This tutorial is the continuation of installing Foreman, here, we will be going through the steps to add Puppet nodes to Foreman. This post covers the installation and configuration of Puppet agents on CentOS 7 / Ubuntu 14.04 to work with Foreman (Puppet Master).
Puppet Agent Node details are:
Operating system : Ubuntu 14.04.03 LTS server
IP Address : 192.168.12.30
FQDN : ubuntu.itzgeek.local
Operating system : CentOS 7 Minimal
IP Address : 192.168.12.20
FQDN : centos.itzgeek.local
Make sure your system (both puppet server and client) is able to resolve the hostname each other, either use /etc/hosts file or DNS server.
192.168.12.10 server.itzgeek.local server # Foreman 192.168.12.20 centos.itzgeek.local centos # CentOS 7 Agent 192.168.12.30 ubuntu.itzgeek.local ubuntu # Ubuntu 14.04 Agent
Let’s install the Puppet agents on both CentOS and Ubuntu machine.
Install Puppet Agent on CentOS 7:
Install Puppetlabs repository in order to get a puppet agent packages from official source.
rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
Install puppet agent using below command.
yum -y install puppet
Install Puppet Agent on Ubuntu 14.04:
To install Puppet agent, we have to configure Puppetlabs repository on Ubuntu 14.04.
wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb sudo dpkg -i puppetlabs-release-trusty.deb
Update the repository.
sudo apt-get update
Install puppet agent using below command.
sudo apt-get install puppet
Configure puppet agent on CentOS 7 / Ubuntu 14.04:
Once the installation is done, we will need to update the “/etc/puppet/puppet.conf” file.
There are two section on the agent node’s puppet config file, a [main] and [master] section. Add the following settings to your [main] settings.
Comment or Delete “templatedir=$confdir/templates” line and enter your details Foreman (Puppet Master) in “server = hostname” line
[main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter #templatedir=$confdir/templates ### Add Below Lines ### server = server.itzgeek.local report = true pluginsync = true
Edit /etc/default/puppet to enable puppet service.
Setting this to “yes” allows the puppet agent service to run.
Run following command to enable and run puppet agent service.
puppet resource service puppet ensure=running enable=true
Sign Puppet Agent certificate:
Now, you will have to sign the certificates of puppet agents in order to work with Foreman, you can do this either by using command line or Foreman web console. Command Line: In Foreman (Puppet Master) server, issue the following command to list down the unsigned certificates.
[root@server ~]# puppet cert list "ubuntu.itzgeek.local" (SHA256) 30:D1:B5:70:52:1C:1C:AC:1B:DD:3C:2E:B0:28:D7:15:52:95:32:95:1F:37:29:2E:5F:E7:4C:F5:DB:94:A0:A1
In the above output, “ubuntu.itzgeek.local” is the puppet agent. To sign the certificate, use following command.
[root@server ~]# puppet cert sign ubuntu.itzgeek.local Notice: Signed certificate request for ubuntu.itzgeek.local Notice: Removing file Puppet::SSL::CertificateRequest ubuntu.itzgeek.local at '/var/lib/puppet/ssl/ca/requests/ubuntu.itzgeek.local.pem'
Open up your Foreman web console, go to Infrastructure –> Smart proxies. Click Certificates button.
As you see below, agent certificate (ubuntu.itzgeek.local) is pending to be signed. To sign, click Sign button.
Now, agent (ubuntu.itzgeek.local) is signed successfully.
Now, go to Hosts –> All Hosts. Verify that the new node (ubuntu.itzgeek.local) has been added to Foreman.
In case if you want to remove the puppet agent from the Puppet master, run.
[root@server ~]# puppet cert clean ubuntu.itzgeek.local Notice: Revoked certificate with serial 3 Notice: Removing file Puppet::SSL::Certificate ubuntu.itzgeek.local at '/var/lib/puppet/ssl/ca/signed/ubuntu.itzgeek.local.pem' Notice: Removing file Puppet::SSL::Certificate ubuntu.itzgeek.local at '/var/lib/puppet/ssl/certs/ubuntu.itzgeek.local.pem'
In case, if you want to re-register the puppet agent that you just deleted in previous step. Follow the below procedure.
Stop the puppet service.
service puppet stop
Delete the puppet agent ssl directory.
rm -rf /var/lib/puppet/ssl/certs
Start the puppet service.
service puppet start
Now, you can go and run the “puppet cert list” command on Foreman (puppet master) server to see the signing request, approve it incase you required.
That’s All. Feel free to post comment here, incase if you have faced any issue.