Puppet first steps: How to install a puppetmaster with a puppetclient

First of all you will need 2 CentOS machines.
One with “Desktop” installation for the Master and one with “Basic Server” installation for the client..
(Desktop will be needed later for module creation with Gepetto.)

I use the official CentOS-6.5-x86_64-bin-DVD1.iso for the installation.

After you have installed the two machines, set up static IPs for both machines, and set them into /etc/hosts.
In my configuration:
puppet master: 192.168.233.180
puppet client: 192.168.233.181
Gateway: 192.168.233.2

1. Turn off NetworkManager:
        [root@puppetmaster ~]# chkconfig NetworkManager off
        [root@puppetmaster ~]# service NetworkManager stop
        Stopping NetworkManager daemon:                            [  OK  ]

2. Set static IPs
        [root@puppetmaster ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
        DEVICE=eth0
        TYPE=Ethernet
        ONBOOT=yes
        NM_CONTROLLED=no
        BOOTPROTO=static
        IPADDR=192.168.233.180
        PREFIX=24
        DNS1=192.168.233.2
        GATEWAY=192.168.233.2

        [root@puppetmaster ~]# service network restart
        Shutting down interface eth0:                              [  OK  ]
        Shutting down loopback interface:                          [  OK  ]
        Bringing up loopback interface:                            [  OK  ]
        Bringing up interface eth0:  Determining if ip address 192.168.233.180 is already in use for device eth0…
                                                                   [  OK  ]
        [root@puppetclient1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
        DEVICE=eth0
        TYPE=Ethernet
        ONBOOT=yes
        NM_CONTROLLED=no
        BOOTPROTO=static
        IPADDR=192.168.233.181
        PREFIX=24
        GATEWAY=192.168.233.2
        DNS1=192.168.233.2
        
        [root@puppetclient1 ~]# service network restart
        Shutting down interface eth0:                              [  OK  ]
        Shutting down loopback interface:                          [  OK  ]
        Bringing up loopback interface:                            [  OK  ]
        Bringing up interface eth0:  Determining if ip address 192.168.233.181 is already in use for device eth0…
                                                                   [  OK  ]
3. Set /etc/hosts

        [root@puppetmaster ~]# cat /etc/hosts
        127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
        ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
        192.168.233.180 puppetmaster
        192.168.233.181 puppetclient1

        [root@puppetclient1 ~]# cat /etc/hosts
        127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
        ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
        192.168.233.180 puppetmaster
        192.168.233.181 puppetclient1

OK. Now we have the basic server configuration, we can install puppet.
For do that we will need the following repositories:

         rpm -ivh http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-7.noarch.rpm
         rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

        [root@puppetmaster ~]# rpm -ivh http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-7.noarch.rpm
        Retrieving http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-7.noarch.rpm
        warning: /var/tmp/rpm-tmp.gLXpeX: Header V4 RSA/SHA1 Signature, key ID 4bd6ec30: NOKEY
        Preparing…                ########################################### [100%]
           1:puppetlabs-release     ########################################### [100%]
        [root@puppetmaster ~]# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
        Retrieving http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
        warning: /var/tmp/rpm-tmp.hm3epf: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
        Preparing…                ########################################### [100%]
           1:epel-release           ########################################### [100%]

        [root@puppetclient1 ~]# rpm -ivh http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-7.noarch.rpm
        Retrieving http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-7.noarch.rpm
        warning: /var/tmp/rpm-tmp.0lU0bR: Header V4 RSA/SHA1 Signature, key ID 4bd6ec30: NOKEY
        Preparing…                ########################################### [100%]
           1:puppetlabs-release     ########################################### [100%]
        [root@puppetclient1 ~]# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
        Retrieving http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
        warning: /var/tmp/rpm-tmp.aEbLpd: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
        Preparing…                ########################################### [100%]
           1:epel-release           ########################################### [100%]

As now we have the required repositories we can install the puppet master:

1. First of all we will open the firewall:

        [root@puppetmaster ~]# iptables -I INPUT 2 -p tcp –dport 8140 -s 192.168.233.0/24 -j ACCEPT
        [root@puppetmaster ~]# service iptables save
        iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
        [root@puppetmaster ~]# service iptables restart
        iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
        iptables: Flushing firewall rules:                         [  OK  ]
        iptables: Unloading modules:                               [  OK  ]
        iptables: Applying firewall rules:                         [  OK  ]

2. Install the puppet-server package

        [root@puppetmaster ~]# yum install puppet-server

        [root@puppetmaster ~]# service puppetmaster start
        Starting puppetmaster:                                     [  OK  ]
        [root@puppetmaster ~]# chkconfig puppetmaster on
        
3. As our puppetmaster is ready we will install the puppet agent on our client:

        [root@puppetclient1 ~]# yum install puppet

4. Set up master on the client:
    Add line ‘server = puppetmaster’ to the [main] section of puppet.conf
        [root@puppetclient1 ~]# head -2 /etc/puppet/puppet.conf
        [main]
            server = puppetmaster

5. Both the master and the client are installed, now we have to connect our client to the master:
    By default it will not work, as the master has to accept the certificate of the client.
    I will show you two ways how you can do that:
    1. manually
        [root@puppetclient1 ~]# puppet agent –server PuppetMaster –waitforcert 60 –test
        Info: Creating a new SSL key for puppetclient1
        Info: Caching certificate for ca
        Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
        Info: Creating a new SSL certificate request for puppetclient1
        Info: Certificate Request fingerprint (SHA256): C5:87:3B:67:35:6D:19:8D:E6:59:3A:35:C8:5E:B7:C9:85:68:C8:63:E5:31:71:D3:B0:5A:D9:F8:BC:A7:97:BE
        Info: Caching certificate for ca
    In the meantime on puppetmaster we will list the connection attempts:
        [root@puppetmaster ~]# puppet cert –list
          “puppetclient1” (SHA256) C5:87:3B:67:35:6D:19:8D:E6:59:3A:35:C8:5E:B7:C9:85:68:C8:63:E5:31:71:D3:B0:5A:D9:F8:BC:A7:97:BE
          
    We can see that puppetclient1 would like to connect, so we accept its certificate:
        [root@puppetmaster ~]# puppet cert sign puppetclient1
        Notice: Signed certificate request for puppetclient1
        Notice: Removing file Puppet::SSL::CertificateRequest puppetclient1 at ‘/var/lib/puppet/ssl/ca/requests/puppetclient1.pem’

    After this client will be able to connect to the puppetmaster:
        
        [root@puppetclient1 ~]# puppet agent –test
        Info: Retrieving pluginfacts
        Info: Retrieving plugin
        Info: Caching catalog for puppetclient1
        Info: Applying configuration version ‘1408026898’
        Notice: Finished catalog run in 0.03 seconds
    
    2. automatically
    
        You can get the same result if you set “autosign = true” in the  [master] section of puppet.conf.
        In this case all clients will be able to connect to out puppetmaster so use it carefully, as it can mean security risk.

Our basic configuration is ready, let’s try it out on a very simple example:
We will create a simple file on client with Puppet.
As you can see it doesn’t exist yet:
        [root@puppetclient1 ~]# ls -l /tmp/my_test_file.txt
        ls: cannot access /tmp/my_test_file.txt: No such file or directory

Add the following lines into /etc/puppet/manifest/site.pp (If site.pp does not exist, then create it)

        node puppetclient1{
            file { “/tmp/my_test_file.txt”:
            owner => root, group => root, mode => 440,
            content => “My Test File\n”
            }
        }

Run ‘puppet agent –test’ on the client:

        [root@puppetclient1 ~]# puppet agent –test
        Info: Retrieving pluginfacts
        Info: Retrieving plugin
        Info: Caching catalog for puppetclient1
        Info: Applying configuration version ‘1408027496’
        Notice: /Stage[main]/Main/Node[puppetclient1]/File[/tmp/my_test_file.txt]/ensure: defined content as ‘{md5}fac7081166f87902d4a5128088e16aea’
        Notice: Finished catalog run in 0.04 seconds

Our test test has been created successfully:

        [root@puppetclient1 ~]# cat /tmp/my_test_file.txt
        My Test File
 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s