Install Puppet Master and Agent on Ubuntu 20.04|18.04

Posted on 74 views

This is a guide on how to install Puppet Master and Agent on Ubuntu 20.04|18.04 Linux system. Puppet is a configuration management tool written in Ruby and C++ that helps you automate configurations and deployments of applications across hundreds to thousands of systems. The software is under Apache License.

Puppet run on Linux, Unix, and Windows environments. As of this writing, the latest release of Puppet is 7.2

Puppet Server / Client Architecture

Puppet uses Client/Server model. The server does all the automation of tasks on systems that have a client application installed. The work of the Puppet agent is to send facts to the puppet master and request a catalog based on certain interval level. Once it receives a catalog, Puppet agent applies it to the node by checking each resource the catalog describes. It makes relevant changes to attain the desired state.

The work of the Puppet master is to control configuration information.  Each managed agent node requests its own configuration catalog from the master.

What is a Catalog in Puppet?

catalog is a document that describes the desired system state for one specific system. It lists all of the resources that need to be managed, as well as any dependencies between those resources.

Puppet  is able to configure end systems in two stages:

  1. Compile a catalog.
  2. Apply the catalog.

Puppet Master – Agent Communication

The communication between the Puppet agent and master servers is over an encrypted tunnel (HTTPS) with client verification. By using configuration management systems like Puppet, as a Sysadmin, you get to focus on production tasks by removing all manual repetitive tasks.

Installing Puppet Master on Ubuntu 20.04|18.04

Let’s now dive to the installation process for Puppet master on Ubuntu 20.04|18.04. My Lab environment is as below:

Puppet Master:

Hostname: puppetmaster
IP Address: 192.168.1.2

Puppet Agent ( For Testing ):

Hostname: puppetclient
IP Address: 192.168.1.3

Setup Prerequisites

One of the key requirements of the Puppet master is network time synchronization.  We will ensure we have correct timezone set on the Puppet master server as well as working NTP service. We will later configure Agent nodes to sync their time with the Puppet Master,

Step 1: Set correct timezone

Ubuntu 18.04+ ships with timedatectl command line tool that you can use to set the correct timezone on your server. Use it like below, replacing “Africa/Nairobi” with your correct timezone.

sudo timedatectl set-timezone Africa/Nairobi

Confirm the change using:

$ timedatectl
                      Local time: Wed 2019-10-30 08:33:53 EAT
                  Universal time: Wed 2019-10-30 05:33:53 UTC
                        RTC time: Wed 2019-10-30 05:33:54
                       Time zone: Africa/Nairobi (EAT, +0300)
       System clock synchronized: yes
systemd-timesyncd.service active: yes
                 RTC in local TZ: no

Step 2: Set server hostname

Use the hostnamectl command to set server hostname

export HOST_NAME="puppetmaster"
sudo hostnamectl set-hostname $HOST_NAME

Login again and confirm new hostname

$ hostname
puppetmaster

Add correct hostnames and IP addresses we’ll use later to /etc/hosts file.

$ sudo vim /etc/hosts
[puppet-master-ip] puppetmaster puppet
[puppet-client-ip] puppetclient

Step 2: Set Chrony NTP server

Install ntp package:

sudo apt remove ntp
sudo apt -y install chrony

If you would like to restrict which systems can use your ntp server, add a line like below to /etc/chrony/chrony.conf:

$ sudo vim /etc/chrony/chrony.conf
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

Replace 192.168.1.0 with your trusted network.

The restart ntp service:

sudo systemctl restart chronyd

Check ntp status:

$ sudo chronyc sources
210 Number of sources = 8
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* chilipepper.canonical.com     2   6    17     2   +991us[ +836us] +/-   57ms
^+ pugot.canonical.com           2   6    17     2  +1049us[+1049us] +/-   61ms
^+ golem.canonical.com           2   6    17     3   +153us[-2656ns] +/-   63ms
^+ alphyn.canonical.com          2   6    17     3   +589us[ +433us] +/-   66ms
^+ pool-71-168-219-127.cmdn>     1   6    17     3  +1249us[+1093us] +/-   54ms
^+ smtp.us.naz.com               2   6    17     3  -2583us[-2738us] +/-   67ms
^+ mail.masters-of-cloud.de      2   6    17     2  +1293us[+1137us] +/-   49ms
^+ ns4.turbodns.co.uk            2   6    17     2  +4616us[+4460us] +/-  103ms

Install Puppet Master on Ubuntu 20.04|18.04

Now that all prerequisites are met, proceed to download PuppetLabs repository for Ubuntu and install Puppet master on the server.

Ubuntu 20.04:

sudo apt update
curl -O https://apt.puppet.com/puppet-release-focal.deb
sudo apt install ./puppet-release-focal.deb

Ubuntu 18.04:

sudo apt update
sudo apt install wget
curl -O https://apt.puppet.com/puppet6-release-bionic.deb
sudo apt install ./puppet6-release-bionic.deb

Update apt index and install puppet master:

sudo apt update
sudo apt install puppetserver

Agree to start the installation:

...
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  ca-certificates-java fontconfig-config fonts-dejavu-core java-common libavahi-client3 libavahi-common-data libavahi-common3 libcups2 libfontconfig1
  libjpeg-turbo8 libjpeg8 liblcms2-2 libnspr4 libnss3 libpcsclite1 libxi6 libxrender1 libxtst6 net-tools openjdk-8-jre-headless puppet-agent x11-common
Suggested packages:
  default-jre cups-common liblcms2-utils pcscd libnss-mdns fonts-dejavu-extra fonts-ipafont-gothic fonts-ipafont-mincho fonts-wqy-microhei fonts-wqy-zenhei
  fonts-indic
The following NEW packages will be installed:
  ca-certificates-java fontconfig-config fonts-dejavu-core java-common libavahi-client3 libavahi-common-data libavahi-common3 libcups2 libfontconfig1
  libjpeg-turbo8 libjpeg8 liblcms2-2 libnspr4 libnss3 libpcsclite1 libxi6 libxrender1 libxtst6 net-tools openjdk-8-jre-headless puppet-agent puppetserver
  x11-common
0 upgraded, 23 newly installed, 0 to remove and 66 not upgraded.
Need to get 118 MB of archives.
After this operation, 329 MB of additional disk space will be used.
Do you want to continue? [Y/n] y

Confirm the installed version of Puppet:

$ apt policy puppetserver
puppetserver:
  Installed: 7.2.0-1focal
  Candidate: 7.2.0-1focal
  Version table:
 *** 7.2.0-1focal 500
        500 http://apt.puppetlabs.com focal/puppet amd64 Packages
        500 http://apt.puppetlabs.com focal/puppet all Packages
        100 /var/lib/dpkg/status
....

Start and enable puppetserver service

sudo systemctl start puppetserver.service
sudo systemctl enable puppetserver.service

On Ubuntu, the service should be started automatically:

$ systemctl status puppetserver.service 
systemctl status puppetserver
● puppetserver.service - puppetserver Service
     Loaded: loaded (/lib/systemd/system/puppetserver.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2021-06-28 14:31:27 EAT; 33s ago
   Main PID: 6131 (java)
      Tasks: 45 (limit: 4915)
     Memory: 968.2M
     CGroup: /system.slice/puppetserver.service
             └─6131 /usr/bin/java -Xms2g -Xmx2g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger -XX:OnOutOfMemoryError="kill -9 %p" -XX:ErrorFi>

Jun 28 14:31:07 puppet-server.computingpost.com systemd[1]: Starting puppetserver Service...
Jun 28 14:31:27 puppet-server.computingpost.com systemd[1]: Started puppetserver Service.

Configure Puppet Master on Ubuntu 20.04|18.04

After the Puppet master server has been installed, it is time to start the configuration. It is recommended to change Puppet Java process memory allocation Infrastructure size. I’ll assign my Puppet server 1gb of ram. This is done by editing environment file located on /etc/default/puppet-master

$ sudo vim /etc/default/puppetserver
JAVA_ARGS="-Xms1024m -Xmx1024m"

Restart puppet server process after making the change.

sudo systemctl restart  puppetserver

Configure Firewall:

If you have a firewall on your Ubuntu system, you need to open port 8140 which is used by the Puppet master service. Run the following commands to allow port on the firewall:

sudo ufw allow 8140/tcp

Configure PATH Environment

Add below lines in your bashrc file:

$ vim ~/.bashrc
 export PATH=$PATH:/opt/puppetlabs/bin

Source the ~/.bashrc file:

source ~/.bashrc

Confirm your current PATH settings:

$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/opt/puppetlabs/bin

Install Puppet Agent on Managed Nodes

On the nodes to be automated with Puppet install puppet Agent:

Ubuntu 20.04:

sudo apt update
curl -O https://apt.puppet.com/puppet-release-focal.deb
sudo apt install ./puppet-release-focal.deb
sudo apt update
sudo apt install  puppet-agent

Ubuntu 18.04:

sudo apt update
sudo apt install wget
curl -O https://apt.puppet.com/puppet6-release-bionic.deb
sudo apt install ./puppet6-release-bionic.deb
sudo apt update
sudo apt install  puppet-agent

Open the /etc/hosts file and set name for the server and this agent:

$ sudo vim /etc/hosts 
[puppet-master-ip] puppetmaster puppet
[puppet-client-ip] puppetclient

Edit Puppet Agent configuration file and add Master server DNS alternative names:

$ sudo vim /etc/puppetlabs/puppet/puppet.conf
[server]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
dns_alt_names=puppetmaster,puppetserver

Also configure main section like below:

$ sudo vim /etc/puppetlabs/puppet/puppet.conf
[main]
server = puppetmaster
certname = puppetclient
environment = production
runinterval = 1h

Now start the Puppet service:

sudo systemctl start puppet
sudo systemctl enable puppet

On the Puppet Master Node list all the available certificates:

$ sudo /opt/puppetlabs/bin/puppetserver ca list --all
Signed Certificates:
    puppetmaster       (SHA256)  88:75:01:73:8A:CE:50:1D:A1:55:6F:00:47:5C:0B:87:F5:AD:5E:B8:7F:70:F6:A7:7F:C4:92:67:35:07:3E:32	alt names: ["DNS:puppetmaster", "DNS:puppetmaster", "DNS:puppetserver", "DNS:puppetmaster"]	authorization extensions: [pp_cli_auth: true]
    puppetclient       (SHA256)  71:80:13:23:4F:30:18:32:05:01:80:52:F7:C2:48:BE:7B:89:AE:E6:DD:87:C4:6B:4C:4F:07:47:7D:D8:14:A2	alt names: ["DNS:puppet", "DNS:puppetclient"]	authorization extensions: [pp_cli_auth: true]

Sign any pending certificate:

sudo /opt/puppetlabs/bin/puppetserver ca sign --all

The Puppet Master should now be able to communicate with agent node and to control it. Confirm by running below command on the agent:

$ sudo /opt/puppetlabs/bin/puppet agent --test
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppetmaster
Info: Applying configuration version '1624883476'
Notice: Applied catalog in 0.01 seconds

Add Puppet Binary folder to $PATH

Puppet binaries are located in /opt/puppetlabs/bin. This directory by default is not in your $PATH. As can be confirmed with:

$ ls /opt/puppetlabs/bin/
facter  hiera  puppet  puppetserver

$ which puppet
/usr/bin/which: no puppet in (/home/vagrant/.local/bin:/home/vagrant/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin)

Add it to PATH:

$ vim ~/.bashrc
export PATH=$PATH:/opt/puppetlabs/bin

$ source ~/.bashrc
$ which puppet
/opt/puppetlabs/bin/puppet

Enjoy automating your infrastructure management and applications deployment with Puppet configuration management tool.

coffee

Gravatar Image
A systems engineer with excellent skills in systems administration, cloud computing, systems deployment, virtualization, containers, and a certified ethical hacker.