How to add Puppet Agents to Foreman
This is the second part of the Foreman tutorial. In the first guide, we've already shown you the installation and configuration of Foreman on Ubuntu Server 18.04 LTS and now I will show you how to add Puppet Agents to Foremen.
Prerequisites
- Foreman Puppet Master
- Root privileges
What we will do?
- Setup Hosts
- Install and Configure Puppet Agent
- Sign Certificates on the Foreman Puppet Master
- Testing
Step 1 - Setup Hosts
First of all, we need to configure the FQDN (Fully Qualified Domain Name) of puppet agent servers.
Change the hostname of the server using the hostnamectl command below.
hostnamectl set-hostname client.hakase-labs.io
After that, edit the '/etc/hosts' file.
vim /etc/hosts
Change the IP address and the FQDN with your own and paste into it.
10.9.9.20 server.hakase-labs.io server
10.9.9.21 client.hakase-labs.io client
Save and close.
Now test the host using the following command and make sure you get the FQDN of the server is resolved to your valid IP address.
ping $(hostname -f) -c 3
Step 2 - Install and Configure Puppet Agent
In this step, we're going to install the Puppet Agent 5 on Ubuntu 18.04 and CentOS 7 servers. We want to add the Puppet repository to the system, and then install the puppet agent packages on both Ubuntu and CentOS servers.
- Install Puppet Agent on Ubuntu 18.04 Server
Download the package repository and add it to the system.
cd /tmp && wget https://apt.puppetlabs.com/puppet5-release-bionic.deb
sudo dpkg -i puppet5-release-bionic.deb
After that, update ubuntu repositories and install the puppet agent packages using the following apt commands.
sudo apt update
sudo apt install -y puppet-agent
- Install Puppet Agent on CentOS 7 Server
Download the package repository and add it to the system.
cd /tmp && wget https://yum.puppet.com/puppet5/puppet5-release-el-7.noarch.rpm
rpm -ivh puppet5-release-el-7.noarch.rpm
After that, install the puppet agent packages using the following command.
sudo yum install -y puppet-agent
When the installation is complete, we must edit the default puppet configuration and define the agent settings.
Go to the '/etc/puppetlabs/puppet' directory and edit the configuration file 'puppet.conf'.
cd /etc/puppetlabs/puppet/
vim puppet.conf
Change the server FQDN and the certname with your own and paste into it.
[agent]
server = server.hakase-labs.io
certname = client.hakase-labs.io
runinterval = 180
environment = production
listen = false
pluginsync = true
report = true
Save and exit.
After that, run the puppet agent service using the following command.
sudo /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true
Or if required, restart the service.
sudo systemctl restart puppet
The puppet agent is up and running on both Ubuntu and CentOS servers.
Step 3 - Sign Certificate Requests of the Puppet Agents
In order to sign the certificate requests of the puppet agents, we can use the terminal shell of the puppet master server (in this case is the foreman server itself) or using the foreman dashboard.
- Sign Certificate Requests using Terminal Shell
Login to the puppet master server (in this guide is the foreman server) and check the certificate request using the following command.
sudo /opt/puppetlabs/bin/puppetserver ca list
Now you will see the client name certificate, sign with the command below.
sudo /opt/puppetlabs/bin/puppetserver ca sign --certname client.hakase-labs.io
And the puppet agent certificate has been added to the puppet master through the terminal server.
- Sign Certificate Requests using the Foreman Dashboard
Click the 'Infrastructure' menu on the left, then choose the 'Smart Proxies'.
Now select the 'Certificates' options from the drop-down button of the foreman server.
Now you will get the client name that makes requests on the 'pending' state, click the 'Sign' button.
After that, verify the agent hosts by going to the 'Hosts' page.
Inside the 'Hosts' menu, click 'All Hosts' and make sure you get the name of the puppet agent on the server list as below.
Below details about the Ubuntu Puppet Agent.
Step 4 - Testing
In this tutorial, we're going to test the puppet foreman server and puppet agent for deploying the nginx and NTP services to the puppet agent host. Before we begin, we need to download the nginx and ntp puppet modules to the foreman server and then activate these modules and add it to the puppet agent.
- Download Nginx Puppet Module
Download the nginx puppet module by running the following command on the puppet master foreman server.
sudo /opt/puppetlabs/bin/puppet module install puppet/nginx
- Activate Puppet Modules
After that, import the nginx module through the foreman dashboard.
Click the 'Configure' menu on the left and click Puppet 'Classes'.
Click the 'Import Environment from server.hakase-labs.io' button, tick available module classes and click 'Update'.
Now you will get the Nginx module on the list.
- Add Puppet Module to Agent Host
Click the 'Hosts' menu on left, click 'All Hosts' to get lists of available hosts.
Now click the 'Edit' button on the agent host named 'client.hakase-labs.io'.
Goto the 'Puppet Classes' tab, add the 'nginx' and 'ntp' module and click the 'Submit' button.
The Nginx and NTP modules have been added to the Agent host.
Additional:
If you want to verify active classes on the Hosts, just click the 'YAML' button on the details information about the host and you will be shown the raw source of YAML configuration.
- Apply and Test
If you want to apply the changes manually, you can run the following command on the puppet agent hosts.
sudo /opt/puppetlabs/bin/puppet agent --test
When it's complete, you will show the result as below.
After that, verify the nginx and ntp service by checking the listed port to ensure the HTTP and NTP ports are used by the nginx and ntp services.
netstat -plntu
Now you can access the nginx web server on the agent node.
curl client.hakase-labs.io
To verify the ntp server configuration, run the following command.
cat /etc/ntp.conf
And you will be shown the ntp configuration that is managed by Puppet.