Now that CentOS 8 & RHEL 8 Linux distributions are available for production use, how can one Install Puppet Master & Puppet Agent on CentOS 8 / RHEL 8?. Puppet is one of the leading, widely adopted Automation and configuration management engine for Linux, Unix and Windows systems. Puppet uses an agent-master or the client-server architecture, but self-contained architecture can be done.
Puppet allows you to automate how your teams enforce state, secure, and deliver infrastructure faster. If it takes you days to add users to the system, install packages required by Developers, or update server configurations to match desired state, then welcome to Puppet.
Puppet server and Agent packages are distributed on a YUM repository, that is supported and updated by Puppet. Use our guide to install Puppet Master & Puppet Agent on CentOS 8 / RHEL 8 Linux system.
Setup requirements
These are the minimum hardware requirements.
- 2 CentOS 8 / RHEL 8 Linux distributions – Master & Agent
- 4GB of RAM on Master
- 2vcpus on Master
- At least 10GB disk space
- sudo access
Once you’ve satisfied the hardware and software requirements, follow the steps below to install Puppet on RHEL 8 / CentOS 8.
Step 1: Update System
Start the setup from an updated Linux system.
sudo dnf -y update
As Kernel updates are sometimes installed when upgrade is done, it is a good practice to reboot your machine.
sudo reboot
Step 2: Add Puppet YUm repository
We’ll install Puppet packages from the project official YUM repository. I’ll add EPEL repository and Puppet repository.
sudo dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo dnf -y install https://yum.puppetlabs.com/puppet-release-el-8.noarch.rpm
Step 3: Install Puppet Master on CentOS 8 / RHEL 8
The package installed on Puppet Master/Server machine is different from the one installed on the Managed Nodes(Agent). The package required on Puppet Master nodes is puppetserver
. Install this package by running the command below:
sudo dnf -y install puppetserver
Required dependencies such as Java will be installed automatically.
After installation, don’t start the services, just open service port on the firewall.
sudo firewall-cmd --add-port=8140/tcp --permanent
sudo firewall-cmd --reload
Step 4: Configure a Puppet Master Server on CentOS 8 / RHEL 8
After you’ve installed Puppet on Master Server(s), the configuration can be done.
Set proper server hostname:
sudo hostnamectl set-hostname puppetmaster.geeksforgeeks.org --static
sudo hostnamectl set-hostname puppetmaster.geeksforgeeks.org --transient
logout
Add server hostname and IP to /etc/hosts file.
$ sudo vi /etc/hosts
10.10.1.152 puppetmaster.geeksforgeeks.org puppetmaster
Login and confirm hostname configuration.
$ hostnamectl
Static hostname: puppetmaster.geeksforgeeks.org
Icon name: computer-vm
Chassis: vm
Machine ID: c0d6dc5d688e4304baca26862df123cc
Boot ID: f3b99e71ee7743c8b9a67df4c82fa364
Virtualization: kvm
Operating System: CentOS Linux 8 (Core)
CPE OS Name: cpe:/o:centos:centos:8
Kernel: Linux 4.18.0-80.7.1.el8_0.x86_64
Architecture: x86-64
Set Correct time / NTP
Set timezone.
sudo timedatectl set-timezone Africa/Nairobi
Then configure NTP.
Set Memory Limits
The default memory memory allocation for Puppet Java process is 2gb, this can be changed on the /etc/sysconfig/puppetserver
file. Replace 2g with the amount of memory you want to allocate to Puppet Server.
Example below sets limit to 1GB.
$ sudo vi /etc/sysconfig/puppetserver
......
JAVA_ARGS="-Xms1g -Xmx1g ...."
Set Puppet Master DNS names
When you create the puppet master’s certificate, you must include every DNS name at which agent nodes might try to contact the master.
Add the dns_alt_names line under [master] block section.
$ sudo vi /etc/puppetlabs/puppet/puppet.conf
[master]
dns_alt_names = puppetmaster,puppetmaster.geeksforgeeks.org,puppetmaster01
.....
Add the [main] section with servername and default environment.
[main]
certname = puppetmaster.geeksforgeeks.org
server = puppetmaster.geeksforgeeks.org
environment = production
Create the CA certificate and the puppet master certificate
After updating DNS names, run the command below to generate the CA certificate and puppet master certificates with the appropriate DNS names.
$ sudo su -
# puppetserver ca setup
Generation succeeded. Find your files in /etc/puppetlabs/puppet/ssl/ca
Start and set puppetserver service to start at system startup.
sudo systemctl enable --now puppetserver
If installation and configuration was done right, the service should be started.
$ systemctl status puppetserver
● puppetserver.service - puppetserver Service
Loaded: loaded (/usr/lib/systemd/system/puppetserver.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2022-02-24 01:56:04 EAT; 1min 36s ago
Process: 14297 ExecStart=/opt/puppetlabs/server/apps/puppetserver/bin/puppetserver start (code=exited, status=0/SUCCESS)
Main PID: 14322 (java)
Tasks: 42 (limit: 4915)
Memory: 695.0M
CGroup: /system.slice/puppetserver.service
└─14322 /usr/bin/java -Xms1g -Xmx1g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger -XX:OnOutOfMemoryError=kill -9 %p -XX:ErrorFile=/var/log/puppetlabs/puppetserver/pup>
Feb 24 01:55:18 puppetmaster.geeksforgeeks.org systemd[1]: Starting puppetserver Service...
Feb 24 01:56:04 puppetmaster.geeksforgeeks.org systemd[1]: Started puppetserver Service.
Step 4: Configure a Puppet Agent on CentOS 8 / RHEL 8
On your second server – Machine to be managed, install Puppet Agent.
sudo dnf -y install https://yum.puppetlabs.com/puppet-release-el-8.noarch.rpm
sudo dnf -y install puppet-agent
Add Puppet server DNS name and IP to /etc/hosts file.
$ sudo vi /etc/hosts
10.10.1.152 puppetmaster.geeksforgeeks.org puppetmaster
Configure Puppet Agent
Add the [main] section with servername and default environment.
[main]
certname = puppet-agent.novalocal
server = puppetmaster.geeksforgeeks.org
environment = production
Check connection from Agent to puppet master.
$ puppet agent --test --ca_server=puppetmaster.geeksforgeeks.org
Your output should look similar to below.
Login to the Master server and accept certificate from Puppet Client.
# puppetserver ca list
Requested Certificates:
puppet-agent.novalocal (SHA256) 21:81:3B:11:7A:A7:9D:37:21:5C:23:91:60:5D:CF:BB:4F:BC:61:1E:C8:9F:28:5F:93:53:D2:A6:31:21:B7:27
Sign the certificate.
# puppetserver ca sign --certname puppet-agent.novalocal
Successfully signed certificate request for puppet-agent.novalocal
# puppetserver ca list
No certificates to list
Step 5: Create Test Manifest on Puppet Master
Create a new puppet file.
sudo vi /etc/puppetlabs/code/environments/production/manifests/mytest.pp
Add below contents.
package { 'nginx':
provider => yum,
ensure => installed,
}
file { '/tmp/mypuppettest.txt':
ensure => file,
content => 'This is my puppet testing file.',
}
On the client, run:
sudo systemctl restart puppet
It is possible to run puppet manifest locally.
# puppet apply /etc/puppetlabs/code/environments/production/manifests/mytest.pp
Notice: Compiled catalog for puppetmaster.geeksforgeeks.org in environment production in 0.41 seconds
Notice: /Stage[main]/Main/Package[nginx]/ensure: created
Notice: Applied catalog in 3.95 seconds
You have installed Puppet Master & Configured Puppet agent on a CentOS / RHEL Linux server. Read more on Puppet Documentation to get all the skills needed to manage Puppet Server and all your Infrastructure automation.
Related guides:
- Install Ansible on RHEL / CentOS 8
- Install Chef Server on RHEL / CentOS 8
- Install Chef Workstation on RHEL / CentOS 8
- Automate simple repetitive tasks with Ansible
- Getting started with Chef Knife and Cookbooks