Install Puppet Master and Agent on Rocky Linux 8
Step 1: Update System
Start the setup from an updated Linux system.
# dnf -y update
As Kernel updates are sometimes installed when upgrade is done, it is a good practice to reboot your machine.
# reboot
Step 2: Add Puppet Yum repository
We’ll install Puppet packages from the project official YUM repository. I’ll add EPEL repository and Puppet repository.
# dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
# dnf -y install https://yum.puppetlabs.com/puppet-release-el-8.noarch.rpm
Step 3: Install Puppet Master on CentOS 8 .
The package installed on Puppet Master/Server machine is different from the one installed on the Managed Nodes(Agent). The package required on Puppet Master nodes is puppetserver. Install this package by running the command below:
# dnf -y install puppetserver
Note: Required dependencies such as Java will be installed automatically.
Step 4 : Puppet Configuration
Puppet Server does not require any configuration. You can just start the Puppet server service. It will use the default settings. If you want to change puppet master hostname, follow the below procedure.
Advanced Configurations (optional) Here, I am going to modify the Puppet Master settings for our requirement.
# vi /etc/puppetlabs/puppet/puppet.conf
[master]
dns_alt_names = pup01
[main]
certname = pup01
server = pup01
environment = production
runinterval = 1h
Step 5: Memory Allocation:
By default, Puppet Server is configured to use 2GB of RAM. However, if we want to experiment with Puppet Server on a VM, we can safely allocate as little as 512MB of memory. To change the Puppet Server memory allocation, we can edit the init config file, /etc/default/puppetserver:
# vi /etc/sysconfig/puppetserver
Change the value.
From:
JAVA_ARGS="-Xms2g -Xmx2g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"
To: For 512MB, use below settings.
JAVA_ARGS="-Xms512m -Xmx512m -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"
Step 6: Generate intermediate signing CA for Puppet Server.
# /opt/puppetlabs/bin/puppetserver ca setup
Step 8: Start and Enable the Puppet Server service:
# systemctl start puppetserver
# systemctl enable puppetserver
# systemctl status puppetserver
Step 9: Check the puppet version installed:
# puppetserver --version
puppetserver version: 7.9.5
Step 10: Install Puppet Agent
Install the puppet agent on your client using the below command.
# dnf -y update
# sed -i 's/enforcing/disabled/g' /etc/selinux/config
As Kernel updates are sometimes installed when upgrade is done, it is a good practice to reboot your machine.
# sudo reboot
Step 11: Add puppet yum repository on client and install puppet-agent
We’ll install Puppet packages from the project official YUM repository. I’ll add EPEL repository and Puppet repository.
# dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
# dnf -y install https://yum.puppetlabs.com/puppet-release-el-8.noarch.rpm
# dnf install -y puppet-agent
Puppet agent also uses some of the default settings to connect to the master node. However, we need to edit the puppet configuration file and set puppet master information.
Set server value as per your master node name. In my case, the server is pup01, and certname is my client hostname web01, db01 & lamp01.
# vi /etc/puppetlabs/puppet/puppet.conf
[main]
certname = web01
server = pup01
environment = production
runinterval = 1h
You can change the value of runinterval depends on the requirement. You can set the value in seconds (10 or 10s), minutes (10m) and hours (1h). This setting controls how long the agent should wait between the two catalog requests.
Start puppet agent on the node and make it start automatically on system boot.
# /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true
Output:
Notice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running'
service { 'puppet':
ensure => 'running',
enable => 'true',
}
Step 12: Sign Agent Node Certificate on Master Server
In an agent/master deployment, an admin must approve a certificate request coming from each node so that they can fetch the configurations. Agent nodes will request certificates for the first time if they attempt to run.
Log into the puppet master server and run below command to view outstanding requests.
[root@pup01 ~]# puppetserver ca list
Output:
Requested Certificates:
web01 (SHA256) EF:BE:B3:75:00:CE:ED:99:FA:6E:FB:FB:A1:94:4B:34:B4:EF:01:B0:BE:41:74:0D:3D:2A:73:EA:15:14:FE:69
db01 (SHA256) 78:E8:66:A5:6D:48:27:8C:36:99:28:8A:C0:8E:2C:45:FE:D3:5D:F1:FC:EF:4C:B3:A2:06:AE:84:70:41:77:21
lamp01 (SHA256) 5B:27:6B:CD:DC:4C:64:D0:F0:86:AE:12:A9:FD:F4:3B:83:1F:D4:D3:FF:08:AC:1C:1D:F4:38:A2:2D:6C:B0:7F
Run puppet cert sign command to sign a request.
[root@pup01 ~]#puppetserver ca sign --certname web01
Output:
Successfully signed certificate request for web01
The puppet master can now communicate to the client machine and control the node.
If you have multiple signing requests from nodes, you can sign all the requests in one command.
[root@pup01 ~]# puppetserver ca sign --all
Successfully signed certificate request for db01
Successfully signed certificate request for lamp01
[root@pup01 ~]#
Below script is created to install puppet agent on Centos 8 clients.
[root@db01 ~]# cat puppet-agent-installation.sh
#!/bin/bash
# Purpose: Puppet Agent Installation script on Centos 8.
# Version: 1.0
# Created Date: 8-Aug-2022
# Modified Date: 6-March-2023
# Author : Vallabh Darole
### Install puppet repository ###
dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarc h.rpm
dnf -y install https://yum.puppetlabs.com/puppet-release-el-8.noarch.rpm
### Install puppet agent ###
dnf install -y puppet-agent
### Update the configuration file ###
cat > /etc/puppetlabs/puppet/puppet.conf <<EOF
[main]
certname = `hostname -s`
server = pup01
environment = production
runinterval = 1h
EOF
### Starting and Enabling puppet agent ###
/opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true
sleep 10
### Registering the puppet agent ###
/opt/puppetlabs/bin/puppet agent --test
[root@db01 ~]#
Install Puppet Development Module and configure it.
# rpm -Uvh https://yum.puppet.com/puppet-tools-release-el-8.noarch.rpm
# yum install pdk
Create modules
# cd /etc/puppetlabs/code/environments/production/modules/
[root@pup01 modules]# pdk new module banner
pdk (INFO): Creating new module: banner
We need to create the metadata.json file for this module, so we're going to ask you 4 questions.
If the question is not applicable to this module, accept the default option shown after each question. You can modify any answers at any time by manually updating the metadata.json file.
[Q 1/4] If you have a Puppet Forge username, add it here.
We can use this to upload your module to the Forge when it's complete.
--> host
[Q 2/4] Who wrote this module?
This is used to credit the module's author.
--> vallabh darole
[Q 3/4] What license does this module code fall under?
This should be an identifier from https://spdx.org/licenses/. Common values are "Apache-2.0", "MIT", or "proprietary".
--> Apache-2.0
[Q 4/4] What operating systems does this module support?
Use the up and down keys to move between the choices, space to select and enter to continue.
--> RedHat based Linux, Debian based Linux
Metadata will be generated based on this information, continue? Yes
pdk (INFO): Using the default template-url and template-ref.
pdk (INFO): Module 'banner' generated at path '/etc/puppetlabs/code/environments/production/modules/banner'.
pdk (INFO): In your module directory, add classes with the 'pdk new class' command.
Now you can see banner folder is created
[root@pup01 banner]# tree
.
├── appveyor.yml
├── CHANGELOG.md
├── data
│ └── common.yaml
├── examples
├── files
│ └── issue
├── Gemfile
├── Gemfile.lock
├── hiera.yaml
├── manifests
│ └── init.pp
├── metadata.json
├── Rakefile
├── README.md
├── spec
│ ├── default_facts.yml
│ └── spec_helper.rb
├── tasks
└── templates
7 directories, 13 files
[root@pup01 banner]#
Now let create issue file in files folder
[root@pup01 banner]# cat files/issue
\S
\U on an \m
Today is \d \t
Now let create init.pp file in manifests folder.
[root@pup01 banner]# cat manifests/init.pp
class banner {
file { '/etc/issue': ### Creation of /etc/issue file
ensure => present,
source => 'puppet:///modules/banner/issue',
owner => 'root',
group => 'root',
mode => '0644',
}
}
[root@pup01 banner]#
Once module is completed update the site.pp file
[root@pup01 manifests]# pwd
/etc/puppetlabs/code/environments/production/manifests
[root@pup01 manifests]# cat site.pp
node default {
include host_file
include banner
}
[root@pup01 manifests]#
Build module to package. The generated package will be place in pkg folder inside module directory itself. Packages are portable unit that can be shipped or published to puppet forge for distributed access:
[root@pup01 banner]# pdk build
We need to update the metadata.json file for this module, so we're going to ask you 4 questions.
If the question is not applicable to this module, accept the default option shown after each question. You can modify any answers at any time by manually updating the metadata.json file.
[Q 1/4] Summarize the purpose of this module in a single sentence.
This helps other Puppet users understand what the module does.
-->
[Q 2/4] If there is a source code repository for this module, enter the URL here.
Skip this if no repository exists yet. You can update this later in the metadata.json.
-->
[Q 3/4] If there is a URL where others can learn more about this module, enter it here.
Optional. You can update this later in the metadata.json.
-->
[Q 4/4] If there is a public issue tracker for this module, enter its URL here.
Optional. You can update this later in the metadata.json.
-->
Metadata will be generated based on this information, continue? Yes
pdk (INFO): Building host-banner version 0.1.0
pdk (INFO): Build of host-banner has completed successfully. Built package can be found here: /etc/puppetlabs/code/environments/production/modules/banner/pkg/host-banner-0.1.0.tar.gz
[root@pup01 banner]#
Next, we will install the module by referring the tar.gz file from the last output. Since, here we are installing on same puppet server, so we will remove the existing my_module folder to /tmp:
[root@pup01 banner]# mv /etc/puppetlabs/code/environments/production/modules/banner/pkg/host-banner-0.1.0.tar.gz /tmp/
[root@pup01 banner]# cd ..
[root@pup01 modules]# rm -rf banner/
Install the module again.
[root@pup01 ~]# puppet module install /tmp/host-banner-0.1.0.tar.gz
Notice: Preparing to install into /etc/puppetlabs/code/environments/production/modules ...
Notice: Downloading from https://forgeapi.puppet.com ...
Notice: Installing -- do not interrupt ...
/etc/puppetlabs/code/environments/production/modules
└── host-banner (v0.1.0)
[root@pup01 ~]#
[root@pup01 banner]# tree
.
├── CHANGELOG.md
├── data
│ └── common.yaml
├── examples
├── files
│ └── issue
├── hiera.yaml
├── manifests
│ └── init.pp
├── metadata.json
├── README.md
├── tasks
└── templates
6 directories, 7 files
[root@pup01 banner]#
[root@pup01 ~]# puppet module list
/etc/puppetlabs/code/environments/production/modules
├── ansfile (???)
├── host-banner (v0.1.0)
├── host-bash (v0.1.0)
├── host-host_file (v0.1.0)
├── host-motd (v0.1.0)
└── root-my_module (v0.1.0)
/etc/puppetlabs/code/modules (no modules installed)
/opt/puppetlabs/puppet/modules (no modules installed)
[root@pup01 ~]#
Please find puppet code in below git repository
https://github.com/vdarole/puppet.git
No comments:
Post a Comment