How to install and setup puppet master and agent in local VirtualBox
Puppet is a tool that helps you manage and automate the configuration of servers. When you use Puppet, you define the desired state of the systems in your infrastructure that you want to manage. Puppet automates the process of getting these systems into that state and keeping the state there. Puppet does this through Puppet primary server and a Puppet agent. The Puppet primary server is the server that stores the code that defines your desired state. The Puppet agent is connected to the Puppet primary (master server), then the state, which is declared in the Puppet master server as a code, will execute on the agent, and the agent state changes. Puppet allows you to automate how your teams enforce state, secure, and deliver infrastructure faster.
Setup Requirements
Minimum hardware requirements:
The host machine should have at least 8 GB of RAM and 60 GB of hard disk available for virtual machine creation. 60GB is my suggestion.
Install Virtual Box on your host machine. You can download the virtual box from here as per your host OS.
2 vm’s of CentOS 8/RHEL8 Linux distributions — Master & Agent
4GB of RAM and 2 vcpu’s for Master
sudo access of both master and agent vm.
Step 1: Update the system
First we will update the system by running below command.
# sudo dnf -y update
It is a good practice to reboot your machine after an update.
Step 2: Add Puppet and epel YUM repository
Add epel and puppet repository in you system. We will install Puppet packages from the official YUM repository. Run below command to add repository
# sudo dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
# sudo dnf -y install https://yum.puppetlabs.com/puppet-release-el-8.noarch.rpm
Step3 : Install Puppet Master/Server on CentOS 8/RHEL8
Login to your master server machine, the puppet package which we install on master is different from the puppet agent. The package require on puppet master server nodes is puppetserver. Install the puppet server package by running the below command on master server.
# sudo dnf -y install puppetserver
All the required dependencies will get installed automatically. After installation do not start the service, first we will open the ports in firwall by running the below command.
# sudo firewall-cmd — add-port=8140/tcp — permanent
# sudo firewall-cmd — reload
Step 4 : Configure the Puppet Master Server on CentOS 8/RHEL 8
Set server hostname
Set the server hostname by running the below command
# sudo hostnamectl set-hostname puppetmaster.mayankjainlearning.com — static
# sudo hostnamectl set-hostname puppetmaster.mayankjainlearning.com — transient
After setting the hostname we will logout and relogin to the server by running the below command
# logout
Now add the server hostname and IP in the /etc/hosts file by running below command
# sudo vi /etc/hosts
After running the above command it will open the file and you can make an entry mentioned below in the last line of the file.
192.168.18.4 puppetmaster.mayankjainlearning.com puppetmaster
Note: Replace the IP <192.168.18.4> with you master vm IP.
Now confirm the hostname set properly by running by the below command
# hostnamectl
It will give an output similar to below output
Static hostname: puppetmaster.mayankjainlearning.com
Icon name: computer-vm
Chassis: vm
Machine ID: 6a1f9eb09858094cb2ab71290e6aff10
Boot ID: 943fc9f178dc4a0ab280497493d00843
Virtualization: oracle
Operating System: Red Hat Enterprise Linux 8.8 (Ootpa)
CPE OS Name: cpe:/o:redhat:enterprise_linux:8::baseos
Kernel: Linux 4.18.0–477.15.1.el8_8.x86_64
Architecture: x86–64
Set the time zone
Set the time zone of your master server by running the below command
# sudo timedatectl set-timezone Asia/Singapore
Note: You can select the timezone which is required to you or you can configure the NTP also
Set Memory Limits
The default memeory allocation for puppet is 2 GB, this can be change in the /etc/sysconfig/puppetserver file.
Set Puppet Master DNS name
When you create the puppet master’s certificate, you must include every DNS name at which agent nodes might try to contact the master.
Add the dns_alt_names line under [master] block section of puppet.conf (/etc/puppetlabs/puppet/puppet.conf) file and [main] section with servername and default environment.
# sudo vi /etc/puppetlabs/puppet/puppet.conf
[master]
dns_alt_names = puppetmaster,puppetmaster.mayankjainlearning.com,puppetmaster01
Create the CA certificate and the puppet master certificate
After updating DNS names, run the command below to generate the CA certificate and puppet master certificates with the appropriate DNS names.
# sudo su -
# puppetserver ca setup
Output of the above command
Generation succeeded. Find your files in /etc/puppetlabs/puppet/ssl/ca
Start and set puppetserver service to start at system startup.
# sudo systemctl enable — now puppetserver
If installation and configuration was done right, the service should be started.
# systemctl status puppetserver
Your puppet master server is setup completed. Now we will setup up Agent Server.
Step 5 : Configure Puppet Agent on puppet Agent server CentOS 8/ RHEL 8
On the agent server which is our second vm in virtualbox install puppet agent by running the below command.
# sudo dnf -y install https://yum.puppetlabs.com/puppet-release-el-8.noarch.rpm
# sudo dnf -y install puppet-agent
Now add the puppet master server dns name and IP address in /etc/hosts file
# sudo vi /etc/hosts
192.168.18.4 puppetmaster.mayankjainlearning.com puppetmaster
Configure puppet agent
Add the [main] section with servername and default environment in puppet.conf (/etc/puppetlabs/puppet/puppet.conf) file
[main]
certname = puppet-agent.mjlocal
server = puppetmaster.mayankjainlearning.com
environment = production
Now check connection from Agent to puppet master by running below command.
# puppet agent — test — ca_server=puppetmaster.mayankjainlearning.com
you will receive the output saying
Couldn’t fetch certificate from CA server: you might still need to sign this agent’s certificate (puppet-agent.mjlocal). Exiting now because the waitforcert setting is set to 0.
Now login to the master server and accept certificate from Puppet Client.
# puppetserver ca list
You will get output like below
Requested Certificates:
puppet-agent.mjlocal (SHA256)
21:91:3B:12:7A:A7:9D:37:21:5D:23:51:60:5D:CB:BJ:4F:BC:60:1E:C8:9F:18:5F:93:53:D2:A6:27:14:B7:77
Sign the certificate by running below command
# puppetserver ca sign — certname puppet-agent.mjlocal
Successfully signed certificate request for puppet-agent.mjlocal
Now again check if any certificate is left for sign or not by running the command
# puppetserver ca list
You will receive the below output
No certificates to list
Puppet master and agent configuration is completed. In the next blog we will learn how to write manifest for puppet and create custom modules for puppet.
