In this tutorial, we will learn how to install Puppet master and agent on RHEL derivatives hence this tutorial would work on RHEL , Rocky Linux, AlmaLinux and other forks.
Similar to Ansible and Chef, Puppet is an open-source configuration management technology developed by Puppet Labs that is intended to automate and centralize the setup of infrastructure, including servers. It facilitates the quick and easy completion of time-consuming, repetitive tasks that might otherwise be difficult.
Puppet has the following important features and uses a client-server architecture.
- Puppet Master/Server: This node has all the settings needed to control client nodes that have the puppet slave installed on them.
- The controlled client nodes in your environment are called Puppet Slave. Every slave has the Puppet agent installed and functioning, and they are all under the control of the Puppet master.
- All of the data produced by Puppet is stored in a database called PuppetDB.
Regarding editions, in addition to open-source, Puppet Enterprise (PE) is available. Built on top of the open source Puppet framework, it is the commercial version of Puppet. You can control thousands of nodes’ configurations with both solutions. This is accomplished using the required state management in open-source Puppet.
Pre-requisite
- A minimum of 2 cores and 4GB of RAM, or 4 cores and 4GBs of RAM, are required to support at least 1,000 nodes.
- A recent RedHat-based Linux, such AlmaLinux, Oracle, or Rocky. The tutorial is made on Rocky Linux 8. You may refer the blog for any installation support How to Install Rocky Linux 8
Below is the IP and hostname of our setup :
192.168.255.100 puppetmaster.example.com
192.168.255.101 puppetslave.example.com- Internet connection; • Terminal access; • At least non-root sudo user access;
Installing the Puppet Master Server
Upgrading the host
Let us upgrade the system to make sure its running on the latest version
sudo dnf update && upgradeWe will need some tool/utility for further steps hence lets install them
sudo dnf install wget curl Enable the required repo
sudo dnf install epel-releasesudo dnf config-manager --set-enabled powertoolsOn Rocky Linux, using Puppet’s official Yum repository makes it simple to acquire the most recent packages.
sudo dnf -y install https://yum.puppet.com/puppet-release-el-8.noarch.rpmIf your host server is behind any corporate network make sure you have the proxy enabled to connect to the Puppet Website
sudo dnf update -yReboot the system
sudo rebootSetting System Hostnames (FQDN)
Set the FQDN (Fully Qualified Domain name ) for the host which will serve as Puppet Master (Server)
sudo hostnamectl set-hostname puppetmaster.example.comSimilarly set the FQDN for the host which will be serving as Puppet Slave
sudo hostnamectl set-hostname puppetslave.example.comSet the hostnames and IP in the /etc/hosts file for resolution
sudo vim /etc/hosts/
Add the hostname along with server IP-address, for example
192.168.255.100 puppetmaster.example.com puppetmaster puppetserver
192.168.255.101 puppetslave.example.com puppetslave puppetclientWhere, 192.168.255.100 is the IP address of the Puppet Master Server
Installing & Configuring Puppet master
Now that we have the puppet repository installed we will now install the puppet master packages
sudo dnf install puppetserver -yNow open the new default configuration file for puppet master
sudo vim /etc/puppetlabs/puppet/puppet.confAdd the FQDN of the host as below
dns_alt_names=puppetmaster.example.com,puppetmaster,puppetserver,puppetApart from the above add the below lines for the certificates
[main]
certname = puppetmaster.example.com
server = puppetmaster.example.com
environment = production
runinterval = 1hSave and Exit and the file
For detailed configuration refer the official Puppet Settings Documentation
Allowing Firewall for Puppet
To make sure Puppet can readily connect with agents over the network, open the Puppet service in your system’s firewall.
sudo firewall-cmd --add-service=puppetmaster --permanent
sudo firewall-cmd --reloadStart the Puppet Master
We now have the server up and running with all the configurations finalized. Puppet master services won’t be operating by default; let’s start and activate them.
sudo systemctl start puppetserver
sudo systemctl enable puppetserverAdding Puppet to System Path
To utilize this tool’s command line, irrespective of the directory you are in, type:
echo 'export PATH=$PATH:/opt/puppetlabs/bin' | tee -a ~/.bashrcReload
source ~/.bashrcCheck the puppet version
puppet --versionNow switch to root to issue the certificate
sudo su -
puppetserver ca setupList :
puppetserver ca list --all
You can now test the puppet server with the local client
puppet agent -tFor all pending certificate (client) run the command to sign it
puppetserver ca sign --allInstalling Puppet Slave/agent (Client)
Installing repo and agent packages
We can now simply deploy Puppet agent on a remote Linux or Windows server if that is what you would like to accomplish.
Use the following commands for RPM systems, such as Redhat, CentOS, Rocky, Oracle Linux, and Almalinux:
sudo dnf -y install https://yum.puppet.com/puppet-release-el-8.noarch.rpmFor Ubuntu and Debian systems:
Ubuntu 22
wget https://apt.puppet.com/puppet7-release-focal.debDebian 12
wget https://apt.puppet.com/puppet7-release-bullseye.debInstall the downloaded packages
sudo dpkg -i puppet7-release-focal.debInstalling puppet agent
sudo apt install puppet-agentStart the service
sudo systemctl enable --now puppetConfiguring Puppet agent
Edit the agent default file
sudo vim /etc/puppetlabs/puppet/puppet.confAdd the below lines to the above file
[main]
ssldir = /var/lib/puppet/ssl
vardir = /var/lib/puppet
cadir = /var/lib/puppet/ssl/ca
dns_alt_names = puppet
[agent]
server=puppetmaster.example.com
ca_server=puppetmaster.example.comSave and Exit file
Edit the /etc/hosts file to add the IP and hostnames
sudo vim /etc/hostsAdd the below lines
192.168.255.100 puppetmaster.example.com puppetmaster puppetserver
192.168.255.101 puppetslave.example.com puppetslave puppetclient
Save and exit the file
You can once again check on the Puppet Master node to check and sign the certificate (Run on master node as root )
puppetserver ca list --allSign the certificate after identifying your client node (Run on master node as root )
puppetserver ca sign puppetslave.example.comNow you can test your client/slave
puppet agent -tConclusion
This puts this guide to a close. Using Rocky Linux 8 nodes in our configuration, we have shown in this post how to install Puppet Master and Agent on RHEL-based systems.