If you’re managing servers and aren’t using an infrastructure-as-code solution such as Puppet, Ansible or Chef, be warned: you should be.
Other viable solutions are in the past, infrastructure-as-code tools allow businesses and IT to become much more agile, bringing entire environments up and down quickly with ease.
Puppet is one of the first of these solutions and is arguably still the most popular. Its architecture consists of a having one or more Puppet “masters” and nodes that are managed by the master. The master allows you to create the configurations as code, which then grabbed by nodes and applied. One important note: although Windows support is available with Puppet, the master can only run on Linux.
In this article, I’ll walk you through the process of setting up your very first as well as Puppet agent on a client machine. Keep in mind, this will not be a production-ready setup, it will be a no-nonsense guide to getting Puppet up and running so that you can test out the solution.
For our example setup, I’ll be installing the Puppet master on a CentOS 7 VM and Puppet agent on another CentOS VM. Before we install Puppet, we need to ensure proper networking is in place. You’ll need name resolution working, either by DNS or via the host’s file. By default, the Puppet will assume that the hostname of your Puppet master is “puppet” and nodes will look for the master by this name. I’ll leave this configuration as is for this example.
First, let’s get some prerequisites in order. I want to set NTP and set my firewall to allow port 8140 , which is required for communication with the .
Here, I ensure firewalld is started and enabled. I then allow port 8140:
[dan@puppet ~]$ sudo systemctl start firewalld
[dan@puppet ~]$ sudo systemctl enable firewalld
[dan@puppet ~]$ sudo firewall-cmd --permanent --zone=public --add-port=8140/tcp
Now I’ll install NTP, which is necessary since the puppet master acts as a certificate authority. To do this I will use the package manager Yum.
[dan@puppet ~]$ sudo yum install ntp
Next, let’s set our time zone and start the NTP service:
[dan@puppet ~]$ sudo timedatectl set-timezone America/New_York
[dan@puppet ~]$ sudo systemctl start ntpd
Finally, I’ll enable NTP through the firewall:
[dan@puppet ~]$ sudo firewall-cmd --add-service=ntp --permanent
Now it’s time to install the actual Puppet software. Once again, we can do this with Yum. Before we do this though, enable the puppet repository with the “rpm” command.
[dan@puppet ~]$ sudo rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
[dan@puppet ~]$ sudo yum -y install puppetserver
As we did with NTP, we need to enable the puppetservice service and start it. This will ensure it starts boot:
[dan@puppet ~]$ sudo systemctl enable puppetserver
[dan@puppet ~]$ sudo systemctl start puppetserver
Lastly, let’s reload the firewall:
[dan@puppet ~]$ sudo firewall-cmd --reload
At this point, your Puppet master server is up and running and ready for adding nodes to manage!
Please note that depending on the amount of memory on the server, you may want to change the default memory allocation, as documented here.
wouldn’t really be very handy if it weren’t for the fact it can manage the configurations of its clients or “nodes.” On my CentOS node, I can use Yum one last time to install the puppet agent:
[dan@puppetagent ~]$ sudo rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
[dan@puppetagent ~]$ sudo yum -y install puppet-agent
Now we run puppet agent for the first time to request a certificate from the puppet master server:
[dan@puppetagent ~]$ sudo /opt/puppetlabs/bin/puppet agent --test
Here we switch to our Puppet master and sign the certificate for the “ ” node, officially making the node managed. Using the command “puppet cert list” will show any certificate requests:
[dan@puppet ~]$ puppet cert list
[dan@puppet ~]$ sudo /opt/puppetlabs/bin/puppet cert list
"puppetagent " (SHA256) B1:78:9D:20:16:AA:45:77:86:56:9B:BA:2D:2C:BA:F0:99:78:ED:8F:6E:9B:02:51:66:54:E1:DB:F8:27:CD:3B
[dan@puppet ~]$ sudo /opt/puppetlabs/bin/puppet cert sign puppetagent
Signing Certificate Request for:
"puppetagent " (SHA256) B1:78:9D:20:16:AA:45:77:86:56:9B:BA:2D:2C:BA:F0:99:78:ED:8F:6E:9B:02:51:66:54:E1:DB:F8:27:CD:3B
For those who want to give Puppet a try, I made a Vagrant file that you can use to quickly get it up and running using the setup in this article.
The result will be the VM “puppetagent” as a managed node on the VM “puppet” master server. Note that since this is an automated deployment the .conf file is open to any machine that wants to request a certificate on the Puppet master.
As you can see, installing the puppet master and agent is very straightforward! Obviously, there is a lot more configuring and securing you can do, but this guide can be a great tool to get started using Puppet.
Dan Franciscus is a systems engineer and VMware Certified Professional (VCP) specializing in VMware, PowerShell, and other Microsoft-based technologies. You can reach Dan at his blog (http://www.winsysblog.com/) or Twitter at @dan_franciscus.
Let our experts teach you how to use Sitefinity's best-in-class features to deliver compelling digital experiences.
Learn MoreSubscribe to get all the news, info and tutorials you need to build better business apps and sites