A simple way to install and configure puppet on CentOS 6

A simple way to install and configure puppet on CentOS 6

Puppet is an automation tool which allows you to automate the configuration of software like apache and nginx across multiple servers.

Puppet installation
In this tutorial we will be installing Puppet in the Puppet/Agent mode.You can install it in a Stand Alone mode as well.

OS & software Versions
Centos 6.5
Linux kernel 2.6.32
Puppet 3.6.2

Let’s get to it then.

Puppet server configuration

#Add Puppet repos 
[user@puppet ~]# sudo rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm

[user@puppet ~]# sudo yum install puppet-server

# Add your puppet server hostnames to the conf file under the [main] section
[user@puppet ~]# sudo vim /etc/puppet/puppet.conf

 dns_alt_names = puppet,puppet.yourserver.com

[user@puppet ~]# sudo  service puppetmaster start 

Puppet listens on port no 8140, ensure to unblock it in CSF or your firewall.

Puppet client configuration

#Add Puppet repos 
[user@client ~]# sudo rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm

[user@client ~]# sudo yum install puppet

#Open the conf file and add the puppet server hostname 
[user@client ~]#sudo vim /etc/puppet/puppet.conf
[main]
# The puppetmaster server
server=puppet.yourserver.com



[user@client ~]# sudo service puppet start

In the log file you should see the following lines.

info: Creating a new SSL key for vps.client.com
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for agent1.localdomain
info: Certificate Request fingerprint (md5): FD:E7:41:C9:5C:B7:5C:27:11:0C:8F:9C:1D:F6:F9:46
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled

Puppet uses SSL to communicate with it’s clients, when you start puppet on a client, it will automatically connect to the puppet server in it’s conf file and request for it’s certificate to be signed.

On the puppet server run

[user@puppet ~]# sudo  puppet cert list
vps.client.com (FD:E7:41:C9:2C:B7:5C:27:11:0C:8F:9C:1D:F6:F9:46)

[user@puppet ~]# sudo  puppet cert sign vps.client.com
notice: Signed certificate request for vps.client.com
notice: Removing file Puppet::SSL::CertificateRequest vps.client.com at '/etc/puppetlabs/puppet/ssl/ca/requests/vps.client.pem'

Now our client server “vps.client.com” is authorized to fetch and apply configurations from the puppet server. To understand how puppet ssl works and to troubleshoot any issues you can read http://docs.puppetlabs.com/learning/agent_master_basic.html

Let’s look at a sample puppet configuration.

Installing apache web server with puppet
Although puppet server configuration is stored in “/etc/puppet/puppet.conf”, client configurations are stored in files called manifests.

#On the puppet server run
[user@puppet ~]# sudo vim /etc/puppet/manifests/site.pp

node ‘vps.client.com’ {
             
              package { ‘httpd’ :
                     ensure => installed,
                           }
}

The configuration is pretty self explanatory, the first line indicates that we need to install this configuration on a client machine with the hostname ‘vps.client.com’. If you want to apply the configuration to the puppet server then replace ‘vps.client.com’ with ‘default’ .
Read node definitions for multiple node configurations.

The next two lines tell puppet that we need to ensure that the apache web server is installed. Puppet will check if apache is installed and if not, install it.

Think of a “package” as an object, “httpd” as the name of the object and “ensure => present” as the action to be performed on the object.

So if I wanted puppet to install a mysql database server, the configuration would be

node ‘vps.client.com’ {

package { ‘mysql-server’ :
ensure => installed,
}
}

The puppet server will compile this configuration into a catalog and serve it to a client when a request is sent to it.

How do I pull my configuration to a client immediately?
Puppet client’s usually pull configuration once every 30 minutes, But you can pull a configuration immediately buy running “service puppet restart or the following command.

[user@puppet ~]# sudo puppet agent --test

What if I wanted puppet to add a user ‘Tom’?
Then the object would be user, the name of the object would be ‘tom’ and the action would be ‘present’.

node ‘vps.client.com’ {
             
              user { ‘tomr’ :
                     ensure => present,
                           }
}

In puppet terms, these objects are known as Resources, the name of the objects are Titles and the actions are called Attributes.

Puppet has a number of these resources to help ease your automation, You can read about them at http://docs.puppetlabs.com/references/latest/type.html

How to ensure a service is running with puppet?
Once you have package like apache installed, you will want to ensure that it is running. On the command line you can do this with the service command, However in puppet you will need to use the manifest file and add the configuration as follows.

node ‘vps.client.com’ {
             
              package { ‘httpd’ :  
                     ensure => installed, 
                           }
             ->
             service { ‘httpd’ :  #Our resource and it’s title
                     ensure => running,  #Action to be performed on resource or attribute
                     enable     => true,   # Start apache at boot


                           }

}

Now you must have noticed I have added an “->” symbol. This is because Puppet is not particular about ordering, But we want the service command to run only after apache is installed and not before, hence I have added the arrow symbol which tells Puppet to run only after “httpd” is installed.
To know more about puppet ordering read.

How to automate installation of predefined conf files?
You may want to have a customised apache conf file for this client, which will have the vhost entry and other specific parameters you choose. In this case we need to use the file resource.

Before we go into the configuration, you should know how puppet serves files. A Puppet server provides access to custom files via mount points. One such mount point by default is the modules directory.
The modules directory is where you would add your modules. Modules make it easier to reuse configurations, rather than having to write configurations for every node we can store them as a module and call them whenever we like.

In order to write a module, you need to create a subdirectory inside the modules directory with the module name and create a manifest file called init.pp which should contain a class with the same name as the subdirectory.

[user@puppet ~]# cd /etc/puppet/modules
[user@puppet ~]# mkdir httpd
[user@puppet ~]# mkdir -p httpd/manifests httpd/files
[user@puppet ~]# vim httpd/manifests/init.pp


class httpd {     #Same name as our Sub Directory

  package { 'httpd':
      ensure => present,

         }
      ->
file {'/etc/httpd/conf/httpd.conf':  #Path to file on the client we want puppet to administer
     ensure  => file,  #Ensure it is a file, 
     mode => 0644,    #Permissions for the file
     source => 'puppet:///modules/httpd/httpd.conf', #Path to our customised file on the puppet server
     }

     ->
service { 'httpd':
      ensure     => running,
      enable     => true,
      subscribe => File['/etc/httpd/conf/httpd.conf']  # Restart service if any any change is made to httpd.conf

}
}

You need to add your custom httpd.conf file in the files subdirectory located at “/etc/puppet/modules/httpd/files/”

To understand the how the URI to the source attribute works read http://docs.puppetlabs.com/guides/file_serving.html

Now call the module in our main manifest file.

[user@puppet ~]#sudo vim /etc/puppet/manifests/site.pp

node ‘vps.client.com’ {
             
             include httpd

}

Incase you need a Web interface to  Manage your Linux Servers then read my tutorial Using Foreman, an Opensource Frontend for Puppet

Update: For more Automation and other System Administration/Devops Guides see https://github.com/Leo-G/DevopsWiki
Puppet FAQ
How do I change the time interval for a client to fetch it’s configuration from the server ?
Add “runinterval = 3600 “ under [main] section in “/etc/puppet/puppet.conf” on the client.

Time is in seconds.

How do I install modules from puppet forge?

[user@puppet ~]#sudo puppet module install "full module name"

#Example
[user@puppet ~]#sudo puppet module install puppetlabs-mysql

read more here and for publishing your own modules read http://docs.puppetlabs.com/puppet/latest/reference/modules_publishing.html

Follow me

Leo G

Is a Linux Hobbyist and Enthusiast. He Strongly believes in OpenSource Software and would like you to view and download his software at https://github.com/Leo-g
Follow me

  • The above instructions leave one with a very basic Puppet installation, there are a few things one should be aware of:
    1. A certificate needs to be manually signed for every new client that comes along. For larger networks it is recommended to setup certificate auto-signing.
    2. The installation does not enable exported resources, one of Puppet’s more powerful features. For that one would need to add PuppetDB (There is a ready-made Puppet module the can help one set it up).
    3. Modern Puppet modules make extensive use of the “Hiera” configuration database that requires some setup as well.
    4. The presented setup does not scale – The Puppetmaster can only serve one client at a time and would probably fail with errors when used with more then a few dozen clients. For larger networks, the common practice seems to be to use Apache or Nginex and make use of the “Passenger” module to run the Puppetmaster Ruby code on top of them. (There is a Puppet module for installing Passenger but I would recommend against it, since, the last time I checked, it did an install from source instead of using the available Packages)
    5. Thought should be given as to how the Puppet runs are triggered on the Puppet clients. One way is to allow the client to run as a service – that would, by default, make it run automatically every 30 minutes. (You need a strong Puppetmaster for that – take a look at note #4). Another way is to use a cron job, the Puppet documentation includes examples that show how to add some randomness to the cron schedule so as to not have all clients try to pull the configuration at the same time. Yet another way is to use something like Mcollective to trigger network-wide Puppet runs.
    6. One needs to be able to monitor Puppet reports to obtain indication of overall network health, the Puppet dashboard is a useful free tool for that.
    In summery the above setup is good for initial testing and for learning basic Puppet functionality, more thought needs to be made before use in production scenarios.
    A quick way to gain a production-ready setup is to obtain the Puppet Enterprise package. A free alternative with a somewhat different approach is Foreman with its automated installer.

    • Hey Barak,

      Thanks for the valuable info, But this is a beginners guide and hence I kept it short and simple. I will keep your points in mind when I write a more master or intermediate tutorial

  • Pingback: Automating server configurations with puppet | Hallow Demon()

  • Pingback: Links 22/6/2014: New Linux RC, FreeBSD RC | Techrights()

  • Istimsak Abdulbasir

    Is vps.client.com the name of the puppet server or it is the url that signs certificate keys to be used by both the puppet client and the puppet server?

    • vps.client.com is the hostname of the client machine whose configuration you want to automate. You need to add all your configuration for it inside the node definition with it’s name on the server puppet.yourserver.com manifest file. Look at http://docs.puppetlabs.com/learning/agent_master_basic.html to see how puppet configures ssl

  • Pingback: Puppet - What is Puppet - CodingBee()

  • Pingback: Puppet - Crash course on setting up Master/Agent relationship - CodingBee()

  • Ravi

    How do i install Puppet Enterprise 3.2 on CentOS 6.5.

    While i’m issuing the command “./puppet-enterprise-installer -a Answer.file”

    I receive this error. What does it mean actually?

    ?? The puppet master’s certificate will contain a unique name (“certname”); this should be the main DNS name at which it can be reliably
    reached. Puppet master’s certname? [Default: puppet_master.com] puppet_master.com
    ?? The puppet master’s certificate can contain DNS aliases; agent nodes will only trust the master if they reach it at its certname or
    one of these official aliases. Puppet master’s DNS aliases (comma-separated list)? [Default:
    puppet,puppet.com,puppet_master,puppet_master.com] puppet,puppet.com,puppet_master,puppet_master.com
    !! ERROR: Answer must be a valid string of DNS names (use , to separate names)
    ?? The puppet master’s certificate can contain DNS aliases; agent nodes will only trust the master if they reach it at its certname or
    one of these official aliases. Puppet master’s DNS aliases (comma-separated list)? [Default:
    puppet,puppet.com,puppet_master,puppet_master.com] ./utilities: line 540: t_ask__answered: parameter null or not set

    There was an error running the installation. Please see the /puppet-enterprise-3.2.3-el-6-x86_64/install_log.lastrun.puppet_master.com
    file for more info.

    My Answer file:

    q_all_in_one_install=y
    q_backup_and_purge_old_configuration=n
    q_backup_and_purge_old_database_directory=n
    q_database_host=localhost
    q_database_install=y
    q_database_port=5432
    q_database_root_password=DWdY3Y9km6sNferKRm2A
    q_database_root_user=pe-postgres
    q_install=y
    q_pe_database=y
    q_puppet_cloud_install=y
    q_puppet_enterpriseconsole_auth_database_name=console_auth
    q_puppet_enterpriseconsole_auth_database_password=5foFL4W1FCgns083NQQf
    q_puppet_enterpriseconsole_auth_database_user=console_auth
    q_puppet_enterpriseconsole_auth_password=ravichandran.89
    q_puppet_enterpriseconsole_auth_user_email=admin@puppetlabs.com
    q_puppet_enterpriseconsole_database_name=console
    q_puppet_enterpriseconsole_database_password=PmAv1vK0n7yNxALu2qUZ
    q_puppet_enterpriseconsole_database_user=console
    q_puppet_enterpriseconsole_httpd_port=443
    q_puppet_enterpriseconsole_install=y
    q_puppet_enterpriseconsole_master_hostname=puppet_master.com
    q_puppet_enterpriseconsole_smtp_host=smtp.gmail.com
    q_puppet_enterpriseconsole_smtp_password=
    q_puppet_enterpriseconsole_smtp_port=25
    q_puppet_enterpriseconsole_smtp_use_tls=n
    q_puppet_enterpriseconsole_smtp_user_auth=n
    q_puppet_enterpriseconsole_smtp_username=
    q_puppetagent_certname=puppet_master.com
    q_puppetagent_install=y
    q_puppetagent_server=puppet_master.com
    q_puppetdb_database_name=pe-puppetdb
    q_puppetdb_database_password=UIEP2VuLVvB54Wzk0KEY
    q_puppetdb_database_user=pe-puppetdb
    q_puppetdb_hostname=puppet_master.com
    q_puppetdb_install=y
    q_puppetdb_plaintext_port=8080
    q_puppetdb_port=8081
    q_puppetmaster_certname=puppet_master.com
    q_puppetmaster_dnsaltnames=puppet,puppet.com,puppet_master,puppet_master.com
    q_puppetmaster_enterpriseconsole_hostname=localhost
    q_puppetmaster_enterpriseconsole_port=443
    q_puppetmaster_install=y
    q_run_updtvpkg=n
    q_vendor_packages_install=y

    • The error indicates the certname does not match the dnsaltnames, try adding only one dnsaltanames “puppet_master.com”

  • Pingback: A simple and easy way to install and configure puppet on Linux | Linux Admins()

  • Pingback: Links 2/12/2014: Chromebooks Surge, Android Outselling iOS Sixfold | Techrights()

  • Pingback: Getting started with SaltStack()

  • Pingback: Configurando um ambiente Puppet-Master e Puppet-Agent no Debian 8 e Ubuntu 14.04 | Aécio Pires()

  • Pingback: Configurando um ambiente Puppet-Master e Puppet-Agent no CentOS/Red Hat 7 | Aécio Pires()

  • Pingback: Configurando um ambiente Puppet-Master e Puppet-Agent no CentOS/Red Hat 7 - Peguei do()

  • Pingback: Automate your Linux Server Configurations with Puppet | Linux Admins()

  • Pingback: Automate your Linux Server Configurations with Puppet | Linux Press()

  • Pingback: Using Foreman, an Opensource Frontend for Puppet -()

  • Pingback: Links 2/12/2015: Microsoft and Debian, Thunderbird’s Fate | Techrights()

  • Gareth Brown

    Great article, thanks

    For anyone reading or using puppet:

    If you just want to play with puppet, or need a none master slave system, puppet works great standalone

    You can install the scripts locally and run directly on the box.

    This way you can use git and packages to build your puppet conf

    This is useful to know if you are in an environment where the normal automated deployment isn’t possible

    • Leo G

      Thanks Gareth

  • Raman

    Leo,

    Good Article.

    I want to know if we can install both Master and Agent on one Machine, If so, can I use the above steps to install and configure them?

    Thanks

  • kashif

    Nice tutorial , Can you tell me the steps to copy folders with files from puppet master to puppet multiple agents, Thanks

  • Vaibhav

    Hello

    while running puppet agent –test command on puppet agent

    getting error

    Warning: Unable to fetch my node definition, but the agent run will continue:

    Warning: Connection refused – connect(2)

    Info: Retrieving pluginfacts

    Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using ‘eval_generate’: Connection refused – connect(2)

    Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet://puppet.yourserver.com/pluginfacts: Connection refused – connect(2)

    Info: Retrieving plugin

    Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ‘eval_generate’: Connection refused – connect(2)

    Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://puppet.yourserver.com/plugins: Connection refused – connect(2)

    Error: Could not retrieve catalog from remote server: Connection refused – connect(2)

    Warning: Not using cache on failed catalog

    Error: Could not retrieve catalog; skipping run

    Error: Could not send report: Connection refused – connect(2)

    Please helps me to resolve this issue

    • Leo G

      Its seems like the agent is not able to connect to master see if you are able to telnet master from the agent, detailed troubleshooting steps are available at https://docs.puppetlabs.com/pe/latest/trouble_comms.html

      • Vaibhav

        Hello Leo G

        Thanks

        that was resolved but now i am getting this Error on puppet agent while running puppet agent –test command.

        Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not parse for environment production: Syntax error at ‘.’ at /etc/puppet/manifests/site.pp:1 on node server51.example.com

        Warning: Not using cache on failed catalog

        Error: Could not retrieve catalog; skipping run

        • Vaibhav

          I am able to telnet agent to master

          but getting error while puppet agent –test getting bellow error
          ————————————————————————

          Info: Retrieving pluginfacts

          Info: Retrieving plugin

          Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not parse for environment production: Syntax error at ‘.’ at /etc/puppet/manifests/site.pp:1 on node server51.example.com

          Warning: Not using cache on failed catalog

          Error: Could not retrieve catalog; skipping run

          • Vaibhav

            In puppet master /var/log/messages
            i am getting this logs

            Jan 9 10:57:45 puppet puppet-master[2182]: Could not parse for environment production: Syntax error at ‘.’ at /etc/puppet/manifests/site.pp:1 on node server51.example.com
            Jan 9 10:57:45 puppet puppet-master[2182]: Could not parse for environment production: Syntax error at ‘.’ at /etc/puppet/manifests/site.pp:1 on node server51.example.com
            Jan 9 10:57:45 puppet puppet-master[2182]: Could not parse for environment production: Syntax error at ‘.’ at /etc/puppet/manifests/site.pp:1 on node server51.example.com

          • Leo G

            That’s because there is syntax error in your manifest file, plz check it and ensure the syntax is correct

          • Vaibhav

            Yes Leo G,
            I have observer that after updating you.
            now all services running fine.
            Thanks for you support .