What is Puppet?
Puppet is a configuration management tool to automate infrastructure management and configuration i.e., it manages configuration data on other systems, including users, packages, processes, services. It helps in the concept of Infrastructure as code. Puppet written in Ruby DSL language, which can be easily managed and configured. Puppet follows client-server Model, where one machine acts as server known as puppet master and the other acts as client known as slave or agent machine. The Puppet Master is a Machine where all manifests will be developed and ready to be implemented on the agents. The agent implements Puppet manifests, or files containing Puppet configuration language that declare the desired state of the node..
Special Features And Work Flow n Puppet, one can safely run the same set of configuration multiple times on the ;ame machine. In this flow, Puppet checks for the status of the target machine and Nill only make changes when there is any specific change in the configuration.
architecture mainly contains below components.
Puppet Master:
Master is the key mechanism which handles all the configuration related stuff. It applies the configuration to nodes using the Puppet agent. All the configuration changes which are written in Puppet are first converted to a compiled format called catalog and later those catalogs are applied on the target machine.
Puppet Agent :
Agents are the actual working machines which are managed by the master. They have the Puppet agent daemon service running inside them.
The Work Flow:
The first thing that Puppet master does is to collect the details of The Puppet agent. Using the factor which is present on all Puppet agents it gets all the machine level configuration details. All these details are gathered and sent back to the Master
Then the master compares the gathered config with defined configuration details, and with the defined confifg it creates a catalog and sends it to the targeted nodes. The Puppet node applies those configurations to get the system into the desired state. After puppet agent changing to desired state, that node sends a report back to the Puppet master. This helps the Puppet master in understanding where the current state of the system is, as defined in the catalog.
Installing Puppet
Step 1: Set Up Hostname Resolution
With Puppet, master and client nodes communicate using hostnames. Before installing Puppet, you need to set up a unique hostname on each node.
1. Open the hosts file on each node by using:
sudo nano /etc/hosts2. Paste the following lines at the end of each hosts file:
[puppet master ip] puppetmaster puppet
[puppet client ip] puppetclientWhere:
Step 3: Install Puppet Server on Master Node
1. Download the latest Puppet version on the master node:
wget https://apt.puppetlabs.com/puppet6-release-focal.deb
Once the download is complete, install the package by using:
sudo dpkg -i puppet6-release-focal.deb
Install the Puppet server with the following command:
sudo apt-get update -y
sudo apt-get install puppetserver -y
Configure Puppet Master.
you may adjust the JVM of the puppet server. with editing file /etc/default/puppetserver
JAVA_ARGS="-Xms1g -Xmx1g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"Edit the puppet setiings /etc/puppetlabs/puppet/puppet.conf
# This file can be used to override the default puppet settings.
# See the following links for more details on what settings are available:
# - https://puppet.com/docs/puppet/latest/config_important_settings.html
# - https://puppet.com/docs/puppet/latest/config_about_settings.html
# - https://puppet.com/docs/puppet/latest/config_file_main.html
# - https://puppet.com/docs/puppet/latest/configuration.html
[server]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
[main]
certname = puppetmaster.unixcop.local
server = puppetmaster.unixcop.local
environement = master_stable
runinterval = 30m
Generate a root and intermediate signing, CA on Puppet master
sudo /opt/puppetlabs/bin/puppetserver ca setup
Start the Puppet service and set it to launch on system boot by using:
sudo systemctl start puppetserver
sudo systemctl enable puppetserver
systemctl status puppetserver
Install and Configure Puppet Agent
Atthe Puppet server is installed and configure. Now, you will need to install the Puppet agent on the client node.Here puppetagent.unixcop.local is my Clinet Node
First, download and install the Puppet repository with the following command:
wget https://apt.puppetlabs.com/puppet6-release-focal.deb
dpkg -i puppet6-release-focal.deb
Next, update the repository and install the Puppet agent by running the following command:
apt-get update -y
apt-get install puppet-agent -y
After installing Puppet agent, you will need to edit the Puppet configuration file and define the Puppet master information:
nano /etc/puppetlabs/puppet/puppet.confAdd the following lines:
This file can be used to override the default puppet settings.
[main]
certname = puppetagent.unixcop.local
server = puppetmaster.unixcop.local
environment = production
runinterval = 30m
Save and close the file when you are finished. Then, start the Puppet agent service and enable it to start at boot with the following command:
systemctl start puppet
systemctl enable puppetNext, verify the status of the Puppet with the following command:
systemctl status puppet
Run puppet agent first time
running puppet first will generate the certificates from the client
puppet agent -t
From Puppetmaster show pending certificate to sign them later
sudo /opt/puppetlabs/bin/puppetserver ca list --all
When the Puppet agent software runs for the first time on any Puppet node, it generates a certificate and sends the certificate signing request to the Puppet master. The below command from agent will request for the certificate from the master.
Before the Puppet server is able to communicate and control the agent nodes, it must sign thatparticular agent node’s certificate. In the following sections, we will describe how to signand check for the signing request. List Current Certificate Requests. On the master, run the following command to see all unsigned certificate requests.
On the Puppet master, run the command to see all unsigned certificate requests.
. Sign the certificates with:
sudo /opt/puppetlabs/bin/puppetserver ca sign --all
3. Use the below command to test the communication between the master and client nodes:
sudo /opt/puppetlabs/bin/puppet agent --test
Puppet Example
Create folder on puppet agent node
Edit /etc/puppetlabs/code/environments/production/manifests/site.pp
add
node 'puppetagent' { # Applies only to mentioned node. If nothing mentioned, applies to all.
file { '/home/unixcop-puppet': # Resource type file
ensure => 'directory', # Create a directory
owner => 'root', # Ownership
group => 'root', # Group Name
mode => '0755', # Directory permissions
}
}
saved exit .
Run puppet agent from the puppet agent node
