How To Add Puppet Nodes to Foreman – CentOS 7 / Ubuntu 18.04 & Debian 9
This tutorial is the continuation of Foreman installation and configuration series. Here, we will be going through the steps to add Puppet nodes to Foreman.
If you haven’t set up Foreman yet, feel free to follow the steps mentioned in the below links.
READ: How To Install Foreman on CentOS 7 / RHEL 7
READ: How To Install Foreman on Ubuntu 18.04 / Ubuntu 16.04 & Debian 9
This post covers the installation and configuration of Puppet agents on CentOS 7 / Fedora 28 / Ubuntu 18.04 / 16.04 & Debian 9 to work with Foreman (Puppet Master).
Infrastructure
Foreman Node
IP Address: 192.168.1.10
FQDN: server.itzgeek.local
Puppet Agent Node
IP Address: 192.168.1.20
FQDN: client.itzgeek.local
Prerequisites
Make sure both Foreman server and the client can resolve the hostname each other. Either use /etc/hosts file or DNS server for this purpose.
### CentOS / RHEL / Fedora ### vi /etc/hosts ### Ubuntu / Debian ### sudo nano /etc/hosts
Like below.
192.168.1.10 server.itzgeek.local server # Foreman 192.168.1.20 client.itzgeek.local client # Puppet Agent
Install Puppet Agent on Foreman Nodes
Let us first install the Puppetlabs repository to get a puppet agent packages from official source.
### CentOS 7 / RHEL 7 ### rpm -Uvh https://yum.puppet.com/puppet5/puppet5-release-el-7.noarch.rpm ### CentOS 6 / RHEL 6 ### rpm -Uvh https://yum.puppet.com/puppet5/puppet5-release-el-6.noarch.rpm ### Ubuntu 18.04 ### wget https://apt.puppetlabs.com/puppet5-release-bionic.deb sudo dpkg -i puppet5-release-bionic.deb sudo apt update ### Ubuntu 16.04 ### wget https://apt.puppetlabs.com/puppet5-release-xenial.deb sudo dpkg -i puppet5-release-xenial.deb sudo apt update ### Debian 9 ### wget https://apt.puppetlabs.com/puppet5-release-stretch.deb sudo dpkg -i puppet5-release-stretch.deb sudo apt-get update ### Fedora 28 ### rpm -Uvh https://yum.puppet.com/puppet5/puppet5-release-fedora-28.noarch.rpm
Install puppet agent using below command.
### CentOS / RHEL ### yum install -y puppet-agent ### Ubuntu / Debian ### sudo apt-get install -y puppet-agent ### Fedora 28 ### dnf install -y puppet-agent
Configure puppet agents
Once the installation is done, we will need to update the /etc/puppetlabs/puppet/puppet.conf file.
### CentOS / RHEL / Fedora ### vi /etc/puppetlabs/puppet/puppet.conf ### Ubuntu / Debian ### sudo nano /etc/puppetlabs/puppet/puppet.conf
Add the following settings to your [agent] settings. Enter your Foreman (Puppet Master) details in server = <> line.
[agent] server = server.itzgeek.local # Foreman Server certname = client.itzgeek.local # Puppet Agent runinterval = 180 # Interval in seconds environment = production listen = false pluginsync = true report = true
Run the following command to enable and run puppet agent service.
sudo /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true
If required, restart the puppet agent service.
### CentOS / RHEL / Fedora ### service puppet restart ### Ubuntu / Debian ### sudo service puppet restart
Sign Puppet Agent certificate
Now, you will have to sign the certificate of puppet agents to work with Foreman, and you can do this either by using the command line or Foreman web console.
Command Line
### CentOS / RHEL ### /opt/puppetlabs/bin/puppet cert list ### Ubuntu / Debian ### sudo /opt/puppetlabs/bin/puppet cert list
Output:
"client.itzgeek.local" (SHA256) 86:09:AA:5A:7B:43:31:20:1F:AE:21:3D:44:CA:9A:BF:57:A9:25:92:0A:AB:C7:CF:C2:AF:84:96:4F:C4:F2:F8
In the above output, client.itzgeek.local is the puppet agent. To sign the certificate, use the following command.
### CentOS / RHEL ### /opt/puppetlabs/bin/puppet cert sign client.itzgeek.local ### Ubuntu / Debian ### sudo /opt/puppetlabs/bin/puppet cert sign client.itzgeek.local
Output:
Signing Certificate Request for: "client.itzgeek.local" (SHA256) 86:09:AA:5A:7B:43:31:20:1F:AE:21:3D:44:CA:9A:BF:57:A9:25:92:0A:AB:C7:CF:C2:AF:84:96:4F:C4:F2:F8 Notice: Signed certificate request for client.itzgeek.local Notice: Removing file Puppet::SSL::CertificateRequest client.itzgeek.local at '/etc/puppetlabs/puppet/ssl/ca/requests/client.itzgeek.local.pem'
Console Mode
Open up your Foreman web console and go to Infrastructure >> Smart proxies. Select the Certificates from drop down.

As you see below, agent certificate (client.itzgeek.local) is pending to be signed. To sign, click the Sign button.

Now, agent (client.itzgeek.local) is signed successfully.

Verify Node
Now, go to Hosts >> All Hosts. Verify that the new node (client.itzgeek.local) has been added to Foreman.

Detailed Information:

That’s All.