

 

Category: Linux