How to Install Puppet 7 Server on Rocky Linux/Alma Linux 8

In this guide, we are going to install Puppet 7 Server Open Source in Rocky Linux/Centos 8 Server. We will set up a Puppet server and an agent and install nginx using puppet manifests.

Puppet is a software configuration management tool which includes its own declarative language to describe system configuration. It is a model-driven solution that requires limited programming knowledge to use.  Puppet operates in an agent-master architecture, in which a master node controls configuration information for a fleet of managed agent nodes.

Puppet is distributed in several packages. These include puppetserverpuppet-agent and puppetdb. Puppet Server controls the configuration information for one or more managed agent nodes. PuppetDB is where the data generated by Puppet is stored.

Prerequisites

To follow along, ensure that you have:

  • Updated Rocky Linux Puppet Server and Puppet Agent machine
  • Root access to the servers
  • Internet access from the server
  • Knowledge of Linux terminal

Table of Content

  1. Ensuring the servers are up to date
  2. Set up Hostname
  3. Disable SELinux
  4. Installing Puppet
  5. Configure puppet master and agent
  6. Starting and enabling puppet service
  7. Open Service Port on the firewall
  8. Add Puppet Binary folder to $PATH
  9. Start the Puppet client
  10. Verify the Puppet Agent Configuration
  11. Create Simple Manifest to Deploy Nginx

1. Ensuring the servers are up to date

Before proceeding let us ensure that the server packages are up to date with the following command:

sudo dnf -y update

2. Set up Hostname

Puppet uses server hostnames to push manifests to the nodes. Connect to the puppet master.

The set up hostname:

sudo hostnamectl set-hostname <meta charset="utf-8">puppetmaster.citizix.com

Ensure the hostname has proper DNS record and also update_ /etc/hosts_ file.

sudo vim /etc/hosts

Add this content:

10.2.40.54 puppetmaster.citizix.com puppetmaster

Confirm that the hostname reflects:

$ sudo hostnamectl
   Static hostname: puppetmaster.citizix.com
         Icon name: computer-vm
           Chassis: vm
        Machine ID: ee3563997878469ebfcc3f721aec3c66
           Boot ID: 2f916497602e4ecabe551a72b3f4ad74
    Virtualization: kvm
  Operating System: Rocky Linux 8.4 (Green Obsidian)
       CPE OS Name: cpe:/o:rocky:rocky:8.4:GA
            Kernel: Linux 4.18.0-305.3.1.el8_4.x86_64
      Architecture: x86-64

3. Disable SELinux

Edit the SELinux configuration using vim.

vim /etc/sysconfig/selinux

Change the SELINUX value to ‘disabled’.

SELINUX=permissive

Save and exit. You will need to reboot for the changes to apply. To apply the changes without rebooting, use this command:

sudo setenforce 0

4. Install Puppet Server

Enabling the Puppet platform repository makes the components needed for installation available on your system.

sudo dnf install https://yum.puppet.com/puppet7-release-el-8.noarch.rpm

Puppet Server is a required application that runs on the Java Virtual Machine (JVM) on the primary server.

In addition to hosting endpoints for the certificate authority service, Puppet Server also powers the catalog compiler, which compiles configuration catalogs for agent nodes, using Puppet code and various other data sources.

In this section, you will install the puppetserver package and start the service.

Install the Puppet Server package

sudo dnf install -y puppetserver

5. Configure Puppet Master and Agent

After the installation is complete, we need to configure the memory allocation for puppetserver. We will set the max memory allocation for puppetserver to 1GB.

Edit the ‘puppetserver’ configuration using vim.

sudo vim /etc/sysconfig/puppetserver

Now change the line as below, then save and exit.

JAVA_ARGS="-Xms1g -Xmx1g ..."

Define Puppet Master FQDN and DNS alternative names:

sudo vim /etc/puppetlabs/puppet/puppet.conf

Add the DNS settings under the _[server] _section.

[server]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
dns_alt_names=puppetmaster.citizix,puppetmaster

Add main section – this is the puppet agent configs.

[main]
certname = puppetmaster.citizix.com
server = puppetmaster.citizix.com
environment = production
runinterval = 30m

6. Starting and enabling puppet service

Once the in stallation and configuration is done, we can start the puppet server using this command:

sudo systemctl start puppetserver

Check status of

puppetserver using this command:

$ sudo systemctl status puppetserver
● puppetserver.service - puppetserver Service
   Loaded: loaded (/usr/lib/systemd/system/puppetserver.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2021-11-04 18:47:34 UTC; 1min 0s ago
  Process: 132886 ExecStart=/opt/puppetlabs/server/apps/puppetserver/bin/puppetserver start (code=exited, status=0/SUCCESS)
 Main PID: 132913 (java)
    Tasks: 45 (limit: 4915)
   Memory: 988.9M
   CGroup: /system.slice/puppetserver.service
           └─132913 /usr/bin/java -Xms2g -Xmx2g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger -XX:OnOutOfMemoryError=kill -9 %p -XX:ErrorFile=/var/log/puppetlabs/puppetserver/puppetserver_err_pid%p.log -cp /opt/puppet>

Nov 04 18:47:09 puppetmaster.citizix.com systemd[1]: Starting puppetserver Service...
Nov 04 18:47:34 puppetmaster.citizix.com systemd[1]: Started puppetserver Service.

Check if you installed the Puppet Server correctly, by running: puppetserver -v

# puppetserver -v
puppetserver version: 7.4.1

Now you can enable puppet server to always start on boot:

<meta charset="utf-8">sudo systemctl enable puppetserver

7. Open Service Port on the firewall

With the service started, open the port on the firewall so you can access the server from the network. This is only needed if you enforce firewall rules and you have firewalld installed.

sudo firewall-cmd --add-port=8140/tcp --permanent
sudo firewall-cmd --reload

8. Add Puppet Binary folder to $PATH

Puppet binaries are located in /opt/puppetlabs/bin. This directory by default is not in your $PATH.

echo 'export PATH=$PATH:/opt/puppetlabs/bin' | tee -a ~/.bashrc
source ~/.bashrc

9. Start the Puppet client

Let’s start puppet agent service as we’ll use it for some testing.

Let us register the puppet agent to the puppet master.

Start puppet agent:

sudo systemctl start puppet

Check the status using this command:

$ sudo systemctl status puppet
● puppet.service - Puppet agent
   Loaded: loaded (/usr/lib/systemd/system/puppet.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2021-11-05 07:37:08 UTC; 15s ago
 Main PID: 142622 (puppet)
    Tasks: 1 (limit: 23168)
   Memory: 52.6M
   CGroup: /system.slice/puppet.service
           └─142622 /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/puppet agent --no-daemonize

Nov 05 07:37:08 puppetmaster.citizix.com systemd[1]: Started Puppet agent.
Nov 05 07:37:09 puppetmaster.citizix.com puppet-agent[142622]: Starting Puppet client version 7.12.0
Nov 05 07:37:11 puppetmaster.citizix.com puppet-agent[142623]: Applied catalog in 0.02 seconds

10. Verify the Puppet Agent Configuration

After the puppet master signed the certificate file for the agent, run command below on the puppet agent to verify the configuration

# puppet agent --test
Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppetmaster.citizix.com
Info: Applying configuration version '1636097982'
Notice: Applied catalog in 0.02 seconds

The Puppet agent pulled the configuration from the puppet master and applied to the server without any error.

11. Create Simple Manifest to Deploy Nginx

With the puppet master and agent installation and configuration complete, let us create a simple manifest for testing. We will create a manifest to install Nginx web server.

The puppet manifess will be stored in the environment specific directory in the

/etc/puppetlabs/code/<meta charset="utf-8">environments/<env> path. We have defined production in our case so let’s switch to the production

manifests directory using this:
cd <meta charset="utf-8">/etc/puppetlabs/code/<meta charset="utf-8">environments/<meta charset="utf-8">production/manifests

Create new manifest file.

vim site.pp

Paste the following configuration.

node 'puppetmaster.citizix.com' {
     package { 'nginx':
         ensure  => "installed",
     }
     service { '


nginx':
         ensure => running,
         enable => true
     }
 }

Save and exit.

Now open the puppet agent server shell and run the command below.

puppet agent -t

The command will retrieve new manifest configuration file from the puppet master and then apply it to the agent server.

Following is the result.

# puppet agent --test

Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for <meta charset="utf-8">puppetmaster.citizix.com
Info: Applying configuration version '1636098770'
Notice: /Stage[main]/Main/Node[<meta charset="utf-8">puppetmaster.citizix.com]/Package[nginx]/ensure: created
Notice: /Stage[main]/Main/Node[<meta charset="utf-8">puppetmaster.citizix.com]/Service[nginx]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Main/Node[<meta charset="utf-8">puppetmaster.citizix.com]/Service[nginx]: Unscheduling refresh on Service[nginx]
Notice: Applied catalog in 57.25 seconds

You can check Nginx using this command:

# sudo systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2021-11-05 07:53:49 UTC; 57s ago
 Main PID: 144600 (nginx)
    Tasks: 3 (limit: 23168)
   Memory: 6.1M
   CGroup: /system.slice/nginx.service
           ├─144600 nginx: master process /usr/sbin/nginx
           ├─144602 nginx: worker process
           └─144603 nginx: worker process

Nov 05 07:53:49 <meta charset="utf-8">puppetmaster.citizix.com systemd[1]: Starting The nginx HTTP and reverse proxy server...
Nov 05 07:53:49 <meta charset="utf-8">puppetmaster.citizix.com nginx[144528]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Nov 05 07:53:49 <meta charset="utf-8">puppetmaster.citizix.com nginx[144528]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Nov 05 07:53:49 <meta charset="utf-8">puppetmaster.citizix.com systemd[1]: Started The nginx HTTP and reverse proxy server.

The nginx web server has been installed using the puppet manifest.

Conclusion

We managed to install and configure the Puppet Master and Puppet Agent on Rocky Linux/Centos 8 Server successfully.

Last updated on Oct 14, 2024 11:46 +0300
comments powered by Disqus
Citizix Ltd
Built with Hugo
Theme Stack designed by Jimmy