Puppet : Install2024/09/12

Install and setup the Configuration management tool [Puppet].
It's possible to use it on a server with standalone though, however, the example here configures Puppet with server and client environment.

It's necessary to setup DNS or hosts settings to resolve names or IP address and also NTP settings first.

[1]

Configure Puppet on Server Host.

root@dlp:~ #

pkg install -y puppetserver8

root@dlp:~ #

vi /usr/local/etc/puppet/puppet.conf

# create new

dns_alt_names = dlp.srv.world,dlp
# any [environment] name you like
environment = production

[main]
certname = dlp.srv.world
server = dlp.srv.world

root@dlp:~ #

service puppetserver enable

puppetserver enabled in /etc/rc.conf
root@dlp:~ #

service puppetserver start

Starting puppetserver.

[2]	Configure Puppet on Client Host.

root@node01:~ #

pkg install -y puppet8

root@node01:~ #

vi /usr/local/etc/puppet/puppet.conf

# create new

[main]
certname = node01.srv.world
server = dlp.srv.world

[agent]
server = dlp.srv.world
ca_server = dlp.srv.world
# interval for applying catalogs on server
# if set [0], always applied
# default is 30 minutes if the value is not set
runinterval = 30m

root@node01:~ #

service puppet enable

puppet enabled in /etc/rc.conf
root@node01:~ #

service puppet start

Starting puppet.

[3]	Enable certificate from Puppet Client on Puppet Server.

root@dlp:~ #

puppetserver ca list --all

Requested Certificates:
    node01.srv.world       (SHA256)  BC:C7:45:48:3E:A1:60:1D:3E:8F:9E:10:68:E1:13:72:2B:F0:46:01:F2:47:9B:9A:F7:27:D4:61:52:75:CD:F4
Signed Certificates:
    dlp.srv.world       (SHA256)  33:FD:F6:A7:69:AE:16:21:1E:C8:F5:F4:8D:83:B5:7E:FF:E9:4C:32:29:E6:8C:EE:4E:19:4E:2D:92:57:FC:BD       alt names: ["DNS:dlp.srv.world", "DNS:dlp", "DNS:dlp.srv.world"]        authorization extensions: [pp_cli_auth: true]

# sign

root@dlp:~ #

puppetserver ca sign --certname node01.srv.world

Successfully signed the following certificate requests:
  node01.srv.world

[4]	Verify Puppet Server and Client work normally to create a test manifest. Puppet clients apply manifests on Puppet server for every 30 minutes by default, so wait for a moment to make sure the setting or if you'd like to make sure at once, restart Puppet Client daemon.

# create a directory for putting manifests
# for the name [production], specify the name set for [environment = ***] parameter in [puppet.conf]

root@dlp:~ #

mkdir -p /usr/local/etc/puppet/code/environments/production/manifests

root@dlp:~ #

vi /usr/local/etc/puppet/code/environments/production/manifests/site.pp

# for example, create a [testgroup]

group { 'testgroup':
  ensure => present,
  gid    => 2000,
}

# on Client host, restart puppet if you like to verify settings immediately

root@node01:~ #

service puppet restart

root@node01:~ #

grep testgroup /etc/group

testgroup:*:2000:

[5]	If you like to apply manifest manually on localhost, run like follows.

root@dlp:~ #

puppet apply /usr/local/etc/puppet/code/environments/production/manifests/site.pp

Notice: Compiled catalog for dlp.srv.world in environment production in 0.01 seconds
Notice: /Stage[main]/Main/Group[testgroup]/ensure: created
Notice: Applied catalog in 0.02 seconds
root@dlp:~ #

grep testgroup /etc/group

testgroup:*:2000:

Matched Content