Setting up Puppet on Ubuntu

      No Comments on Setting up Puppet on Ubuntu

In this post, I will explain how I installed a Puppet server and a Puppet agent on Ubuntu hosts. I spent a fair amount of time trying to follow instructions from different other posts with little success. This is why I thought I would share what worked for me.

Setting up the server

Create Virtual Machine

First, I created a virtual machine, named “puppetmaster” and running on Ubuntu Server version 16.04. I assigned 2 vCores, 80GB of disk space and 4GB of RAM to that server. I am hosting the VM on ESXi, but other virtualization technologies should work just the same.

Hosts file

I don’t have my own DNS, so I used host files instead.
In a terminal, do:

sudo vi /etc/hosts

Add the following entry to the file, just after the localhost and puppet-server entries:

"IP Address of your server" puppetmaster.example.com puppetmaster puppet

Save and close the file.

Time Synchronization

We have to make sure that our Puppet Master and Puppet Client have synchronized time/clocks. To do so, we will use ntp.

In a terminal, do:

sudo apt-get install ntpdate
sudo ntpdate pool.ntp.org
sudo apt-get install ntp
service ntp restart

Make sure Ubuntu is up-to-date

In a terminal, do:

sudo apt-get update
sudo apt-get upgrade

Install Puppet Master

In a terminal, do:

sudo apt-get install puppetmaster
puppet -V

The last command will display the version Puppet. We will use that information in the next step

Lock Puppet version

In a terminal, do:

sudo vi /etc/apt/preferences.d/00-puppet.pref

Add the following content to the file:

# /etc/apt/preferences.d/00-puppet.pref
Package: puppet puppet_common puppetmaster
Pin: version 3.8*
Pin-Priority: 501

Save and close the file.
You may have to replace 3.8* with the version of Puppet you installed, if it is a different one.

Puppet.conf

In a terminal, do:

sudo vi /etc/puppet/puppet.conf

Add the following content to the file, in the “[master]” section:

certname = puppet
dns_alt_names = puppet, puppetmaster, puppetmaster.example.com

Generate initial server certificates

In a terminal, do:

sudo service puppetmaster stop
sudo puppet master --verbose --no-daemonize
>>> Press Ctrl-C when it seems to be waiting for a while
sudo puppet cert list --all
sudo service puppetmaster start

The certificates list should contain a certificate for the puppet master server.

We are done setting up our Puppet server!

Setting up the agent

Create Virtual Machine

I created a virtual machine, named “puppetagent” and running on Ubuntu Desktop version 14.04. I assigned 4 vCores, 60GB of disk space and 4GB of RAM to that virtual machine. It is also hosted on ESXi in my case.

Hosts file

In a terminal, do:

sudo vi /etc/hosts

Add the following entry to the file, just after the localhost and puppet-server entries:

"IP Address of your server" puppetmaster.example.com puppetmaster puppet
"IP Address of your agent" puppetagent.example.com puppetagent

Save and close the file.

Time Synchronization

We have to make sure that our Puppet Master and Puppet Client have synchronized time/clocks. To do so, we will use ntp.

In a terminal, do:

sudo ntpdate pool.ntp.org
sudo apt-get install ntp
service ntp restart

Make sure Ubuntu is up-to-date

In a terminal, do:

sudo apt-get update
sudo apt-get upgrade

Install Puppet

In a terminal, do:

sudo apt-get install puppet
puppet -V

The last command will display the version Puppet. We will use that information in the next step

Lock Puppet version

In a terminal, do:

sudo vi /etc/apt/preferences.d/00-puppet.pref

Add the following content to the file:

# /etc/apt/preferences.d/00-puppet.pref
Package: puppet puppet_common
Pin: version 3.4*
Pin-Priority: 501

Save and close the file.
You may have to replace 3.4* with the version of Puppet you installed, if it is a different one.

You are almost done with the agent installation/configuration. All what’s missing is to have the puppet master signing a certificate for our agent.

Connect agent and server

Request certificate to Puppet Master

On the agent, in a terminal, do:

sudo puppet agent --test --server=puppet
sudo puppet cert list --all

It should say something like this:

Notice: Signed certificate request for ca

Sign the certificate on Puppet Master

On Puppet Master, in a terminal, do:

sudo puppet cert list --all

This should show a few entries, including the request from your agent. Actually, your agent request should be the only entry without a “+” at the beginning of the line.

sudo puppet cert sign puppetagent

Go back to the agent, in a terminal, do:

sudo puppet agent --enable

You now have a Puppet agent that will poll the master, every 15 minutes, to see if it should update the computer configuration it is responsible for.

That’s it, you are done!

Quick test

In a terminal on the Puppet Master, do:

sudo vi /etc/puppet/manifests/site.pp

Put the following content in the file:

file {'/tmp/example-ip':
  ensure => present,
  mode => 0644,
  content => "IP Address of this virtual machine: ${ipaddress_eth0}.\n",
}

Save and close the file. All the computers managed with that Puppet Master will have that file created in their file system.

Now, you can wait until your agent verifies if it has a new configuration, but this may take a while.
If you want to go faster, simply go in a terminal on your agent an do:

sudo puppet agent --test --server=puppet

You should see some text, in the terminal, saying that your virtual machine is being updated. Once the update is completed, you should see the file in the /tmp folder if everything worked well!

A few other tricks

facter

You can use the “facter” command on your master or agent to list a lot of information about your virtual machine. I believe that information is also available, to you, when you write manifests or modules. But I will look into this later.

Revoking certificates

You can revoke certificates in the following way:

sudo puppet cert revoke "name of agent"

Once you revoked an agent certificates, it wont be able to query the master for configuration updates. It will have to request the master to sign a new certificate to resume normal operation.

Bad certificates ???

Especially when something is wrong in your hosts files, it can be a bit tricky to delete the certificates & requests, on both the master and agent.

On the agent, to show where the certificates are stored, you can do the following:

puppet agent --configprint ssldir

In my case, it says the certificates are in “/var/lib/puppet/ssl”.

You will want to delete the certificates by doing:

sudo find /var/lib/puppet -name puppetagent -delete

or

sudo rm -f /var/lib/puppet/ssl/certs/puppetagent.pem

On the master, simply do:

sudo puppet cert clean "name of agent"

Then, after fixing your configuration, go back on the node and do:

sudo puppet agent --test --server=puppet

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments Protected by WP-SpamShield Spam Plugin