In this guide, we are going to install Puppet 8 Server Open Source in Rocky Linux/Centos 8 Server. We will set up a Puppet server and an agent and install nginx using puppet manifests.
Puppet is a software configuration management tool which includes its own declarative language to describe system configuration. It is a model-driven solution that requires limited programming knowledge to use. Puppet operates in an agent-master architecture, in which a master node controls configuration information for a fleet of managed agent nodes.
Puppet is distributed in several packages. These include puppetserver, puppet-agent and puppetdb. Puppet Server controls the configuration information for one or more managed agent nodes. PuppetDB is where the data generated by Puppet is stored.
Related Content
Prerequisites
To follow along, ensure that you have:
- Updated Rocky Linux 9 Puppet Server and Puppet Agent machine
- Root access to the servers
- Internet access from the server
- Knowledge of Linux terminal
Ensuring the servers are up to date
Before proceeding let us ensure that the server packages are up to date with the following command:
Also install required packages:
1
| sudo dnf install -y vim
|
Set up Hostname
Puppet uses server hostnames to push manifests to the nodes. Connect to the puppet master.
The set up hostname:
1
| sudo hostnamectl set-hostname puppetmaster.citizix.com
|
Ensure the hostname has proper DNS record and also update /etc/hosts file.
Add this content:
1
| 10.10.26.147 puppetmaster.citizix.com puppetmaster
|
Confirm that the hostname reflects:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| $ sudo hostnamectl
Static hostname: puppetmaster.citizix.com
Icon name: computer-vm
Chassis: vm 🖴
Machine ID: b4755196148c45b3bd8ab5cae8d30704
Boot ID: 72db802f54fb42059651d746580be0eb
Virtualization: xen
Operating System: Rocky Linux 9.5 (Blue Onyx)
CPE OS Name: cpe:/o:rocky:rocky:9::baseos
Kernel: Linux 5.14.0-503.14.1.el9_5.x86_64
Architecture: x86-64
Hardware Vendor: Xen
Hardware Model: HVM domU
Firmware Version: 4.11.amazon
|
Disable SELinux
Edit the SELinux configuration using vim.
1
| sudo vim /etc/sysconfig/selinux
|
Change the SELINUX value to disabled or permisive.
Save and exit. You will need to reboot for the changes to apply. To apply the changes without rebooting, use this command:
Install Puppet Server
Enabling the Puppet platform repository makes the components needed for installation available on your system.
1
| sudo dnf install https://yum.puppet.com/puppet8-release-el-9.noarch.rpm
|
Puppet Server is a required application that runs on the Java Virtual Machine (JVM) on the primary server.
In addition to hosting endpoints for the certificate authority service, Puppet Server also powers the catalog compiler, which compiles configuration catalogs for agent nodes, using Puppet code and various other data sources.
In this section, you will install the puppetserver package and start the service.
Install the Puppet Server package
1
| sudo dnf install puppetserver
|
Type y then press enter to confirm the install.
After the installation is complete, we need to configure the memory allocation for puppetserver. We will set the max memory allocation for puppetserver to 1GB.
Edit the puppetserver configuration using vim.
1
| sudo vim /etc/sysconfig/puppetserver
|
Now change the line as below, then save and exit.
1
| JAVA_ARGS="-Xms1g -Xmx1g ..."
|
Define Puppet Master FQDN and DNS alternative names:
1
| sudo vim /etc/puppetlabs/puppet/puppet.conf
|
Add the DNS settings under the [server] section.
1
2
3
4
5
6
7
| [server]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
dns_alt_names=puppetmaster.citizix,puppetmaster
|
Add main section - this is the puppet agent configs.
1
2
3
4
5
| [main]
certname = puppetmaster.citizix.com
server = puppetmaster.citizix.com
environment = production
runinterval = 30m
|
Starting and enabling puppet service
Once the in stallation and configuration is done, we can start the puppet server using this command:
1
| sudo systemctl start puppetserver
|
Check status of puppetserver using this command:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| $ sudo systemctl status puppetserver
● puppetserver.service - puppetserver Service
Loaded: loaded (/usr/lib/systemd/system/puppetserver.service; disabled; preset: disabled)
Active: active (running) since Sat 2024-12-14 12:05:39 UTC; 3min 2s ago
Process: 35334 ExecStart=/opt/puppetlabs/server/apps/puppetserver/bin/puppetserver start (code=exited, status=0/SUCCESS)
Main PID: 35385 (java)
Tasks: 49 (limit: 4915)
Memory: 728.3M
CPU: 40.976s
CGroup: /system.slice/puppetserver.service
└─35385 /usr/bin/java --add-opens java.base/sun.nio.ch=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED -Xms1g -Xmx1g -Djruby.>
Dec 14 12:05:38 puppetmaster.citizix.com puppetserver[35385]: 12:05:38,777 |-INFO in ch.qos.logback.access.joran.JoranConfigurator@73ab859e - Re>
Dec 14 12:05:39 puppetmaster.citizix.com systemd[1]: Started puppetserver Service.
|
Check if you installed the Puppet Server correctly, by running: puppetserver -v
1
2
3
| $ puppetserver -v
puppetserver version: 8.7.0
|
Now you can enable puppet server to always start on boot:
1
| sudo systemctl enable puppetserver
|
Open Service Port on the firewall
With the service started, open the port on the firewall so you can access the server from the network. This is only needed if you enforce firewall rules and you have firewalld installed.
1
2
| sudo firewall-cmd --add-port=8140/tcp --permanent
sudo firewall-cmd --reload
|
Add Puppet Binary folder to $PATH
Puppet binaries are located in /opt/puppetlabs/bin. This directory by default is not in your $PATH.
1
2
| echo 'export PATH=$PATH:/opt/puppetlabs/bin' | tee -a ~/.bashrc
source ~/.bashrc
|
Start the Puppet client
Let’s start puppet agent service as we’ll use it for some testing.
Let us register the puppet agent to the puppet master.
Start puppet agent:
1
| sudo systemctl start puppet
|
Check the status using this command:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
| $ sudo systemctl status puppet
● puppet.service - Puppet agent
Loaded: loaded (/usr/lib/systemd/system/puppet.service; disabled; preset: disabled)
Active: active (running) since Sat 2024-12-14 12:11:00 UTC; 5s ago
Docs: man:puppet-agent(8)
Main PID: 35596 (puppet)
Tasks: 5 (limit: 10864)
Memory: 115.8M
CPU: 2.370s
CGroup: /system.slice/puppet.service
├─35596 /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/puppet agent --no-daemonize
└─35597 "puppet agent: applying configuration"
Dec 14 12:11:00 puppetmaster.citizix.com systemd[1]: Started Puppet agent.
Dec 14 12:11:01 puppetmaster.citizix.com puppet-agent[35596]: Starting Puppet client version 8.10.0
Dec 14 12:11:04 puppetmaster.citizix.com puppet-agent[35597]: Requesting catalog from puppetmaster.citizix.com:8140 (10.10.26.147)
Dec 14 12:11:05 puppetmaster.citizix.com puppet-agent[35597]: Catalog compiled by puppetmaster.citizix.com
Dec 14 12:11:05 puppetmaster.citizix.com puppet-agent[35597]: Applied catalog in 0.03 seconds
|
Verify the Puppet Agent Configuration
After the puppet master signed the certificate file for the agent, run command below on the puppet agent to verify the configuration
1
2
3
4
5
6
7
8
9
10
| # puppet agent --test
Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Notice: Requesting catalog from puppetmaster.citizix.com:8140 (10.10.26.147)
Notice: Catalog compiled by puppetmaster.citizix.com
Info: Caching catalog for puppetmaster.citizix.com
Info: Applying configuration version '1734178301'
Notice: Applied catalog in 0.02 seconds
|
The Puppet agent pulled the configuration from the puppet master and applied to the server without any error.
Create Simple Manifest to Deploy Nginx
With the puppet master and agent installation and configuration complete, let us create a simple manifest for testing. We will create a manifest to install Nginx web server.
The puppet manifess will be stored in the environment specific directory in the /etc/puppetlabs/code/environments/<env> path. We have defined production in our case so let’s switch to the production manifests directory using this:
1
| cd /etc/puppetlabs/code/environments/production/manifests
|
Create new manifest file.
Paste the following configuration.
1
2
3
4
5
6
7
8
9
10
| node 'puppetmaster.citizix.com' {
package { 'nginx':
ensure => "installed",
}
service { 'nginx':
ensure => running,
enable => true
}
}
|
Save and exit.
Now open the puppet agent server shell and run the command below.
The command will retrieve new manifest configuration file from the puppet master and then apply it to the agent server.
Following is the result.
1
2
3
4
5
6
7
8
9
10
11
12
13
| # puppet agent --test
Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Notice: Requesting catalog from puppetmaster.citizix.com:8140 (10.10.26.147)
Notice: Catalog compiled by puppetmaster.citizix.com
Info: Caching catalog for puppetmaster.citizix.com
Info: Applying configuration version '1734178389'
Notice: /Stage[main]/Main/Node[puppetmaster.citizix.com]/Package[nginx]/ensure: created
Notice: /Stage[main]/Main/Node[puppetmaster.citizix.com]/Service[nginx]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Main/Node[puppetmaster.citizix.com]/Service[nginx]: Unscheduling refresh on Service[nginx]
Notice: Applied catalog in 3.72 seconds
|
You can check Nginx using this command:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| # systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; preset: disabled)
Active: active (running) since Sat 2024-12-14 12:13:17 UTC; 29s ago
Main PID: 35970 (nginx)
Tasks: 2 (limit: 10864)
Memory: 2.0M
CPU: 21ms
CGroup: /system.slice/nginx.service
├─35970 "nginx: master process /usr/sbin/nginx"
└─35972 "nginx: worker process"
Dec 14 12:13:17 puppetmaster.citizix.com systemd[1]: Starting The nginx HTTP and reverse proxy server...
Dec 14 12:13:17 puppetmaster.citizix.com nginx[35968]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Dec 14 12:13:17 puppetmaster.citizix.com nginx[35968]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Dec 14 12:13:17 puppetmaster.citizix.com systemd[1]: Started The nginx HTTP and reverse proxy server.
|
The nginx web server has been installed using the puppet manifest.
Conclusion
We managed to install and configure the Puppet Master and Puppet Agent on Rocky Linux/Alma Linux 9 Server successfully.