Skip to main content

Installing Open Source Puppet

Hands-On Lab

 

Photo of Elle Krout

Elle Krout

Content Team Lead in Content

Length

00:30:00

Difficulty

Beginner

Puppet is a configuration management tool that allows us to enforce consistent configurations across multiple platforms, and Puppet open source even lets us do it for free. In this lab, we'll configure an open source Puppet master on a CentOS 7 server, then start bringing our infra under Puppet's control by installing the Puppet agent on a second node. We'll also make sure our certificate authority is up and running by accepting our node's cert on the master.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Installing Open Source Puppet

Introduction

Puppet is a configuration management tool that allows us to enforce consistent configurations across multiple platforms, and Puppet open source even lets us do it for free. In this lab, we'll configure an open source Puppet master on a CentOS 7 server, then start bringing our infra under Puppet's control by installing the Puppet agent on a second node. We'll also make sure our certificate authority is up and running by accepting our node's cert on the master.

Solution

  1. Begin by logging in to the lab server using the credentials provided on the hands-on lab page:

    ssh cloud_user@PUBLIC_IP_ADDRESS

On the Puppet Master

  1. Update the /etc/hosts file to add the puppet alias to the loopback address:

    $ sudo $EDITOR /etc/hosts

    127.0.0.1 puppet localhost localhost.localdomain localhost4 localhost4.localdomain4

  2. Add the Puppet 5 Platform repository:

    $ sudo rpm -Uvh https://yum.puppet.com/puppet5-release-el-7.noarch.rpm

  3. Install the Puppet Server:

    $ sudo yum install puppetserver

  4. Update the Puppet Server's init file so it only uses 1 GB of RAM:

    $ sudo $EDITOR /etc/sysconfig/puppetserver

    JAVA_ARGS="-Xms1g -Xmx1g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"

  5. Start the Puppet Server:

    $ sudo systemctl start puppetserver

  6. Ensure the server starts on boot:

    $ sudo systemctl enable puppetserver

  7. Add a file to /etc/sudoers.d/ updating the secure path:

    $ sudo $EDITOR /etc/sudoers.d/99_extra

    Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/opt/puppetlabs/bin

    Save the file, then refresh the bash session:

    $ bash

On the Additional Node

  1. Update the /etc/hosts file, mapping the private IP of the master to puppet:

    $ sudo $EDITOR /etc/hosts

    10.0.1.100 puppet

  2. Add the Puppet 5 Platform repository:

    $ wget https://apt.puppetlabs.com/puppet5-release-bionic.deb $ sudo dpkg -i puppet5-release-bionic.deb $ sudo apt update

  3. Install the Puppet agent:

    $ sudo apt install puppet-agent

  4. Start and enable the puppet daemon:

    $ sudo systemctl start puppet $ sudo systemctl enable puppet

  5. Update the secure path, as we did with the master:

    $ sudo $EDITOR /etc/sudoers.d/99_extra

    Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/opt/puppetlabs/bin

    Save the file, then refresh the bash session:

    $ bash

  6. View the node's fingerprint:

    $ sudo puppet agent --fingerprint

Back on the Master

  1. View pending certificates:

    $ sudo puppetserver ca list

  2. Compare the node's fingerprint to the one output for it on the master. If they match (they should), sign the certificate:

    $ sudo puppetserver ca sign --certname node1.ec2.internal

Conclusion

Congratulations — you've completed this hands-on lab!