How to Install Puppet 7 Server on Rocky Linux/Alma Linux 9

In this guide, we are going to install Puppet 7 Server Open Source in Rocky Linux/Centos 8 Server. We will set up a Puppet server and an agent and install nginx using puppet manifests.

Puppet is a software configuration management tool which includes its own declarative language to describe system configuration. It is a model-driven solution that requires limited programming knowledge to use. Puppet operates in an agent-master architecture, in which a master node controls configuration information for a fleet of managed agent nodes.

Puppet is distributed in several packages. These include puppetserver, puppet-agent and puppetdb. Puppet Server controls the configuration information for one or more managed agent nodes. PuppetDB is where the data generated by Puppet is stored.

Prerequisites

To follow along, ensure that you have:

Updated Rocky Linux 9 Puppet Server and Puppet Agent machine
Root access to the servers
Internet access from the server
Knowledge of Linux terminal

Table of Content

Ensuring the servers are up to date
Set up Hostname
Disable SELinux
Installing Puppet
Configure puppet master and agent
Starting and enabling puppet service
Open Service Port on the firewall
Add Puppet Binary folder to $PATH
Start the Puppet client
Verify the Puppet Agent Configuration
Create Simple Manifest to Deploy Nginx

1. Ensuring the servers are up to date

Before proceeding let us ensure that the server packages are up to date with the following command:

sudo dnf -y update

2. Set up Hostname

Puppet uses server hostnames to push manifests to the nodes. Connect to the puppet master.

The set up hostname:

sudo hostnamectl set-hostname puppetmaster.citizix.com

Ensure the hostname has proper DNS record and also update_ /etc/hosts_ file.

sudo vim /etc/hosts

Add this content:

10.2.40.226 puppetmaster.citizix.com puppetmaster

Confirm that the hostname reflects:

$ sudo hostnamectl
 Static hostname: puppetmaster.citizix.com
       Icon name: computer-vm
         Chassis: vm 🖴
      Machine ID: ec2ba5812817840dc124190c5a4e3524
         Boot ID: 9b1488d074ba40b98ed5c60223158af7
  Virtualization: amazon
Operating System: Rocky Linux 9.0 (Blue Onyx)
     CPE OS Name: cpe:/o:rocky:rocky:9::baseos
          Kernel: Linux 5.14.0-70.22.1.el9_0.x86_64
    Architecture: x86-64
 Hardware Vendor: Amazon EC2
  Hardware Model: t3.small

3. Disable SELinux

Edit the SELinux configuration using vim.

sudo vim /etc/sysconfig/selinux

Change the SELINUX value to ‘disabled’.

SELINUX=permissive

Save and exit. You will need to reboot for the changes to apply. To apply the changes without rebooting, use this command:

sudo setenforce 0

4. Install Puppet Server

Enabling the Puppet platform repository makes the components needed for installation available on your system.

sudo dnf install https://yum.puppet.com/puppet7-release-el-9.noarch.rpm

Puppet Server is a required application that runs on the Java Virtual Machine (JVM) on the primary server.

In addition to hosting endpoints for the certificate authority service, Puppet Server also powers the catalog compiler, which compiles configuration catalogs for agent nodes, using Puppet code and various other data sources.

In this section, you will install the puppetserver package and start the service.

Install the Puppet Server package

sudo dnf install puppetserver

Type y then press enter to confirm the install.

5. Configure Puppet Master and Agent

After the installation is complete, we need to configure the memory allocation for puppetserver. We will set the max memory allocation for puppetserver to 1GB.

Edit the ‘puppetserver’ configuration using vim.

sudo vim /etc/sysconfig/puppetserver

Now change the line as below, then save and exit.

JAVA_ARGS="-Xms1g -Xmx1g ..."

Define Puppet Master FQDN and DNS alternative names:

sudo vim /etc/puppetlabs/puppet/puppet.conf

Add the DNS settings under the _[server] _section.

[server]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
dns_alt_names=puppetmaster.citizix,puppetmaster

Add main section – this is the puppet agent configs.

[main]
certname = puppetmaster.citizix.com
server = puppetmaster.citizix.com
environment = production
runinterval = 30m

6. Starting and enabling puppet service

Once the in stallation and configuration is done, we can start the puppet server using this command:

sudo systemctl start puppetserver

Check status of puppetserver using this command:

$ sudo systemctl status puppetserver
● puppetserver.service - puppetserver Service
   Loaded: loaded (/usr/lib/systemd/system/puppetserver.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2021-11-04 18:47:34 UTC; 1min 0s ago
  Process: 132886 ExecStart=/opt/puppetlabs/server/apps/puppetserver/bin/puppetserver start (code=exited, status=0/SUCCESS)
 Main PID: 132913 (java)
    Tasks: 45 (limit: 4915)
   Memory: 988.9M
   CGroup: /system.slice/puppetserver.service
           └─132913 /usr/bin/java -Xms2g -Xmx2g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger -XX:OnOutOfMemoryError=kill -9 %p -XX:ErrorFile=/var/log/puppetlabs/puppetserver/puppetserver_err_pid%p.log -cp /opt/puppet>

Nov 04 18:47:09 puppetmaster.citizix.com systemd[1]: Starting puppetserver Service...
Nov 04 18:47:34 puppetmaster.citizix.com systemd[1]: Started puppetserver Service.

Check if you installed the Puppet Server correctly, by running: puppetserver -v

# puppetserver -v
puppetserver version: 7.4.1

Now you can enable puppet server to always start on boot:

sudo systemctl enable puppetserver

7. Open Service Port on the firewall

With the service started, open the port on the firewall so you can access the server from the network. This is only needed if you enforce firewall rules and you have firewalld installed.

sudo firewall-cmd --add-port=8140/tcp --permanent
sudo firewall-cmd --reload

8. Add Puppet Binary folder to $PATH

Puppet binaries are located in /opt/puppetlabs/bin. This directory by default is not in your $PATH.

echo 'export PATH=$PATH:/opt/puppetlabs/bin' | tee -a ~/.bashrc
source ~/.bashrc

9. Start the Puppet client

Let’s start puppet agent service as we’ll use it for some testing.

Let us register the puppet agent to the puppet master.

Start puppet agent:

sudo systemctl start puppet

Check the status using this command:

$ sudo systemctl status puppet
● puppet.service - Puppet agent
   Loaded: loaded (/usr/lib/systemd/system/puppet.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2021-11-05 07:37:08 UTC; 15s ago
 Main PID: 142622 (puppet)
    Tasks: 1 (limit: 23168)
   Memory: 52.6M
   CGroup: /system.slice/puppet.service
           └─142622 /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/puppet agent --no-daemonize

Nov 05 07:37:08 puppetmaster.citizix.com systemd[1]: Started Puppet agent.
Nov 05 07:37:09 puppetmaster.citizix.com puppet-agent[142622]: Starting Puppet client version 7.12.0
Nov 05 07:37:11 puppetmaster.citizix.com puppet-agent[142623]: Applied catalog in 0.02 seconds

10. Verify the Puppet Agent Configuration

After the puppet master signed the certificate file for the agent, run command below on the puppet agent to verify the configuration

# puppet agent --test
Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppetmaster.citizix.com
Info: Applying configuration version '1636097982'
Notice: Applied catalog in 0.02 seconds

The Puppet agent pulled the configuration from the puppet master and applied to the server without any error.

11. Create Simple Manifest to Deploy Nginx

With the puppet master and agent installation and configuration complete, let us create a simple manifest for testing. We will create a manifest to install Nginx web server.

The puppet manifess will be stored in the environment specific directory in the /etc/puppetlabs/code/environments/<env> path. We have defined production in our case so let’s switch to the production manifests directory using this:

cd /etc/puppetlabs/code/environments/production/manifests

Create new manifest file.

vim site.pp

Paste the following configuration.

node 'puppetmaster.citizix.com' {
     package { 'nginx':
         ensure  => "installed",
     }
     service { 'nginx':
         ensure => running,
         enable => true
     }
 }

Save and exit.

Now open the puppet agent server shell and run the command below.

puppet agent -t

The command will retrieve new manifest configuration file from the puppet master and then apply it to the agent server.

Following is the result.

# puppet agent --test

Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppetmaster.citizix.com
Info: Applying configuration version '1636098770'
Notice: /Stage[main]/Main/Node[puppetmaster.citizix.com]/Package[nginx]/ensure: created
Notice: /Stage[main]/Main/Node[puppetmaster.citizix.com]/Service[nginx]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Main/Node[puppetmaster.citizix.com]/Service[nginx]: Unscheduling refresh on Service[nginx]
Notice: Applied catalog in 57.25 seconds

You can check Nginx using this command:

# sudo systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2021-11-05 07:53:49 UTC; 57s ago
 Main PID: 144600 (nginx)
    Tasks: 3 (limit: 23168)
   Memory: 6.1M
   CGroup: /system.slice/nginx.service
           ├─144600 nginx: master process /usr/sbin/nginx
           ├─144602 nginx: worker process
           └─144603 nginx: worker process

Nov 05 07:53:49 puppetmaster.citizix.com systemd[1]: Starting The nginx HTTP and reverse proxy server...
Nov 05 07:53:49 puppetmaster.citizix.com nginx[144528]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Nov 05 07:53:49 puppetmaster.citizix.com nginx[144528]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Nov 05 07:53:49 puppetmaster.citizix.com systemd[1]: Started The nginx HTTP and reverse proxy server.

The nginx web server has been installed using the puppet manifest.

Conclusion

We managed to install and configure the Puppet Master and Puppet Agent on Rocky Linux/Alma Linux 9 Server successfully.