Opensource puppet installation and configuration

Puppetmaster: 

OS: CentOS 7 (Server installation)

Vcpu: 1

Ram: 2 GB

Disk: 40 GB

Puppet Client: 

OS: CentOS 7 (Server installation)

Vcpu: 1

Ram: 1 GB

Disk: 25 GB

Prerequisites

Install NTP

Timings of the master and client nodes should be accurately in sync with upstream time servers because the Puppet master server master will be acting as the certificate authority. Install the NTP package and perform the time sync with upstream NTP servers.

Install the NTP package and perform the time sync with upstream NTP servers.

#yum -y install ntpdate

DNS

Puppet architecture uses the hostname to communicate with the managed nodes, so make sure nodes can resolve the hostname each other, either setup /etc/hosts file or DNS server.

Puppet Repository

To install the puppet master/agent, we would require adding a puppet repository on all the nodes. Get the PupperLabs repository rpm and install it.

Setup repository on both master and slave nodes.

#rpm -Uvh https://yum.puppet.com/puppet6-release-el-7.noarch.rpm

Install Puppet Server

Install the Puppet server using the below command.

#yum install -y puppetserver

Configure Puppet Server

Memory Allocation

By default, Puppet Server JVM is configured to use 2GB of memory. You can change it, depends on how much memory available on your master node. Ensure that it is enough for managing all the nodes connected to it.

To change the value of memory allocation, edit the below file.

#vi /etc/sysconfig/puppetserver

Change the value

From:

JAVA_ARGS="-Xms2g -Xmx2g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"

To:

For 512MB, use the below settings.

JAVA_ARGS="-Xms512m -Xmx512m -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"

Start Puppet Server

Puppet Master does not require any configuration; you can simply start the puppetserver service.It will use the default settings.

If you want to change puppet master hostname, follow the below procedure.

Advanced Configurations (optional)

#vi /etc/puppetlabs/puppet/puppet.conf

[master]

dns_alt_names = puppet-master,puppet-master.example.com

[main]

certname = puppet-master.example.com #Create a new section called [main]

server = puppet-master.example.com

Start Puppet Server

Generate a root and intermediate signing CA for Puppet Server.

#puppetserver ca setup

If you get puppetserver: command not found, run source /etc/profile.d/puppet-agent.sh in the terminal or log out from the current session and log in back.

Start and enable the Puppet Server

# systemctl start puppetserver

# systemctl enable puppetserver

Firewall

The Puppet Master listens on port 8140, so configure the firewall in such way that managed nodes can connect to the master.

#firewall-cmd --permanent --add-port=8140/tcp

success

#firewall-cmd --reload

Install Puppet Agent

Install the puppet agent on your client using the below command.

#yum install -y puppet-agent

Puppet agent also uses some of the default settings to connect to the master node. However, we need to edit the puppet configuration file and set puppet master information.

Set server value as per your master node name and certname to client hostname

Install Puppet Agent

Install the puppet agent on your client using the below command.

#yum install -y puppet-agent

Puppet agent also uses some of the default settings to connect to the master node. However, we need to edit the puppet configuration file and set puppet master information.

Set server value as per your master node name and and certname to client hostname

#vi /etc/puppetlabs/puppet/puppet.conf

[main]

certname = www.puppetclient.zippyops.com

server = www.puppetmaster.zippyops.com

Start puppet agent on the node and make it start automatically on system boot.

# puppet resource service puppet ensure=running enable=true

Notice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running'

service { 'puppet':

  ensure   => 'running',

  enable   => 'true',

  provider => 'systemd',

}

Sign Agent Node Certificate on Master Server

In an agent/master deployment, an admin must approve a certificate request coming from each node so that they can fetch the configurations. Agent nodes will request certificates for the first time if they attempt to run.

#puppetserver ca list

#puppetserver ca sign --certname www.puppetclient.zippyops.com

sign all the requests in one command

# puppetserver ca sign --all

To revoke the certificate of a particular node to readd them back.

Replace the with your client hostname.

#puppetserver ca revoke --certname

we can list all of the signed and unsigned requests with the below command.

# puppetserver ca list --all

Signed Certificates:

    www.puppetmaster.zippyops.com       (SHA256)  71:BA:C5:2B:3E:A8:A1:FD:1F:56:74:1E:BE:00:4A:60:82:93:89:F3:38:7B:AB:DE:E0:7E:F9:CF:77:5A:1B:C6       alt names: ["DNS:puppet", "DNS:www.puppetmaster.zippyops.com"]       authorization extensions: [pp_cli_auth: true]

Verify Puppet Client

Once the Puppet Server has signed our client certificate, run the following command on the client machine to test it.

# puppet agent --test

Info: Using configured environment 'production'

Info: Retrieving pluginfacts

Info: Retrieving plugin

Info: Retrieving locales

Info: Caching catalog for www.puppetclient.zippyops.com

Info: Applying configuration version '1620124042'

Notice: Applied catalog in 0.11 seconds