How To Install Puppet On Ubuntu 18.04 / Ubuntu 16.04 & Debian 9

12

When you think of a configuration management tool, the one pop up in your mind is Puppet. Puppet does not require an introduction, but if you still want to know; it is an open-source configuration management tool, helps you to deploy and manage the configurations of hundreds of client systems from the central location.

Puppet makes the system admin’s life easier by cutting down on time spending on repetitive task and allows them to work on other productive works, also ensures that all the configuration are consistent across the infrastructure.

Puppet is available for Linux, Mac, BSD, Solaris and Windows-based computer Systems, released under Apache License, written in “Ruby” language.

This guide helps you to install Puppet Server on Ubuntu 18.04 / Ubuntu 16.04 & Debian 9.

Architecture

Agent / Master

In this architecture, one or more servers run the puppet master application and puppet agent application runs on managed nodes (client servers), usually as a background service.

Puppet agent will send facts to the puppet master and request a catalog in the particular interval. The puppet master will compile and return that particular node’s catalog, using the sources of information it has access to.

The Stand-Alone Architecture

In this architecture, client node runs the puppet apply application, usually as a cron job.

Environment

Here, we will configure a puppet in master/agent architecture and will use two Ubuntu 16.04 systems as mentioned below.

Puppet Master:

HostName         : server.itzgeek.local
IP Address       : 192.168.1.10

Puppet client:

HostName         : client.itzgeek.local
IP Address       : 192.168.1.20

Prerequisites

Install NTP

Time must be set accurately on puppet master that will be acting as a certificate authority to sign the certificates coming from the client nodes. We will use NTP for this purpose.

Install the NTP package and perform the time sync with upstream NTP servers.

sudo apt-get install -y ntp ntpdate
sudo ntpdate -u 0.ubuntu.pool.ntp.org

Timezone

Ensure that all the nodes are in same time zone using.

date

Output:

Tue Sep 4 22:28:34 EDT 2018

If there are any discrepancies, change it accordingly. List the available time zones.

timedatectl list-timezones

Set the time zone using the following command.

sudo timedatectl set-timezone America/New_York

DNS

Puppet uses the hostname to communicate with the client machine. So, make sure they can resolve the hostname each other. Either setup /etc/hosts file or DNS server.

/etc/hosts File:

sudo nano /etc/hosts

Add an host entry similar to the below line.

192.168.1.10 server.itzgeek.local server

Configure PuppetLabs repository

To install the puppet master/agent, we would require to set up a puppet repository on all nodes.

### Ubuntu 18.04 ###

wget https://apt.puppetlabs.com/puppet5-release-bionic.deb
sudo dpkg -i puppet5-release-bionic.deb
sudo apt update

### Ubuntu 16.04 ###

wget https://apt.puppetlabs.com/puppet5-release-xenial.deb
sudo dpkg -i puppet5-release-xenial.deb
sudo apt update

### Debian 9 ###

wget https://apt.puppetlabs.com/puppet5-release-stretch.deb
sudo dpkg -i puppet5-release-stretch.deb
sudo apt-get update

On Ubuntu 18.04, enable the universe repository, which contains packages necessary for Puppet Server.

Install Puppet Server

Puppet Server is the server software that runs on the puppet master node. Puppet master pushes the configurations to client nodes; in which the puppet agent will be running.

Install the Puppet server using below command.

sudo apt-get install -y puppetserver

Puppet server is now installed, do not start the puppet server service yet.

Configure Puppet Server

Memory Allocation (Optional)

By default, Puppet Server JVM is configured to use 2GB of RAM. You can always customize the memory usage depends on how much memory your master node has; ensure that it is enough for managing all the nodes connected to it.

To change the value of memory allocation, edit the below file.

sudo nano /etc/default/puppetserver

Change the value shown like below.

From:

JAVA_ARGS="-Xms2g -Xmx2g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"

To:

For 512MB, use the below settings.

JAVA_ARGS="-Xms512m -Xmx512m -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"

Start Puppet Server

Simple Configurations

Puppet master does not require any configuration and you can simply start the puppetserver service. It will use the default settings.

For ex: dns_alt_names (puppet, <hostname of the server>).

Puppet will take your system hostname and puppet as DNS alternate names for Puppet Server. So, you would need to use server=<puppetmaster-hostname> or server=puppet in the puppet-agent configuration file.

Advanced Configurations (Optional)

Here, I’m going to modify the Puppet master settings for our requirement.

sudo nano /etc/puppetlabs/puppet/puppet.conf

Place the below lines. Modify it according to your environment.

[master]
dns_alt_names = server.itzgeek.local,server

# Required when Puppet Master act as a Puppet client 
[main]
certname = server.itzgeek.local
server = server.itzgeek.local
environment = production
runinterval = 15m

Start and enable the Puppet Server.

sudo systemctl start puppetserver
sudo systemctl enable puppetserver

Puppet Server vs. Apache/Passenger Puppet Master

Puppet Server is now a drop-in replacement for the existing Apache/Passenger Puppet master stack. So we will not be configuring the passenger-stack here.

Install Puppet Agent

Setup the Puppet repository on your node as shown earlier and install the puppet agent using below command.

sudo apt-get install -y puppet-agent

Puppet agent also uses some of the default settings to connect to the master node. But, we need to edit the puppet configuration file and set puppet master information.

sudo nano /etc/puppetlabs/puppet/puppet.conf
Set “server” value as per your master hostname and cert name as your client hostname. In my case, the server is “server.itzgeek.local” and certname is “client.itzgeek.local”.
[main]
certname = client.itzgeek.local
server = server.itzgeek.local
environment = production
runinterval = 15m

You can change the value of runinterval depends on the requirement. This controls how long agent should wait between the two catalog requests.

You can set the value in seconds (30s or 30) or in minutes (30m) or in hours (1hr).

Start puppet agent on the node and make it to start automatically on system boot.

sudo /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true

You would get an output like below.

Notice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running'
service { 'puppet':
 ensure => 'running',
 enable => 'true',
}

Sign the Agent Nodes Certificate on Master Server

In an agent/master deployment, an admin must approve a certificate request for each agent node before that node can fetch configurations. Agent nodes will request certificates for the first time they attempt to run.

Log into the puppet master server and run below command to view outstanding requests.

sudo /opt/puppetlabs/bin/puppet cert list

Output:

"client.itzgeek.local" (SHA256) 0A:A0:4D:26:07:EC:3B:39:31:D7:5C:F6:D9:BD:B2:13:C8:1E:CB:12:D6:4B:08:C4:F3:71:85:09:D7:CB:16:AC

Run puppet cert sign command to sign a request.

sudo /opt/puppetlabs/bin/puppet cert sign client.itzgeek.local

Output:

Signing Certificate Request for:
  "client.itzgeek.local" (SHA256) 0A:A0:4D:26:07:EC:3B:39:31:D7:5C:F6:D9:BD:B2:13:C8:1E:CB:12:D6:4B:08:C4:F3:71:85:09:D7:CB:16:AC
Notice: Signed certificate request for client.itzgeek.local
Notice: Removing file Puppet::SSL::CertificateRequest client.itzgeek.local at '/etc/puppetlabs/puppet/ssl/ca/requests/client.itzgeek.local.pem'

The puppet master can now communicate to the client machine and control the node.

To sign all the certificate signing requests in one command.

sudo /opt/puppetlabs/bin/puppet cert sign --all

In some cases, you may need to revoke the certificate of a particular node to read them back. Replace the <hostname> with your client hostname.

sudo /opt/puppetlabs/bin/puppet cert clean <hostname>

List all of the signed and unsigned requests. You should run on the master server.

sudo /opt/puppetlabs/bin/puppet cert list --all

Output: I took this before signing the client (client.itzgeek.local) node. Signed requests start with “+”.

 "client.itzgeek.local" (SHA256) B4:F1:1F:2F:31:4A:00:15:36:BC:0C:68:B5:AE:49:3F:4E:A2:04:CA:0A:B2:00:74:D2:A2:F5:57:40:3B:99:90
+ "server.itzgeek.local" (SHA256) FB:90:44:E4:C2:06:34:50:8C:6E:C0:82:AD:B1:CB:26:21:BB:40:FA:AC:63:82:41:BA:CF:3D:7A:4C:48:DB:4B (alt names: "DNS:puppet", "DNS:server.itzgeek.local")

Verify the Puppet Client

Once the Puppet master is signed your client certificate, run the following command on the client machine to test it.

sudo /opt/puppetlabs/bin/puppet agent --test

Output:

Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Caching catalog for client.itzgeek.local
Info: Applying configuration version '1536116752'
Notice: Applied catalog in 0.04 seconds

Creating our first manifest

Manifest is a data file which contains client configuration’s, written in Puppet’s declarative language or a Ruby DSL. This section covers the basic manifest to create a directory as well as a file on the client machine.

Main puppet manifest file is located at /etc/puppetlabs/code/environments/production/manifests directory. Create a new manifest file.

sudo nano /etc/puppetlabs/code/environments/production/manifests/site.pp

Now add the following lines to the manifest to create a directory on the client node.

node 'client.itzgeek.local' { # Applies only to mentioned node. If nothing mentioned, applies to all.
     file { '/tmp/puppetdir': # Resource type file
             ensure => 'directory', # Create as a diectory
             owner => 'root', # Ownership
             group => 'root', # Group Name
             mode => '0755', # Directory permissions
          }
}
If the node variable is not set, this manifest will apply to all the nodes connected to the puppet master.

Now, run the following command on the client node to retrieve the configurations.

sudo /opt/puppetlabs/bin/puppet agent --test

Output:

Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Caching catalog for client.itzgeek.local
Info: Applying configuration version '1536116809'
Notice: /Stage[main]/Main/Node[client.itzgeek.local]/File[/tmp/puppetdir]/ensure: created
Notice: Applied catalog in 0.10 seconds

Verify that directory has been created on the client node.

ls -ld /tmp/puppetdir/

Output:

drwxr-xr-x 2 root root 4096 Sep  5 08:36 /tmp/puppetdir/

Let’s writing a manifest for creating a file with content into it.

node 'client.itzgeek.local' { # Applies only to mentioned node. If nothing mentioned, applies to all.
      file { '/tmp/puppetfile': # Resource type file
            ensure => 'present', # Make sure it exists
            owner => 'root', # Ownership
            group => 'root', # Group Name
            mode => '0644', # File permissions
            content => "This File is created by Puppet Server"
           }
}

You can go to the client machine and retrieve the catalog as shown the previous example or wait for 15 mins to auto apply the catalog.

That’s All.

Further Reading

You might also like

How To Install Puppet On Ubuntu 18.04 / Ubuntu 16.04 & Debian 9

12