How To Add Puppet Nodes to Foreman – CentOS 7 / Ubuntu 18.04 & Debian 9

0

This tutorial is the continuation of Foreman installation and configuration series. Here, we will be going through the steps to add Puppet nodes to Foreman.

If you haven’t set up Foreman yet, feel free to follow the steps mentioned in the below links.

READ: How To Install Foreman on CentOS 7 / RHEL 7

READ: How To Install Foreman on Ubuntu 18.04 / Ubuntu 16.04 & Debian 9

This post covers the installation and configuration of Puppet agents on CentOS 7 / Fedora 28 / Ubuntu 18.04 / 16.04 & Debian 9 to work with Foreman (Puppet Master).

Infrastructure

Foreman Node

IP Address: 192.168.1.10
FQDN: server.itzgeek.local

Puppet Agent Node

IP Address: 192.168.1.20
FQDN: client.itzgeek.local

Prerequisites

Make sure both Foreman server and the client can resolve the hostname each other. Either use /etc/hosts file or DNS server for this purpose.

### CentOS / RHEL / Fedora ###

vi /etc/hosts

### Ubuntu / Debian ###

sudo nano /etc/hosts

Like below.

192.168.1.10     server.itzgeek.local     server    # Foreman
192.168.1.20     client.itzgeek.local     client    # Puppet Agent

Install Puppet Agent on Foreman Nodes

Let us first install the Puppetlabs repository to get a puppet agent packages from official source.

### CentOS 7 / RHEL 7 ###

rpm -Uvh https://yum.puppet.com/puppet5/puppet5-release-el-7.noarch.rpm

### CentOS 6 / RHEL 6 ###

rpm -Uvh https://yum.puppet.com/puppet5/puppet5-release-el-6.noarch.rpm

### Ubuntu 18.04 ###

wget https://apt.puppetlabs.com/puppet5-release-bionic.deb
sudo dpkg -i puppet5-release-bionic.deb
sudo apt update

### Ubuntu 16.04 ###

wget https://apt.puppetlabs.com/puppet5-release-xenial.deb
sudo dpkg -i puppet5-release-xenial.deb
sudo apt update

### Debian 9 ###

wget https://apt.puppetlabs.com/puppet5-release-stretch.deb
sudo dpkg -i puppet5-release-stretch.deb
sudo apt-get update

### Fedora 28 ###

rpm -Uvh https://yum.puppet.com/puppet5/puppet5-release-fedora-28.noarch.rpm

Install puppet agent using below command.

### CentOS / RHEL ###

yum install -y puppet-agent

### Ubuntu / Debian ###

sudo apt-get install -y puppet-agent

### Fedora 28 ###

dnf install -y puppet-agent

Configure puppet agents

Once the installation is done, we will need to update the /etc/puppetlabs/puppet/puppet.conf file.

### CentOS / RHEL / Fedora ###

vi /etc/puppetlabs/puppet/puppet.conf

### Ubuntu / Debian ###

sudo nano /etc/puppetlabs/puppet/puppet.conf

Add the following settings to your [agent] settings. Enter your Foreman (Puppet Master) details in server = <> line.

[agent]
    server = server.itzgeek.local # Foreman Server
    certname = client.itzgeek.local # Puppet Agent
    runinterval = 180 # Interval in seconds
    environment = production
    listen = false
    pluginsync = true
    report = true

Run the following command to enable and run puppet agent service.

sudo /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true

If required, restart the puppet agent service.

### CentOS / RHEL / Fedora ###

service puppet restart

### Ubuntu / Debian ###

sudo service puppet restart

Sign Puppet Agent certificate

Now, you will have to sign the certificate of puppet agents to work with Foreman, and you can do this either by using the command line or Foreman web console.

Command Line

In Foreman (Puppet Master) server, issue the following command to list down the unsigned certificates.
### CentOS / RHEL ###

/opt/puppetlabs/bin/puppet cert list

### Ubuntu / Debian ###

sudo /opt/puppetlabs/bin/puppet cert list

Output:

"client.itzgeek.local" (SHA256) 86:09:AA:5A:7B:43:31:20:1F:AE:21:3D:44:CA:9A:BF:57:A9:25:92:0A:AB:C7:CF:C2:AF:84:96:4F:C4:F2:F8

In the above output, client.itzgeek.local is the puppet agent. To sign the certificate, use the following command.

### CentOS / RHEL ###

/opt/puppetlabs/bin/puppet cert sign client.itzgeek.local

### Ubuntu / Debian ###

sudo /opt/puppetlabs/bin/puppet cert sign client.itzgeek.local

Output:

Signing Certificate Request for:
   "client.itzgeek.local" (SHA256) 86:09:AA:5A:7B:43:31:20:1F:AE:21:3D:44:CA:9A:BF:57:A9:25:92:0A:AB:C7:CF:C2:AF:84:96:4F:C4:F2:F8
Notice: Signed certificate request for client.itzgeek.local
Notice: Removing file Puppet::SSL::CertificateRequest client.itzgeek.local at '/etc/puppetlabs/puppet/ssl/ca/requests/client.itzgeek.local.pem'

Console Mode

Open up your Foreman web console and go to Infrastructure >> Smart proxies. Select the Certificates from drop down.

Add Puppet Nodes to Foreman - List Puppet Certificate
Add Puppet Nodes to Foreman – List Puppet Certificate

As you see below, agent certificate (client.itzgeek.local) is pending to be signed. To sign, click the Sign button.

Add Puppet Nodes to Foreman - Foreman Signs Puppet Agent Ceritificates
Add Puppet Nodes to Foreman – Foreman Signs Puppet Agent Certificates

Now, agent (client.itzgeek.local) is signed successfully.

Add Puppet Nodes to Foreman - Puppet Certificates
Add Puppet Nodes to Foreman – Puppet Certificates

Verify Node

Now, go to Hosts >> All Hosts. Verify that the new node (client.itzgeek.local) has been added to Foreman.

Add Puppet Nodes to Foreman - List of Puppet Nodes in Foreman
Add Puppet Nodes to Foreman – List of Puppet Nodes in Foreman

Detailed Information:

Add Puppet Nodes to Foreman - Detailed Information of Added Puppet Node
Add Puppet Nodes to Foreman – Detailed Information of Added Puppet Node

That’s All.

You might also like