Puppet Installation and Configure its Agent
Puppet is a powerful tool for automating and managing the
configuration of infrastructure and applications. It helps in
consistency, reliability, and scalability in their IT
environments.
For installation of puppetserver and agent. We need to follow
below steps. Puppet tool uses a agent to work which will be
installed on all clients you want to register. So, first we
will go ahead and install puppetserver. The minimum requirement
is of two server where one will work as server and other will
work as client.
Step1: Let's install server and configure it.
# dnf update -y
# dnf install epel-release
# dnf install http://yum.puppetlabs.com/puppet7-release-el-9.noarch.rpm
# dnf install puppetserver
# Now you can go ahead and edit required puppet file for server.
# vi /etc/puppetlabs/puppet/puppet.conf (After edir it looks like)
[master]
dns_alt_names = ansible.test.com, kbmaster
[main]
certname = ansible.test.com
server = ansible.test.com
environment = production
codedir = /etc/puppetlabs/code
environmentpath = /etc/puppetlabs/code/environments
basemodulepath = /etc/puppetlabs/code/environments/common:/etc/puppetlabs/code/modules
logdir = /var/log/puppetlabs/puppetNow you need to modify memory allocation. It is an optional
change but will needed if you are using very low memory on
server. "make it to 1G."
# Modify this file "/etc/default/puppetserver" if you'd like to change the memory allocation, enable JMX, etc
JAVA_ARGS="-Xms1g -Xmx1g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"Step2: Now go ahead and start "puppetserver" service.
# systemctl start puppetserverStep3: Allow puppet service from firewall if needed.
# systemctl status firewalldStep4: Now go to client and install puppet agent there. And configure it.
# dnf install http://yum.puppetlabs.com/puppet7-release-el-9.noarch.rpm
# dnf install puppet
# vi /etc/puppetlabs/puppet/puppet.conf
[main]
[agent]
pluginsync = true
report = true
ca_server = ansible.test.com
certname = managed1.test.com
server = ansible.test.com
environment = productionStep5: Now you need to create certificate which can be signed by server so that client can be registered.
# /opt/puppetlabs/bin/puppet agent --server=ansible.test.com --test
Info: Creating a new RSA SSL key for managed1.test.com
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for managed1.kb.com
Info: Certificate Request fingerprint (SHA256): C5:88:7B:C0:A6:7E:17:42:57:15:B1:99:4B:69:1E:3D:E9:0D:12:23:77:A6:05:EA:72:8B:C4:3D:23:95:1A:7C
Info: Certificate for managed1.kb.com has not been signed yet
Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (managed1.test.com).
Exiting now because the waitforcert setting is set to 0.Step6: View requested certificate and register it on server.
# puppetserver ca list
Requested Certificates:
managed1.test.com (SHA256) C5:88:7B:C0:A6:7E:17:42:57:15:B1:99:4B:69:1E:3D:E9:0D:12:23:77:A6:05:EA:72:8B:C4:3D:23:95:1A:7
# puppetserver ca sign --certname managed1.test.com
# puppetserver ca list --all
Signed Certificates:
ansible.test.com (SHA256) 52:7E:D9:2D:5D:0B:CE:96:CB:E9:52:BF:30:74:D4:B7:F2:A3:A8:70:FF:07:4B:98:79:16:F7:7B:82:D7:50:80 alt names: ["DNS:ansible.test.com", "DNS:kbmaster", "DNS:ansible.test.com"] authorization extensions: [pp_cli_auth: true]
managed1.test.com (SHA256) 86:6A:E7:D0:96:9C:71:C9:38:98:A1:7C:DB:7B:ED:09:B5:DF:4A:F2:F9:FF:DC:42:06:47:CE:09:31:23:E6:C4 alt names: ["DNS:managed1.test.com"]That's it. Now you have a puppetserver and client in working
condition. So you can create manifests or modules and apply to
clients.