Linux

How to Install Puppets on CentOS 8 / RHEL 8

How to Install Puppets on CentOS 8 / RHEL 8

Puppet is an open source configuration management tool that helps us automate IT infrastructure, including provisioning, configuration management, patching hundreds of client systems from a central location.

Puppet is available for Linux, Mac, BSD, Solaris, and Windows operating systems. It was written in “Ruby” and released under the Apache License,

This guide helps you install Puppet on CentOS 8 / RHEL 8.

Architecture

Pupper is configured in the agent-master architecture. In this architecture, managed nodes run dummy agent software, as a background service. On the other hand, one or more servers run the master application, i, e. Dummy server.

Puppet agents periodically send facts to the doll’s head and request a catalog. The master compiles and returns the specified node catalog, using information resources that have access.

Living environment

Here, we will configure the dummy in the server / agent architecture.

Puppet Master

Host Name: puppetserver.installworld.local

IP Address: 192.168.0.10

Operating System: CentOS 8

Puppet client

Host Name: client.installworld.local

IP Address: 192.168.0.20

Operating System: CentOS 8

Precondition

Install NTP

The time of the master and client nodes must be accurately synchronized with the NTP server because the Puppet server will act as a certificate authority.

If you need to set up an NTP Server, then:

READ: How to Configure NTP Server Using Chrony

If you need to set an NTP Client, then:

READ: How to Configure NTP Client Using Chrony

If necessary, change the system time zone too.

READ: How to Change the Time Zone on CentOS 8 / RHEL 8

DNS

The Puppet Agent uses the hostname to communicate with the Puppet Server. So, make sure the agent node can resolve the Puppet Server hostname with the help of the / etc / hosts file or DNS server.

Install & Configure Puppet Server

Puppet Server is server software that runs on the master node. The dummy server controls the configuration of the managed node (dummy agent).

Add a Repository

To install the Puppet Server, we need to add the puppet repository by installing the repository configuration package.

rpm -Uvh https://yum.puppet.com/puppet6-release-el-8.noarch.rpm

Install Puppet

Install the Puppet server using the command below.

yum install -y puppetserver

Memory allocation

By default, the Puppet Server is configured to use 2GB of memory. You can change memory allocation based on the number of nodes connected to it.

For this demo, I will allocate 512MB of memory.

To change the memory allocation value, edit the file below.

vi /etc/sysconfig/puppetserver

Change the value.

From:

JAVA_ARGS="-Xms2g -Xmx2g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"

For:

For 512MB, use the settings below.

JAVA_ARGS="-Xms512m -Xmx512m -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"

Configure the Puppet Server

The Puppet configuration file consists of two parts named [master] and [main] for each Pupper server and agent.

vi /etc/puppetlabs/puppet/puppet.conf

Change files according to your environment. The Pupper agent can use one of the hostnames mentioned in dns_alt_names to connect to the Pupper server.

# Pupper Server Configuration
[master]
dns_alt_names = puppetserver,puppetserver.installworld.local

# Puppet Agent Configuration
[main]
certname = puppetserver.installworld.local
server = puppetserver.installworld.local
runinterval = 30m

Start the Puppet Server

Generate a root and intermediate CA signing for the Puppet Server.

puppetserver ca setup
Output:

Generation succeeded. Find your files in /etc/puppetlabs/puppet/ssl/ca

If you get puppetserver: command not found, run source /etc/profile.d/puppet-agent.sh in the terminal or log out from the current session and log in back.

systemctl start puppetserver

systemctl enable puppetserver

Firewall

The Puppet server is listening on port 8140. So, configure the firewall so the agent can connect to the master.

firewall-cmd --permanent --add-port=8140/tcp

firewall-cmd --reload

Install & Configure Puppet Agents

Add a Repository

To install the Puppet agent, we need to add the puppet repository to all nodes.

rpm -Uvh https://yum.puppet.com/puppet6-release-el-8.noarch.rpm

Install Agent

Install the dummy agent on your client using the command below.

dnf install -y puppet-agent

Edit the puppet configuration file and manage the Puppet server information.

Set the server value according to your Puppet server hostname. In my case, the server is puppetserver.installworld.local and certname is the hostname of my client (client.installworld.local).

vi /etc/puppetlabs/puppet/puppet.conf

Set like below.

[main]
server = puppetserver.installworld.local
certname = client.installworld.local
runinterval = 30m

You can change the value of runnervals depending on the requirements. This setting controls how long the agent must wait between two catalog requests. You can set values in seconds (10 or 10), minutes (10m), and hours (1h).

Start the puppet agent on the node and make it start automatically at system boot.

puppet resource service puppet ensure=running enable=true
Output:

Notice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running'
service { 'puppet':
  ensure   => 'running',
  enable   => 'true',
  provider => 'systemd',
}

If you get puppet: command not found, run source /etc/profile.d/puppet-agent.sh in the terminal or exit the current session and re-enter.

Sign the Node Certificate on the Master Server

We must approve certificate requests from each node. The node agent will request a certificate for the first time if they try to run.

Run the command below on the agent node to make the initial connection. You can ignore warnings / errors.

puppet agent -t

Enter the Pupper server and run it under the command to see the extraordinary request.

puppetserver ca list
Output:

Requested Certificates:
    client.installworld.local       (SHA256)  06:D8:8E:AE:CA:0B:B1:E7:90:B5:B9:1B:75:3C:95:69:D8:EF:27:0A:5D:CC:45:BB:15:34:64:D2:6B:2C:CA:98

Run the cert puppet sign command to sign the request.

puppetserver ca sign --certname client.installworld.local
Output:

Successfully signed certificate request for client.installworld.local

The Puppet Server can now communicate with the client machine and control the node.

If you have multiple signing requests from a node, you can enter all requests in one command.

puppetserver ca sign --all

Sometimes, you might need to revoke certain node certificates to read it again.

Replace the <AGENT_NAME> with your client hostname.

puppetserver ca revoke --certname AGENT_NAME

You can make a list of all signed and unsigned requests with the command below.

puppetserver ca list --all
Output:

Signed Certificates:
    puppetserver.installworld.local       (SHA256)  E6:2C:6C:1E:9B:C6:AA:D9:84:09:F3:67:45:1B:36:C6:1F:FB:46:5F:92:64:37:19:E3:74:0C:0D:29:D5:C5:F6  alt names: ["DNS:puppetserver.installworld.local", "DNS:puppetserver", "DNS:puppetserver.installworld.local"]  authorization extensions: [pp_cli_auth: true]
    client.installworld.local             (SHA256)  EF:D8:1A:F2:E9:56:A3:1F:DA:A9:8D:9B:71:02:D8:52:F1:44:98:92:A7:5F:DE:FC:5F:55:37:97:EC:9C:9A:96

Puppet Client Verification

After the Puppet Server has signed your client certificate, run the following command on the client machine to test it.

puppet agent --test
Output:

Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Caching catalog for client.installworld.local
Info: Applying configuration version '1591351483'
Notice: Applied catalog in 0.01 seconds

Conclusion

That’s Al. I hope you have learned how to install Puppet on CentOS 8 / RHEL 8. For further reading, learn how to create a simple manifest file to create files and directories on client nodes. Please share your feedback in the comments section.

Related posts

How to Install Nextcloud with Nginx and Let’s Encrypt SSL on Ubuntu 20.04 LTS

Linux

How to Install Memcached on Ubuntu 20.04 LTS

Linux

How to Set Up an Elasticsearch cluster with Multiple Nodes

Linux

How to Install Apache ActiveMQ on Debian 10

Linux

How to Play PS2 Games on Ubuntu Using PCSX2

Linux

How to run Linux on an Android device

Howto

How to Install Spotify on Ubuntu 20.04

Linux

Tutorial mktemp Linux Commands for Beginners (5 Examples)

Howto

How to Change Hostname on Ubuntu 20.04

Linux