How To Install Puppet 6.x On Ubuntu 18.04 / Ubuntu 16.04 & Debian 9

12

When you think of a configuration management tool, the one pop up in your mind is Puppet. Puppet is an open source configuration management tool, helps you to deploy and manage the configurations of hundreds of client systems from the central location.

Puppet makes the system admin’s life easier by cutting down on time spending on repetitive task and allows them to work on other productive works, also ensures that all the configuration are consistent across the infrastructure.

Puppet is available for Linux, Mac, BSD, Solaris, and Windows-based computer Systems, released under Apache License, written in “Ruby” language.

This guide helps you to install Puppet Server on Ubuntu 18.04 / Ubuntu 16.04 & Debian 9.

Architecture

Agent / Master

In this architecture, one or more servers run the puppet master application and puppet agent application runs on managed nodes (client servers), usually as a background service.

Puppet agent will send facts to the puppet master and request a catalog in the particular interval. The puppet master will compile and return that particular node’s catalog, using the sources of information it has access to.

Stand-Alone Architecture

In this architecture, the client node runs the puppet apply application, usually as a cron job.

Environment

Here, we will configure a puppet in master/agent architecture and will use two systems, as mentioned below.

Puppet Master

Host Name: server.itzgeek.local

IP Address: 192.168.1.10

Puppet client

Host Name: client.itzgeek.local

IP Address: 192.168.1.20

Prerequisites

Install NTP

Time must be set accurately on a puppet master as it will be acting as a certificate authority to sign the certificates coming from the client nodes. We will use NTP for this purpose.

Install the NTP package and perform the time sync with upstream NTP servers.

sudo apt update
sudo apt install -y ntp ntpdate
sudo ntpdate -u 0.ubuntu.pool.ntp.org

Timezone

Ensure that all the nodes are in same time zone using.

date

Output:

Tue Sep 4 22:28:34 EDT 2018

If there are any discrepancies, change it accordingly. List the available time zones.

timedatectl list-timezones

Set the time zone using the following command.

sudo timedatectl set-timezone America/New_York

DNS

Puppet agent uses the hostname to communicate with the Puppet Server. So, make sure the agent node can resolve the hostname of the Puppet Server. Either setup /etc/hosts file or DNS server.

/etc/hosts File:

sudo nano /etc/hosts

Add a host entry similar to the below line.

192.168.1.10 server.itzgeek.local server

Setup PuppetLabs repository

To install the puppet master/agent, we would require to set up a puppet repository on all nodes.

### Ubuntu 18.04 ###

wget https://apt.puppetlabs.com/puppet6-release-bionic.deb
sudo dpkg -i puppet6-release-bionic.deb
sudo apt update

### Ubuntu 16.04 ###

wget https://apt.puppetlabs.com/puppet6-release-xenial.deb
sudo dpkg -i puppet6-release-xenial.deb
sudo apt update

### Debian 9 ###

wget https://apt.puppetlabs.com/puppet6-release-stretch.deb
sudo dpkg -i puppet6-release-stretch.deb
sudo apt update

On Ubuntu 18.04, enable the universe repository, which contains packages necessary for Puppet Server.

Install Puppet Server

Puppet Server is the server software that runs on the puppet master node. Install the Puppet server using below command.

sudo apt install -y puppetserver

Puppet server is now installed, do not start the puppet server service yet.

Configure Puppet Server

Memory Allocation (Optional)

By default, Puppet Server JVM is configured to use 2GB of RAM. You can always customize the memory usage depends on how much memory your master node has; ensure that it is enough for managing all the nodes connected to it.

To change the value of memory allocation, edit the below file.

sudo nano /etc/default/puppetserver

Change the value shown like below.

From:

JAVA_ARGS="-Xms2g -Xmx2g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"

To:

For 512MB, use the below settings.

JAVA_ARGS="-Xms512m -Xmx512m -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"

Puppet Configuration

Simple Configurations

Puppet Server does not require any configuration, and you can simply start the puppetserver service. It will use the default settings.

For ex: dns_alt_names (puppet, <hostname of the server>).

Puppet will take your system hostname and puppet as DNS alternate names for Puppet Server. So, you would need to use server=<puppetmaster-hostname> or server=puppet in the puppet-agent configuration file.

Advanced Configurations (Optional)

Here, I’m going to modify the Puppet Server settings for our requirement.

sudo nano /etc/puppetlabs/puppet/puppet.conf

Place the below lines. Modify it according to your environment.

[master]
dns_alt_names = server.itzgeek.local,server

[main]
certname = server.itzgeek.local
server = server.itzgeek.local
environment = production
runinterval = 15m

Start Puppet Server

Generate a root and intermediate signing CA for Puppet Server.

sudo /opt/puppetlabs/bin/puppetserver ca setup

Output:

Generation succeeded. Find your files in /etc/puppetlabs/puppet/ssl/ca

Start and enable the Puppet Server.

sudo systemctl start puppetserver
sudo systemctl enable puppetserver

Install Puppet Agent

Setup the Puppet repository on your agent node as shown earlier and then install the puppet agent using below command.

sudo apt install -y puppet-agent

Puppet agent also uses some of the default settings to connect to the master node. But, we need to edit the puppet configuration file and set puppet master information.

sudo nano /etc/puppetlabs/puppet/puppet.conf
Set server value as per your master hostname and certname as your client hostname. In my case, the server is server.itzgeek.local and certname is client.itzgeek.local.
[main]
certname = client.itzgeek.local
server = server.itzgeek.local
environment = production
runinterval = 15m

You can change the value of runinterval depends on the requirement. This controls how long an agent should wait between the two catalog requests.

You can set the value in seconds (30s or 30) or in minutes (30m) or in hours (1hr).

Start puppet agent on the node and make it start automatically on system boot.

sudo /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true

You would get an output like below.

Notice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running'
service { 'puppet':
 ensure => 'running',
 enable => 'true',
}

Sign Agent Node Certificate on Master Server

In an agent/master deployment, an admin must approve a certificate request for each agent node before that node can fetch configurations. Agent nodes will request certificates for the first time they attempt to run.

Log into the puppet master server and run below command to view outstanding requests.

sudo /opt/puppetlabs/bin/puppetserver ca list

Output:

Requested Certificates:
    client.itzgeek.local   (SHA256)  07:B1:57:5B:DE:AF:9F:4A:DF:4A:D1:CD:C4:2A:F9:9F:D9:76:CD:C5:F1:60:09:9C:B4:BA:76:D6:7B:3C:6F:0D

Run the below command to sign a request.

sudo /opt/puppetlabs/bin/puppetserver ca sign --certname client.itzgeek.local

Output:

Successfully signed certificate request for client.itzgeek.local

To sign all the certificate signing requests in one command.

sudo /opt/puppetlabs/bin/puppetserver ca sign --all

In some cases, you may need to revoke the certificate of a particular node to read them back. Replace the <AGENT_NAME> with your client hostname.

sudo /opt/puppetlabs/bin/puppetserver ca revoke --certname <AGENT_NAME>

List all of the signed and unsigned requests. You should run on the master server.

sudo /opt/puppetlabs/bin/puppetserver ca list --all

Output:

Signed Certificates:
    server.itzgeek.local   (SHA256)  E5:A4:93:45:EF:82:3B:FF:6E:36:D2:9A:F0:75:15:67:94:33:06:2F:84:9F:D1:45:CE:C6:1C:86:D4:57:B8:25    alt names: ["DNS:server.itzgeek.local", "DNS:server", "DNS:server.itzgeek.local"]
    client.itzgeek.local   (SHA256)  AB:3B:F0:D0:62:69:50:DD:50:45:CE:AD:A5:2C:4F:9E:EB:19:D6:C6:9C:34:A3:C5:CD:84:8F:BA:50:04:4A:D0

Verify Puppet Agent

Once the Puppet master is signed your client certificate, run the following command on the client machine to test it.

sudo /opt/puppetlabs/bin/puppet agent --test

Output:

Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Caching catalog for client.itzgeek.local
Info: Applying configuration version '1558888335'
Notice: Applied catalog in 0.02 seconds

Create manifest

Manifest is a data file which contains client configuration’s, written in Puppet’s declarative language or a Ruby DSL. This section covers the basic manifest to create a directory as well as a file on the client machine.

Main puppet manifest file is located at /etc/puppetlabs/code/environments/production/manifests directory. Create a new manifest file.

sudo nano /etc/puppetlabs/code/environments/production/manifests/site.pp

Now add the following lines to the manifest to create a directory on the client node.

node 'client.itzgeek.local' { # Applies only to mentioned node. If nothing mentioned, applies to all.
     file { '/tmp/puppetdir': # Resource type file
             ensure => 'directory', # Create as a diectory
             owner => 'root', # Ownership
             group => 'root', # Group Name
             mode => '0755', # Directory permissions
          }
}
If the node variable is not set, this manifest will apply to all the nodes connected to the puppet master.

Now, run the following command on the client node to retrieve the configurations.

sudo /opt/puppetlabs/bin/puppet agent --test

Output:

Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Caching catalog for client.itzgeek.local
Info: Applying configuration version '1558888460'
Notice: /Stage[main]/Main/Node[client.itzgeek.local]/File[/tmp/puppetdir]/ensure: created
Notice: Applied catalog in 0.16 seconds

Verify that directory has been created on the client node.

ls -ld /tmp/puppetdir/

Output:

drwxr-xr-x 2 root root 4096 May 26 22:03 /tmp/puppetdir/

Let’s writing a manifest for creating a file with content into it.

node 'client.itzgeek.local' { # Applies only to mentioned node. If nothing mentioned, applies to all.
      file { '/tmp/puppetfile': # Resource type file
            ensure => 'present', # Make sure it exists
            owner => 'root', # Ownership
            group => 'root', # Group Name
            mode => '0644', # File permissions
            content => "This File is created by Puppet Server" # Content of the file
           }
}

You can go to the client machine and retrieve the catalog as shown the previous example or wait for 15 minutes to auto apply the catalog.

Conclusion

I hope this post helped you to install Puppet Server on Ubuntu 18.04 / Ubuntu 16.04 & Debian 9. Please share your feedback in the comments section.

You might also like