Install Puppet 7 Server and Agent on CentOS 7|RHEL 7

Welcome to this guide on how to install the Puppet 7 Server and Agent on CentOS 7|RHEL 7. Puppet is one of the automation tools just like Chef, Ansible, e.t.c. It is used to configure, manage and deploy applications. This tool, a product of Puppet Labs, was developed to help system admins and developers automate operations such as program installation, system management e.t.c

Puppet comprises of the following:

• Puppet master/server – This contains all the configuration information for the managed nodes. It handles all these configurations and related activities in form of codes.
• Puppet agent/slave – These are rela systems in the working environment. They are noded managed by the Puppet master and normally have the Puppet agent service running in them.
• PuppetDB – It collects and stored all the data generated by Puppet. It enables advanced features such as exported resources.

Below is an illustration of Puppet Architecture to make it easy to understand how these components relate.

The Master-Slave communication happens as shown.

The client-server configuration can be done in the following ways:

• Agent-master architecure – In this architecture, the Puppet master controls the nodes. Here, each of the managed nodes has bears own configuration information from the master. In this architecture, there might be more than one server running the Puppet master/Server application.
• Stand-alone architecture – In this architecture, the managed nodes have the copy of the configuration information. They compile the catalog on their own and run the Puppet apply application as a cron job.

Install Puppet 7 Server and Agent on CentOS 7 / RHEL 7

Having understood Puppet and its architecture, we will proceed to the nub of this matter.

Step 1 – Server preparation

For this guide, you will need the following hardware requirements

• 2 CentOS 7|RHEL 7 systems for Master and Agent
• Atleast 4GB RAM
• 2-4 Processor cores
• sudo access to the systems

Prepare the Servers

Update the systems and install the required packages:

sudo yum -y update
sudo yum install wget curl vim bash-completion

Set static hostnames on the servers as below.

##On the Puppet Master
sudo hostnamectl set-hostname puppetmaster.example.com --static

##On the Puppet agent
sudo hostnamectl set-hostname puppetnode.example.com --static

You also need to update the hosts’ file as below.

$ sudo vim /etc/hosts
192.168.205.20  puppetmaster.example.com puppetmaster
192.168.205.21  puppetnode.example.com puppetnode

For this guide, the two servers will be configured as below.

Step 2 – Configure Chrony NTP

The time between the Puppet master and agent must be synchronized. Install Chrony NTP packages on the servers.

sudo yum -y install chrony

Start and enable Chrony.

sudo systemctl enable --now chronyd

Now configure Chrony NTP

sudo timedatectl set-timezone Africa/Nairobi --adjust-system-clock
sudo timedatectl set-ntp yes

Verify the made changes

$ timedatectl 
      Local time: Tue 2023-06-06 03:18:43 EAT
  Universal time: Tue 2023-06-06 00:18:43 UTC
        RTC time: Tue 2023-06-06 00:18:42
       Time zone: Africa/Nairobi (EAT, +0300)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: n/a

Step 3 – Add Puppet 7 Repositories

Begin by adding the Epel repository to your system.

sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Now add the Puppet 7 Repositories on CentOS 7|RHEL 7.

sudo yum -y install https://yum.puppet.com/puppet-release-el-7.noarch.rpm

Step 4 – Install Puppet Master

Now on the set master node, install the Puppet Master from the added repository.

sudo yum install puppetserver

Dependency Tree:

....
Transaction Summary
================================================================================
Install  1 Package (+14 Dependent packages)

Total download size: 134 M
Installed size: 215 M
Is this ok [y/d/N]: y

Once installed, check the package information.

$ rpm -qi puppetserver 
Name        : puppetserver
Version     : 7.11.0
Release     : 1.el7
Architecture: noarch
Install Date: Tue 06 Jun 2023 03:19:41 AM EAT
Group       : System Environment/Daemons
Size        : 100176416
License     : ASL 2.0
Signature   : RSA/SHA256, Wed 05 Apr 2023 09:47:15 AM EAT, Key ID 4528b6cd9e61ef26
Source RPM  : puppetserver-7.11.0-1.el7.src.rpm
Build Date  : Wed 05 Apr 2023 09:43:53 AM EAT
Build Host  : k8s-jenkins-fpm-286fx
Relocations : /
Packager    : Puppet Labs <[email protected]>
Vendor      : Puppet Labs <[email protected]>
URL         : http://puppet.com
Summary     : Puppet Labs puppetserver
....

Step 5 – Configure Puppet Master 7

Once the installation is complete, proceed to the configuration. Open the puppet configuration file for editing.

sudo vim /etc/puppetlabs/puppet/puppet.conf

In the file, you need to define your Master FQDN and DNS alternative names:

[server]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
dns_alt_names=puppetmaster.example.com,puppetmaster,puppetserver

[main]
certname = puppetmaster.example.com
server = puppetmaster.example.com
environment = production
runinterval = 1h

Proceed and adjust the memory allocation if the available system memory is less than 4GB. Normally the default allocated value is 2GB

$ sudo vi /etc/sysconfig/puppetserver
JAVA_ARGS="-Xms1g -Xmx1g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"

After the above configurations, start and enable the Puppet server.

sudo systemctl start puppetserver
sudo systemctl enable puppetserver

Check the status of the service.

$ systemctl status puppetserver
● puppetserver.service - puppetserver Service
   Loaded: loaded (/usr/lib/systemd/system/puppetserver.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2022-03-08 12:08:09 EAT; 18s ago
 Main PID: 1992 (java)
   CGroup: /system.slice/puppetserver.service
           └─1992 /usr/bin/java -Xms1g -Xmx1g -Djruby.logger.class=com.puppet..

Allow the Puppet service port through the firewall.

sudo firewall-cmd --add-port=8140/tcp --permanent
sudo firewall-cmd --reload

Step 6 – Install Puppet Agent 7

The added repository still provides the Puppet Agent 7 for CentOS 7|RHEL 7. Now on the Puppet Agent node, install the Puppet agent package as below.

sudo yum install puppet-agent

Dependency Tree:

Transaction Summary
=======================================
Install  1 Package

Total download size: 24 M
Installed size: 24 M
Is this ok [y/d/N]: y

Once installed, configure the Puppet agent.

sudo vim /etc/puppetlabs/puppet/puppet.conf

In the file, make the below changes.

[main]
server = puppetmaster.example.com

Start and enable the Puppet agent service.

sudo systemctl restart puppet
sudo systemctl enable puppet

Step 7 – Connect Puppet Agent to Puppet Server

First, generate certificates from your Puppet agent for the Master to sign.

sudo /opt/puppetlabs/bin/puppet agent -t

Sample Output:

There is an error in the output above since the generated certificates need to be signed by the Puppet Master. Now on the Puppet master, list the Puppet agent nodes and certificates with the command:

sudo /opt/puppetlabs/bin/puppetserver ca list

Sample Output:

Requested Certificates:
    puppetnode.example.com      (SHA256)  04:D7:E6:97:29:D8:7E:13:A4:5A:5B:F0:DF:E1:A7:81:0E:33:15:25:6A:24:2F:DE:F6:4F:DA:00:EC:4C:54:DA

Now sign the certificate for the listed puppet.agent-node using the command:

$ sudo /opt/puppetlabs/bin/puppetserver ca sign --certname puppetnode.example.com
Successfully signed certificate request for puppetnode.example.com

Now back to the Puppet Agent, sign the certificates again using the first command:

sudo /opt/puppetlabs/bin/puppet agent -t

Execution output:

It should now be successful as above.

Step 8 – Create First Manifest

In order to test the Puppet 7 Server-Agent Communication, we need to create and run a manifest.

Now on the Puppet server, we will create a test manifest to install the Apache webserver as below

sudo vim /etc/puppetlabs/code/environments/production/manifests/init.pp

In the opened file, add the below content.

class httpd {
  package { 'httpd':
    ensure => installed,
  }

  service { 'httpd':
    ensure  => true,
    enable  => true,
    require => Package['httpd'],
  }
}

Create a site.pp file.

sudo vim /etc/puppetlabs/code/environments/production/manifests/site.pp

This file will have the Puppet agent FQDN as below.

node 'puppetnode.example.com' {
   include httpd
}

Save the file and run the manifest on the Puppet Agent

sudo /opt/puppetlabs/bin/puppet agent -t

Execution output:

Voilà!

At this point, it is safe to conclude that the Puppet 7 Server-Agent setup is working perfectly.

Interested in more?

• Install Puppet 7 Server on CentOS 8|RHEL 8|Rocky Linux 8
• Install Puppet Master and Agent on Ubuntu
• How To Install Chef Infra Server on Debian