How to Install Puppet On Ubuntu 16.04

ADVERTISEMENT

Install Puppet On Ubuntu 16.04
Install Puppet On Ubuntu 16.04

When you think of a configuration management tool, the one pop up in your mind is Puppet. Puppet does not require an introduction, but if you still want to know;  it is an open-source configuration management tool, helps you to deploy and manage the configurations of hundreds of client systems from the central location.

Puppet makes the system admin’s life easier by cutting down on time spending on repetitive task and allows them to work on other productive works, also ensures that all the configuration are consistent across the infrastructure.

ADVERTISEMENT
Article will continue after the ad

Puppet is available for Linux, Mac, BSD, Solaris and Windows-based computer Systems, released under Apache License, written in “Ruby” language.

This guide helps you to install Puppet Server on Ubuntu 16.04.

Architecture:

Agent / Master:

In this architecture, one or more servers run the puppet master application and puppet agent application runs on managed nodes (client servers), usually as a background service.

Puppet agent will send facts to the puppet master and request a catalog in the particular interval. The puppet master will compile and return that particular node’s catalog, using the sources of information it has access to.

The Stand-Alone Architecture:

In this architecture, client node runs the puppet apply application, usually as a cron job.

Environment:

Here, we will configure a puppet in master/agent architecture and will use two Ubuntu 16.04 systems as mentioned below.

Puppet Master:

Operating system : Ubuntu 16.04 
IP Address       : 192.168.12.10
HostName         : server.itzgeek.local

Puppet client:

Operating System : Ubuntu 16.04
IP Address       : 192.168.12.20
HostName         : client.itzgeek.local

Prerequisites:

Install NTP:

Time must be set accurately on puppet master that will be acting as a certificate authority to sign the certificates coming from the client nodes. We will use NTP for this purpose.

Install the NTP package and perform the time sync with upstream NTP servers.

$ sudo apt-get install ntp ntpdate
$ sudo ntpdate -u 0.ubuntu.pool.ntp.org

Optional: Ensure that all the nodes are in same time zone using date command. If there are any discrepancies, change it accordingly.

List the available time zones.

$ timedatectl list-timezones

Set the time zone using the following command.

$ sudo timedatectl set-timezone Europe/London

DNS:

Puppet uses the hostname to communicate with the client machine, so make sure they can resolve the hostname each other, either setup /etc/hosts file or DNS server.

To install the puppet master/agent, we would require to setup a puppet repository on the all the nodes.

Note: Setup on both master and agent nodes.

Get the PupperLabs repository rpm and install it.

$ wget https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb
$ sudo dpkg -i puppetlabs-release-pc1-xenial.deb
$ sudo apt-get update

Install Puppet Server:

Puppet Server is the server software that runs on the puppet master node. Puppet master pushes the configurations to client nodes; in which the puppet agent will be running.

Install the Puppet server using below command.

$ sudo apt-get install -y puppetserver

Puppet server is now installed, do not start the puppet server service yet.

Configure Puppet Server:

Memory Allocation (Optional):

By default, Puppet Server JVM is configured to use 2GB of RAM. You can always customize the memory usage depends on how much memory your master node has; ensure that it is enough for managing all the nodes connected to it.

To change the value of memory allocation, edit the below file.

$ sudo nano /etc/default/puppetserver

Change the value shown like below.

From:

JAVA_ARGS="-Xms2g -Xmx2g

To:

For 512MB, use below settings.

JAVA_ARGS="-Xms512m -Xmx512m"

Start Puppet Server:

Puppet master does not require any configuration; you can simply start the puppetserver service. It will use the default settings.

For ex: dns_alt_names (puppet, <hostname of the server>).

Advanced Configurations:

Here, I’m going to modify the Puppet master settings for our requirement.

$ sudo nano /etc/puppetlabs/puppet/puppet.conf

Place the below lines. Modify it according to your environment.

[master]
dns_alt_names = server.itzgeek.local,server
[main]
certname = server.itzgeek.local
server = server.itzgeek.local
environment = production
runinterval = 1h

Start and enable the Puppet Server.

$ sudo systemctl start puppetserver
$ sudo systemctl enable puppetserver

Puppet Server vs. Apache/Passenger Puppet Master:

Puppet Server is now a drop-in replacement for the existing Apache/Passenger Puppet master stack. So we will not be configuring the passenger-stack here.

Install Puppet Agent:

Install the puppet agent using below command.

$ sudo apt-get install -y puppet-agent

Puppet agent also uses some of the default settings to connect to the master node. But, we need to edit the puppet configuration file and set puppet master information.

Note: Set “server” value as per your master node name. In my case, the server is “server.itzgeek.local” and certname is my client hostname (client.itzgeek.local).

$ sudo nano /etc/puppetlabs/puppet/puppet.conf

[main]
certname = client.itzgeek.local
server = server.itzgeek.local
environment = production
runinterval = 1h

You can change the value of runinterval depends on the requirement, you can set the value in seconds; this controls how long agent should wait between the two catalog requests.

Start puppet agent on the node and make it start automatically on system boot.

$ sudo /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true

You would get an output like below.

Notice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running'
service { 'puppet':
 ensure => 'running',
 enable => 'true',
}

Sign the Agent Nodes Certificate on Master Server:

In an agent/master deployment, an admin must approve a certificate request for each agent node before that node can fetch configurations. Agent nodes will request certificates for the first time they attempt to run.

Log into the puppet master server and run below command to view outstanding requests.

$ sudo /opt/puppetlabs/bin/puppet cert list

"client.itzgeek.local" (SHA256) 40:7C:E2:2E:09:4B:86:1A:B8:D5:4A:C0:CE:FF:4F:3F:BB:F9:C5:2F:99:13:51:FE:C7:22:F3:FE:6A:65:48:85

Run puppet cert sign command to sign a request.

$ sudo /opt/puppetlabs/bin/puppet cert sign client.itzgeek.local

Notice: Signed certificate request for client.itzgeek.local
Notice: Removing file Puppet::SSL::CertificateRequest client.itzgeek.local at '/etc/puppetlabs/puppet/ssl/ca/requests/client.itzgeek.local.pem'

The puppet master can now communicate to the client machine and control the node.

To sign all the certificate signing requests in one command.

$ sudo /opt/puppetlabs/bin/puppet cert sign --all

In some cases, you may need to revoke the certificate of a particular node to readd them back. Replace the <hostname> with your client hostname.

$ sudo /opt/puppetlabs/bin/puppet cert clean hostname

List all of the signed and unsigned requests. You should run on the master server, signed requests start with “+“.

$ sudo /opt/puppetlabs/bin/puppet cert list --all

Output: I took this before signing our client (client.itzgeek.local) node.

 "client.itzgeek.local" (SHA256) 40:7C:E2:2E:09:4B:86:1A:B8:D5:4A:C0:CE:FF:4F:3F:BB:F9:C5:2F:99:13:51:FE:C7:22:F3:FE:6A:65:48:85
+ "server.itzgeek.local" (SHA256) 88:DC:90:BC:D6:7A:67:F4:0E:D8:41:65:C4:84:D5:7D:FB:3C:0E:52:20:D8:64:9F:4A:21:D1:83:54:03:D4:3D (alt names: "DNS:server.itzgeek.local", "DNS:server.itzgeek.local", "DNS:server")

Verify the Puppet Client:

Once the Puppet master is signed your client certificate, run the following command on the client machine to test it.

$ sudo /opt/puppetlabs/bin/puppet agent --test

Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for client.itzgeek.local
Info: Applying configuration version '1470161703'
Notice: Applied catalog in 0.02 seconds

Creating our first manifest:

Manifest is a data file which contains client configuration’s, written in Puppet’s declarative language or a Ruby DSL. This section covers the basic manifest to create a directory as well as a file on the client machine.

Main puppet manifest file is located at /etc/puppetlabs/code/environments/production/manifests/site.pp

Now add the following lines to the manifest to create a directory on the client node.

PS: If the node variable is not set, this manifest will apply to all the nodes connected to the puppet master.

node 'client.itzgeek.local' { # Applies only to mentioned node; if nothing mentioned, applies to all.
file { '/tmp/puppetdir': # Resource type file
 ensure => 'directory', # Create as a diectory
 owner => 'root', # Ownership
 group => 'root', # Group Name
 mode => '0755', # Directory permissions
}
}

Now, run the following command on the client node to retrieve the configurations.

$ sudo /opt/puppetlabs/bin/puppet agent --test

Output:

Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for client.itzgeek.local
Info: Applying configuration version '1470201864'
Notice: /Stage[main]/Main/Node[client.itzgeek.local]/File[/tmp/puppetdir]/ensure: created
Notice: Applied catalog in 0.54 seconds

Verify that directory has been created on the client node.

$ ls -ld /tmp/puppetdir/
drwxr-xr-x 2 root root 4096 Aug 3 10:54 /tmp/puppetdir/

Let’s do the test once again by writing the manifest for creating a file with content into it.

node 'client.itzgeek.local' { # Applies only to mentioned node; if nothing mentioned, applies to all.
file { '/tmp/puppetfile': # Resource type file
 ensure => 'present', # Make sure it exists
 owner => 'root', # Ownership
 group => 'root', # Group Name
 mode => '0644', # File permissions
 content => "This File is created by Puppet Server"
}
}

You can go to the client machine and retrieve the catalog as shown the previous example.

That’s All. Now, you have successfully configured puppet server and an agent.

ADVERTISEMENT

POSTS YOU MAY LIKE -:)

Share This Post

Shares