How to Install and Configurate Puppet for Server Management?

Puppet is a leading configuration management tool from Puppet Labs. It enables administrators to automate provisioning, configuration and management of server infrastructure while allowing them to remotely manage multiple systems. The puppet configuration tool is declarative which means you can define the state of a package for Puppet to effectively manage it. While it reduces repetitive tasks, it helps you in maintaining accurate and consistent configuration across the network.

Puppet Labs offers two variants of CM solutions; Puppet Enterprise and Puppet Open Source. This tutorial talks about installing Puppet Open Source software.

Before installing Puppet, check out these prerequisites:

1) System requirements: Puppet Master should have a minimum of 2 cores processor and a memory of 1 GB RAM. The agent runs on any configuration. Here is a link for detailed system requirements: https://docs.puppet.com/puppet/5.0/system_requirements.html

2) Choose your Deployment model: Puppet offers two deployment models. The first one is the Agent-Master deployment that is commonly used by most organizations. Here, a central server is configured as the Puppet Master that hosts the compilation data. The Agent software is run on nodes. These nodes periodically pull instructions from the Master and perform tasks accordingly. The second deployment is the Puppet Standalone deployment wherein each node applies its own configuration.

3) Network Requirements: The firewall should be configured to receive connections on port 8140. Configure Reverse DNS and Forward DNS correctly. Setup a unique name for each node.

4) Set the time accurately on the Puppet Master as it is responsible for issuing agent certificates.

Installing Puppet Master

1. Firstly, Puppet package repositories should be enabled.

2. Install Puppet Master by running the following command

    Yum install puppetserver
   

3. Start Puppet service using the command

   Service puppetserver start
   

Installing Puppet Agent on Linux

1. Enable puppet package repositories by installing a release package. Puppet executables can be found at the following location.

   /opt/puppetlabs/bin
   

2. Install puppet agent using the following command

   Sudo yum install puppet-agent
   

   or

   Sudo apt-get install puppet-agent
   

3. To start the puppet service

   sudo /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true
   

4. On the first run, the puppet agent submits a certificate signing request to the puppet master. To sign-in on the certificate, you should log into the server.

To check the list of certificate requests:

        sudo /opt/puppetlabs/bin/puppet cert list

To sign a certificate:

    sudo /opt/puppetlabs/bin/puppet cert sign <name>

Configuring Puppet Master

After puppet master and puppet agents are installed, you need to configure Puppet. The main configuration settings are available in puppet.conf file. When the server starts, it automatically honors the puppet.conf settings and takes values from it. To reconfigure something, you need to restart the service again. However, command-line settings have the top priority. When you run a command from the CLI, it overrides the settings in the puppet.conf file.

To configure a setting, you need to add two hyphens and the name of the setting:

$ sudo puppet agent --test --noop --certname temporary-name.example.com

Here is an example of a basic setting to specify an option and assign a value:

--certname=temporary-name.example.com

For Boolean settings that require Yes or No, a shorter format can be used.

If the value is true, specify –noop in puppet.conf

If the value is false, specify –no-noop in puppet.conf

If a value is not specified, then a default value is assigned from the configuration references.

As puppet values come from different sources, settings are highly dynamic. To best way to check the values is to ask Puppet using the config print command.

Here is a command to check the value of a setting:

$ sudo puppet config print <setting name=""> [--section <config section="">] [--environment <environment>]

The ‘section’ specifies the section to use while finding settings. Main is the default section that is used by all services and commands. The ‘environment’ specifies the environment to use while finding settings. The production environment is usually set as the default.

To show the value of all settings:

$ sudo puppet config print [--section <config section="">] [--environment <environment>]

Puppet master is a Ruby application that uses puppet code and other data sources to compile configurations for puppet agent nodes. It runs on Java Virtual Machine. The web server used by the puppet server is embedded in the JVM services. It comes auto-configured by default. However, you can modify web server settings in the webserver.conf file. The puppet server automatically handles SSL termination.

The service name is puppetserver. To run or stop the service, you can run commands such as

service puppetserver restart

and

service puppetserver status

Puppet server uses the JVM Logback library for logging. The default location is

/var/log/puppetlabs/puppetserver/puppetserver.log

While puppet.conf is the main configuration reference, there are nine extra configuration files such as auth.conf and puppetbd.conf that support more types of values.

Puppet for Server Management

To instruct puppet to do something, you need to write a code. Manifests are files that contain these code snippets and are saved with a .pp extension. A manifest tells the puppet server what packages, files, resources and users should be present on the machine. Firstly, you should create a directory structure to store manifests.

# cd /etc
# wget http://yoursite.com/files/powering-up-with-puppet.tar.gz
# tar xvzf powering-up-with-puppet.tar.gz

Here is an example to manage a Network Time Protocol (NTP) service.

1. create a class for the NTP service.

   class ntp {
   package { "ntp": 
   ensure => installed 
    }
   
   service { "ntp":
   ensure => running,
    }
   }
   

2. Save this file with .pp extension here:

   /etc/puppet/modules/ntp/manifests/ntp.pp
   

3. To apply it to the system edit the nodes manifest. The file can be located here:

   /etc/puppet/manifests/nodes.pp.
   

4. The template looks like this:

   node myserver {
   }
   

5. Change myserver to the name of the machine and include NTP. Here, abcserver is taken as an example. (It is the output of hostname –s)

   node abcserver {
   include ntp
               }
   

   When you run puppet, it matches the name of the client machine with the node definition. When they match, puppet applies all the classes listed there in include.

Now you have instructed puppet that abcserver should have NTP manifest applied to it.

When you run puppet,

# puppet agent --test --server=`abcserver`
info: Caching catalog for localhost.localdomain
info: Applying configuration version '15236548'
notice: //ntp/Service[ntp]/ensure: ensure changed 'stopped' to 'running'
notice: Finished catalog run in 0.75 seconds

It looked for the abcserver manifest and found this.

package { "ntp": 
    ensure => installed 
}

service { "ntp":
    ensure => running,
}

It says that the NTP package should be installed and it should be running. When puppet checks the system and if the NTP package is not available, it will install it. The service also gets started.

When you run puppet again, it will not do anything as the package is already installed and running. So, the manifest is satisfied.

# puppet agent --test --server=`abcserver`
info: Caching catalog for localhost.localdomain
info: Applying configuration version '15236548'
notice: Finished catalog run in 0.56 seconds

Similarly, you can manage the configuration on all the systems in the infrastructure using Puppet.