How to add Puppet Agents to Foreman

This is the second part of the Foreman tutorial. In the first guide, we've already shown you the installation and configuration of Foreman on Ubuntu Server 18.04 LTS and now I will show you how to add Puppet Agents to Foremen.

Prerequisites

  • Foreman Puppet Master
  • Root privileges

What we will do?

  1. Setup Hosts
  2. Install and Configure Puppet Agent
  3. Sign Certificates on the Foreman Puppet Master
  4. Testing

Step 1 - Setup Hosts

First of all, we need to configure the FQDN (Fully Qualified Domain Name) of puppet agent servers.

Change the hostname of the server using the hostnamectl command below.

hostnamectl set-hostname client.hakase-labs.io

After that, edit the '/etc/hosts' file.

vim /etc/hosts

Change the IP address and the FQDN with your own and paste into it.

10.9.9.20   server.hakase-labs.io   server
10.9.9.21   client.hakase-labs.io   client

Save and close.

Now test the host using the following command and make sure you get the FQDN of the server is resolved to your valid IP address.

ping $(hostname -f) -c 3

Step 2 - Install and Configure Puppet Agent

In this step, we're going to install the Puppet Agent 5 on Ubuntu 18.04 and CentOS 7 servers. We want to add the Puppet repository to the system, and then install the puppet agent packages on both Ubuntu and CentOS servers.

- Install Puppet Agent on Ubuntu 18.04 Server

Download the package repository and add it to the system.

cd /tmp && wget https://apt.puppetlabs.com/puppet5-release-bionic.deb
sudo dpkg -i puppet5-release-bionic.deb

After that, update ubuntu repositories and install the puppet agent packages using the following apt commands.

sudo apt update
sudo apt install -y puppet-agent

Install and Configure Puppet Agent

- Install Puppet Agent on CentOS 7 Server

Download the package repository and add it to the system.

cd /tmp && wget https://yum.puppet.com/puppet5/puppet5-release-el-7.noarch.rpm
rpm -ivh puppet5-release-el-7.noarch.rpm

After that, install the puppet agent packages using the following command.

sudo yum install -y puppet-agent

When the installation is complete, we must edit the default puppet configuration and define the agent settings.

Go to the '/etc/puppetlabs/puppet' directory and edit the configuration file 'puppet.conf'.

cd /etc/puppetlabs/puppet/
vim puppet.conf

Change the server FQDN and the certname with your own and paste into it.

[agent]
    server = server.hakase-labs.io
    certname = client.hakase-labs.io
    runinterval = 180
    environment = production
    listen = false
    pluginsync = true
    report = true

Save and exit.

After that, run the puppet agent service using the following command.

sudo /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true

Or if required, restart the service.

sudo systemctl restart puppet

The puppet agent is up and running on both Ubuntu and CentOS servers.

Install Puppet Agent on CentOS 7 Server

Step 3 - Sign Certificate Requests of the Puppet Agents

In order to sign the certificate requests of the puppet agents, we can use the terminal shell of the puppet master server (in this case is the foreman server itself) or using the foreman dashboard.

- Sign Certificate Requests using Terminal Shell

Login to the puppet master server (in this guide is the foreman server) and check the certificate request using the following command.

sudo /opt/puppetlabs/bin/puppetserver ca list

Now you will see the client name certificate, sign with the command below.

sudo /opt/puppetlabs/bin/puppetserver ca sign --certname client.hakase-labs.io

And the puppet agent certificate has been added to the puppet master through the terminal server.

Sign Certificate Requests using Terminal Shell

- Sign Certificate Requests using the Foreman Dashboard

Click the 'Infrastructure' menu on the left, then choose the 'Smart Proxies'.

Sign Certificate Requests using the Foreman Dashboard

Now select the 'Certificates' options from the drop-down button of the foreman server.

Now you will get the client name that makes requests on the 'pending' state, click the 'Sign' button.

Sign certificate

After that, verify the agent hosts by going to the 'Hosts' page.

Inside the 'Hosts' menu, click 'All Hosts' and make sure you get the name of the puppet agent on the server list as below.

All hosts

Below details about the Ubuntu Puppet Agent.

Ubuntu Puppet Agent

Step 4 - Testing

In this tutorial, we're going to test the puppet foreman server and puppet agent for deploying the nginx and NTP services to the puppet agent host. Before we begin, we need to download the nginx and ntp puppet modules to the foreman server and then activate these modules and add it to the puppet agent.

- Download Nginx Puppet Module

Download the nginx puppet module by running the following command on the puppet master foreman server.

sudo /opt/puppetlabs/bin/puppet module install puppet/nginx

Download Nginx Puppet Module

- Activate Puppet Modules

After that, import the nginx module through the foreman dashboard.

Click the 'Configure' menu on the left and click Puppet 'Classes'.

Click the 'Import Environment from server.hakase-labs.io' button, tick available module classes and click 'Update'.

Activate Puppet Modules

Now you will get the Nginx module on the list.

Nginx module

- Add Puppet Module to Agent Host

Click the 'Hosts' menu on left, click 'All Hosts' to get lists of available hosts.

Add Puppet Module to Agent Host

Now click the 'Edit' button on the agent host named 'client.hakase-labs.io'.

Goto the 'Puppet Classes' tab, add the 'nginx' and 'ntp' module and click the 'Submit' button.

Puppet Classes tab

The Nginx and NTP modules have been added to the Agent host.

Additional:

If you want to verify active classes on the Hosts, just click the 'YAML' button on the details information about the host and you will be shown the raw source of YAML configuration.

YAML config

- Apply and Test

If you want to apply the changes manually, you can run the following command on the puppet agent hosts.

sudo /opt/puppetlabs/bin/puppet agent --test

When it's complete, you will show the result as below.

Test

After that, verify the nginx and ntp service by checking the listed port to ensure the HTTP and NTP ports are used by the nginx and ntp services.

netstat -plntu

Now you can access the nginx web server on the agent node.

curl client.hakase-labs.io

Test with curl

To verify the ntp server configuration, run the following command.

cat /etc/ntp.conf

And you will be shown the ntp configuration that is managed by Puppet.

ntp.conf

Share this page:

0 Comment(s)