How to install Puppet master and client in Ubuntu 14.04

Version 1.0
Author: Srijan Kishore <s [dot] kishore [at] ispconfig [dot] org>
Follow howtoforge on Twitter

This document describes how to install and configure Puppet on Ubuntu 14.04server, I will also connect a puppet client with Ubuntu 14.04 desktop. Puppet is a configuration management system that allows you to define the state of your IT infrastructure, then automatically enforces the correct state. Whether you're managing just a few servers or thousands of physical and virtual machines, Puppet automates tasks that sysadmins often do manually, freeing up time and mental space so sysadmins can work on the projects that deliver greater business value.
Whether you're deploying vendor-supplied applications or working with a team of internal software developers, Puppet automates every step of the software delivery process: from provisioning of physical and virtual machines to orchestration and reporting; from early-stage code development through testing, production release and updates. Puppet ensures consistency, reliability and stability. It also facilitates closer collaboration between sysadmins and developers, enabling more efficient delivery of cleaner, better-designed code.


1 Preliminary Note

This tutorial is based on Ubuntu 14.04 server and Ubuntu 14.04 desktop, so you should set up a basic Ubuntu 14.04 server  and desktop installation before you continue with this tutorial. The system should have a static IP address. I use 192.168.0.100 as my IP address of Ubuntu server and 192.168.0.101 as IP of Ubuntu desktop in this tutorial and server1.example.com as the hostname of Ubuntu server and desktop1.example.com as the hostname of Ubuntu desktop. 

In Ubuntu server and Ubuntu Desktop there must be this entry in the /etc/hosts file. These entries will be common in both Server and client.

nano /etc/hosts

[...]
192.168.0.100 server1.example.com server1 192.268.0.101 desktop1.example.com desktop1

In addition to that both Server and Desktop must have time sync, it will processed in both Server and Desktop machines as follows:

ntpdate pool.ntp.org ; apt-get update && sudo apt-get -y install ntp ; service ntp restart

2 Puppet master installation at Ubuntu Server 14.04

To install Puppet master we will the latest repository and install the Puppet as follows:

cd /tmp
wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
dpkg -i puppetlabs-release-trusty.deb
apt-get update

apt-get install puppetmaster

Check the puppet version as:

puppet -V

[email protected]:/tmp# puppet -V
3.7.1
[email protected]:/tmp#

We have puppet version as 3.7.1. Now we need to lock the puppet version update as this will hamper the configurations while updating the puppet. It will be done by editing the file as follows:

nano /etc/apt/preferences.d/00-puppet.pref

Add the entries in the newly created file as:

# /etc/apt/preferences.d/00-puppet.pref
Package: puppet puppet-common puppetmaster-passenger
Pin: version 3.7*
Pin-Priority: 501

It will not update the Puppet while running updates in the system.

Next we will change the configuration file as follows:

nano /etc/puppet/puppet.conf

[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
#templatedir=$confdir/templates

[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY

Just comment the line templatedir=$confdir/templates and save the file.

Now we will stop and then start the services:

service puppetmaster stop
service puppetmaster start

Now the master puppet server is ready.

3 Puppet client installation at Ubuntu Desktop 14.04

Now our aim is to install and configure Ubuntu Desktop as the Puppet client for the Puppet master Ubuntu Server. Your client must be configured for the /etc/hosts  in addition to that your Ubuntu Desktop must be time synced file as mentioned in above Chapter 1. Next we will install Puppet as follows:

cd /tmp
wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
dpkg -i puppetlabs-release-trusty.deb
apt-get update

apt-get install puppet

Check the puppet version as:

puppet -V

[email protected]:/tmp# puppet -V
3.7.1
[email protected]:/tmp#

We have puppet version as 3.7.1. Now we need to lock the puppet version update as this will hamper the configurations while updating the puppet. It will be done by editing the file as follows:

nano /etc/apt/preferences.d/00-puppet.pref

Add the entries in the newly created file as:

# /etc/apt/preferences.d/00-puppet.pref
Package: puppet puppet-common puppetmaster-passenger
Pin: version 3.7*
Pin-Priority: 501

It will not update the Puppet while running updates in the system.

Next we will change the configuration file as follows:

nano /etc/puppet/puppet.conf

[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
#templatedir=$confdir/templates

#[master]
## These are needed when the puppetmaster is run by passenger
## and can safely be removed if webrick is used.
#ssl_client_header = SSL_CLIENT_S_DN
#ssl_client_verify_header = SSL_CLIENT_VERIFY

[agent]
server = server1.example.com

Just comment the lines as mentioned above and add the agent entries and save the file.

Next we need to edit the file vi /etc/default/puppet and make changes from no to yes as show belo:

nano /etc/default/puppet

[...]
START=yes
[...]

Now we are ready to start the puppet service, it will be done as follows:

service puppet start

Now our client machine is ready to communicate with Puppet Master server.

4 Cert exchange from Puppet master to puppet client

After the successful configuration Puppet client Ubuntu Desktop will search Puppet master Server and ask for cert request before accepting any administrative instructions from Master puppet server.

To view such cert request run the command at Puppet Master Ubuntu server.

puppet cert list

[email protected]:~# puppet cert list
  "desktop1.example.com" (SHA256) BD:F7:7C:76:48:09:C5:FE:0C:A8:CD:81:92:1D:A4:1F:15:1C:1A:6E:DE:C1:3C:B4:CA:FC:C6:2F:B4:9A:91:74
[email protected]:~#

It means that there is a machine named as dekstop1.example.com which came into existence and asking for cert request. Now the puppet master server must sign the cert requested from puppet client. It can be done as follows:

puppet cert sign desktop1.example.com

The output will be like this:

[email protected]:~# puppet cert sign desktop1.example.com
Notice: Signed certificate request for desktop1.example.com
Notice: Removing file Puppet::SSL::CertificateRequest desktop1.example.com at '/var/lib/puppet/ssl/ca/requests/desktop1.example.com.pem'
[email protected]:~#

It means the request from desktop machine is accepted at Puppet master machine. We can check that with command as well:

puppet cert list -all

[email protected]:~# puppet cert list -all
+ "desktop1.example.com"        (SHA256) 7A:B7:CE:C4:A0:05:99:E7:E2:53:AD:D2:7F:6E:B5:38:CA:87:E0:8D:C7:0E:71:89:82:E1:17:FA:9D:B1:01:6D
+ "server1.server1.example.com" (SHA256) FF:E2:49:B9:2F:B4:D1:79:21:E9:1A:83:22:FA:DB:E8:5D:9B:9A:1C:E1:4D:83:B9:16:9D:FD:8B:72:FD:62:5F (alt names: "DNS:puppet", "DNS:puppet.server1.example.com", "DNS:server1.server1.example.com")
[email protected]:~#

The above + sign in the output shows successful certificate signing at Puppet master Ubuntu Server.

To view the client cert fingerprint at Puppet Client Ubuntu desktop, run:

puppet agent --fingerprint

[email protected]:~# puppet agent --fingerprint
(SHA256) 7A:B7:CE:C4:A0:05:99:E7:E2:53:AD:D2:7F:6E:B5:38:CA:87:E0:8D:C7:0E:71:89:82:E1:17:FA:9D:B1:01:6D
[email protected]:~#

Similarly we can add any number of clients with Puppet master Ubuntu Server and sign the cert requests from the clients. If for any administrative requiremnet you wish to to revoke the certs from the Puppet master Ubuntu Server we can run:

puppet cert clean desktop1.example.com

[email protected]:~# puppet cert clean desktop1.example.com
Notice: Revoked certificate with serial 3
Notice: Removing file Puppet::SSL::Certificate desktop1.example.com at '/var/lib/puppet/ssl/ca/signed/desktop1.example.com.pem'
Notice: Removing file Puppet::SSL::Certificate desktop1.example.com at '/var/lib/puppet/ssl/certs/desktop1.example.com.pem'
[email protected]:~#

To be sure the certificates are completely removed on the Puppet Master Ubuntu server I explicitly cleaned them again

puppet cert -c

Note Above I have just mentioned how we can revoke the cert and diconnect the Desktop from Puppet master server.

As mentioned above we can connect N number of desktops and do the administrations centrally through the Puppet master server. Congratulations! Now we have a fully functional Puppet instance on our Ubuntu 14.04 :)

Share this page:

6 Comment(s)

Add comment

Comments

From: Sean Facer

puppet cert list doesnt show anything? Where have I gone wrong?

 

Thanks

From: noxtribe

Bon tuto qui m'a beaucoup aidé.

Pour les neophyte (comme moi :D ) qui viennes ici apres avoir foirée une install.

Si vous voulez repartir sur ce tuto avec des bases saines :

sudo apt-get autoremove puppet --purgesudo apt-get autoremove puppetmaster --purge

 

From: Dipin Thomas

Hi,

Thank you for writing this.. it worked like charm [email protected],I think the agent is not able to communicate with master that can be the reason you are not able to see any agent on master list. Even I had such problem, after some troubleshooting found out that it was my DNS server.

 

Thank you once again.

From: krushna

Worked like charm . Thanks for posting this . Expecting more documents on this subject line .

From: venkat

Thanks for the steps.It worked fine.

 

However, I am not able to apply/push from Puppet Master .

it works from client , it picks up the config.

From: latha

Very good write-up. I definitely appreciate this website. Continue the good work!