Install Puppet on Ubuntu Server

This article is for those looking for a detailed and straightforward guide on installing Puppet on Ubuntu Server.

Puppet is a cross-platform client-server application that allows you to centrally manage the configuration of operating systems and programs installed on multiple computers.

IMPORTANT

OpenSSH must be installed on the server, and port 22 must be open in order to be able to connect to the server using the SSH protocol.

To install OpenSSH on a server, you can use the command:

1
sudo apt install openssh-server

NOTE

To connect to the server from a Windows system, you can use tools like PuTTY or MobaXterm.

NOTE

This guide walks you through connecting to a server with the iTerm2 terminal emulator on macOS.

CAUTION

You will need to open the following TCP ports for access to the services:

• TCP port 8140 - for Puppet Agent to work.

We connect to the server on which you plan to install Puppet Server.

Let’s name the server using the command:

1
sudo hostnamectl set-hostname puppet.heyvaldemar.net

This tutorial uses puppet.heyvaldemar.net as the Puppet server name.

The server with the agent installed must resolve the name of the Puppet server and also the Puppet server must resolve the name of the client-server.

Make sure the server name has the correct DNS entry and also update the “/etc/hosts” file on the server with the command:

1
echo "10.170.19.82 puppet.heyvaldemar.net puppetdb.heyvaldemar.net puppet puppetdb" | sudo tee -a /etc/hosts

This tutorial uses puppet.heyvaldemar.net as the Puppet server name.

NOTE

The entry puppetdb.heyvaldemar.net is useful if you plan to install PuppetDB in the future. This name must also have a valid DNS record.

You can find out how to install PuppetDB on Ubuntu Server by reading Install PuppetDB on Ubuntu Server.

Restart the hostamed service for the changes to the server name to take effect using the command:

1
sudo systemctl restart systemd-hostnamed

Let’s check the correctness of the server name using the command:

1
hostname

Now let’s replace the current shell process with a new one using the command:

1
exec bash

The correct time must be set on the Puppet server, as it will act as a CA for signing certificates from clients.

To set the time correctly, you will need to install the NTP package and synchronize the time with the upstream NTP servers.

Update the local package index to the latest changes in the repositories using the command:

1
sudo apt update

Install NTP and ntpdate using the command:

1
sudo apt install -y ntp ntpdate

NOTE

ntpdate allows you to manually check the configuration of your connection to the NTP server.

Synchronize time with upstream NTP servers using the command:

1
sudo ntpdate -u 0.ubuntu.pool.ntp.org

Let’s check the correctness of the date and time on the server using the command:

1
date

NOTE

This tutorial is based on a server located in Berlin.

Let’s see a list of time zone values for all locations using the command:

1
sudo timedatectl list-timezones

We select the value suitable for your location and change the time zone using the command:

1
sudo timedatectl set-timezone Europe/Berlin

NOTE

This tutorial is based on a server located in Berlin.

We again check the correctness of the date and time on the server using the command:

1
date

Now you need to download and install the Puppet Server repository configuration package.

Download the Puppet Server repository configuration package using the command:

1
wget https://apt.puppetlabs.com/puppet7-release-jammy.deb

Install the Puppet Server repository configuration package using the command:

1
sudo dpkg -i puppet7-release-jammy.deb

Update the local package index to the latest changes in the repositories using the command:

1
sudo apt update

Now install Puppet Server using the command:

1
sudo apt install -y puppetserver

Puppet binaries are located in the “/opt/puppetlabs/bin/” directory, which is not in the “PATH” environment variable by default and in the “secure_path” variable that is used for “sudo” operations.

NOTE

The path to the executable files is irrelevant for the Puppet services since the start of the services does not depend on the “PATH” and “secure_path”.

By adding the path to executable files to variables, you can use:

1
sudo puppet agent -t

Instead:

1
sudo /opt/puppetlabs/bin/puppet agent -t

Add the path to the Puppet executable files to the “secure_path” variable.

Open the “sudoers” configuration file in a text editor using the command:

1
sudo visudo

Find the variable “secure_path”, and at the end of the line, before the closing quote, add the path to the Puppet executable files :/opt/puppetlabs/bin.

In order to save the changes in the “sudoers” file, press “Ctrl + x”.

Now you need to confirm the changes in the file.

Click on the “y” button.

Press the “Enter” button to confirm saving the file.

Now let’s add the path to the Puppet executables to the “PATH” environment variable.

Open the “environment” configuration file in a text editor using the command:

1
sudo vim /etc/environment

Press the “i” button to enter edit mode, and at the end of the line, before the closing quote, add the path to the Puppet executable files :/opt/puppetlabs/bin.

Now press the “Esc” button to exit edit mode, then type "" and press the “Enter” button to save your changes and exit the editor.

By default, the Puppet Server JVM is configured to use 2 GB of RAM. This value can be changed in the Puppet config file by opening it in a text editor using the command:

1
sudo vim /etc/default/puppetserver

Press the “i” button to enter edit mode, find the line JAVA_ARGS="-Xms2g -Xmx2g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger" and change the Xms parameters and Xmx according to your Puppet server requirements.

NOTE

In this manual the Xms and Xmx parameters will be set to 1 GB.

Now press the “Esc” button to exit edit mode, then type "" and press the “Enter” button to save your changes and exit the editor.

Next, you need to make changes to another Puppet configuration file by opening it in a text editor using the command:

1
sudo vim /etc/puppetlabs/puppet/puppet.conf

Hit the “i” button to go into edit mode, find the [master] section and add a new line with the alternative names of the Puppet server:

1
dns_alt_names = puppet,puppetdb,puppet.heyvaldemar.net,puppetdb.heyvaldemar.net

Next, add a new section [main] with the following parameters:

1
[main]
2
certname    = puppet.heyvaldemar.net
3
server      = puppet.heyvaldemar.net
4
environment = production
5
runinterval = 15m

NOTE

In this tutorial, the Puppet Server is installed on the puppet.heyvaldemar.net server. You will need to specify your server through which your Puppet Server will be accessible from the Internet or on the local network of your organization.

NOTE

The entries puppetdb and puppetdb.heyvaldemar.net will come in handy if you plan to install PuppetDB in the future. This name must also have a valid DNS record.

You can find out how to install PuppetDB on Ubuntu Server by reading Install PuppetDB on Ubuntu Server.

NOTE

The “runinterval” parameter specifies the time interval between agent requests to the Puppet server.

Now press the “Esc” button to exit edit mode, then type "" and press the “Enter” button to save your changes and exit the editor.

Now let’s create the root and intermediate CA signature for Puppet Server using the command:

1
sudo puppetserver ca setup

We start Puppet Server using the command:

1
sudo systemctl start puppetserver

Check that Puppet Server has started successfully using the command:

1
sudo systemctl status puppetserver

We enable Puppet Server autorun when starting the operating system using the command:

1
sudo systemctl enable puppetserver

Next, we connect to the server on which you plan to install Puppet Agent.

Let’s name the server using the command:

1
sudo hostnamectl set-hostname puppet-agent.heyvaldemar.net

This tutorial uses puppet-agent.heyvaldemar.net as the name of the server with the Puppet agent installed.

The server with the agent installed must resolve the name of the Puppet server and also the Puppet server must resolve the name of the client-server.

Make sure the server name has the correct DNS entry and also update the “/etc/hosts” file with the IP address and client-server name using the command:

1
echo "10.170.19.3 puppet-agent.heyvaldemar.net puppet-agent" | sudo tee -a /etc/hosts

This tutorial uses puppet-agent.heyvaldemar.net as the name of the server with the Puppet agent installed.

Next, add the IP address and the name of the Puppet server to the “/etc/hosts” file using the command:

1
echo "10.170.19.82 puppet.heyvaldemar.net puppetdb.heyvaldemar.net puppet puppetdb" | sudo tee -a /etc/hosts

Having this record will allow the server with the agent installed to resolve the Puppet server name even without a DNS record.

NOTE

The entry puppetdb.heyvaldemar.net is useful if you plan to install PuppetDB in the future. This name must also have a valid DNS record.

You can find out how to install PuppetDB on Ubuntu Server by reading Install PuppetDB on Ubuntu Server.

Restart the hostamed service for the changes to the server name to take effect using the command:

1
sudo systemctl restart systemd-hostnamed

Let’s check the correctness of the server name using the command:

1
hostname

Now let’s replace the current shell process with a new one using the command:

1
exec bash

The correct time must be set on the server with Puppet Agent.

To set the time correctly, you will need to install the NTP package and synchronize the time with the upstream NTP servers.

Update the local package index to the latest changes in the repositories using the command:

1
sudo apt update

Install NTP and ntpdate using the command:

1
sudo apt install -y ntp ntpdate

NOTE

ntpdate allows you to manually check the configuration of your connection to the NTP server.

Synchronize time with upstream NTP servers using the command:

1
sudo ntpdate -u 0.ubuntu.pool.ntp.org

Let’s check the correctness of the date and time on the server using the command:

1
date

NOTE

This tutorial is based on a server located in Berlin.

Let’s see a list of time zone values for all locations using the command:

1
sudo timedatectl list-timezones

We select the value suitable for your location and change the time zone using the command:

1
sudo timedatectl set-timezone Europe/Berlin

NOTE

This tutorial is based on a server located in Berlin.

We again check the correctness of the date and time on the server using the command:

1
date

Now you need to download and install the Puppet Agent repository configuration package.

Download the Puppet Agent repository configuration package using the command:

1
wget https://apt.puppetlabs.com/puppet7-release-jammy.deb

Install the Puppet Agent repository configuration package using the command:

1
sudo dpkg -i puppet7-release-jammy.deb

Update the local package index to the latest changes in the repositories using the command:

1
sudo apt update

Now install Puppet Agent using the command:

1
sudo apt install -y puppet-agent

Puppet binaries are located in the “/opt/puppetlabs/bin/” directory, which is not in the “PATH” environment variable by default and in the “secure_path” variable that is used for “sudo” operations.

NOTE

The path to the executable files is irrelevant for the Puppet services, since the start of the services does not depend on the “PATH” and “secure_path”.

By adding the path to executable files to variables, you can use:

1
sudo puppet agent -t

Instead:

1
sudo /opt/puppetlabs/bin/puppet agent -t

Add the path to the Puppet executable files to the “secure_path” variable.

Open the “sudoers” configuration file in a text editor using the command:

1
sudo visudo

Find the variable “secure_path”, and at the end of the line, before the closing quote, add the path to the Puppet executable files :/opt/puppetlabs/bin.

Now you need to confirm the changes in the file.

Click on the “y” button.

Press the “Enter” button to confirm saving the file.

Now let’s add the path to the Puppet executables to the “PATH” environment variable.

Open the “environment” configuration file in a text editor using the command:

1
sudo vim /etc/environment

Press the “i” button to enter edit mode, and at the end of the line, before the closing quote, add the path to the Puppet executable files :/opt/puppetlabs/bin.

Now press the “Esc” button to exit edit mode, then type "" and press the “Enter” button to save your changes and exit the editor.

Next, you need to make changes to the Puppet configuration file by opening it in a text editor using the command:

1
sudo vim /etc/puppetlabs/puppet/puppet.conf

Press the “i” button to switch to edit mode, add a new section [main] with the following parameters:

1
[main]
2
certname    = puppet-agent.heyvaldemar.net
3
server      = puppet.heyvaldemar.net
4
environment = production
5
runinterval = 15m

NOTE

In this tutorial, Puppet Agent is installed on the puppet-agent.heyvaldemar.net server. You will need to specify your server through which your Puppet Agent will be accessible from the Internet or on the local network of your organization.

Also, the Puppet Server is installed on the puppet.heyvaldemar.net server. You will need to specify your server through which your Puppet Server will be accessible from the Internet or on the local network of your organization.

NOTE

The “runinterval” parameter specifies the time interval between agent requests to the Puppet server.

Now press the “Esc” button to exit edit mode, and then type ”: x” and press the “Enter” button to save your changes and exit the editor.

Launch Puppet Agent and enable it to autostart when the operating system starts up using the command:

1
sudo puppet resource service puppet ensure=running enable=true

We return to the server with Puppet Server installed.

Now you need to approve the certificate request for the server on which the Puppet Agent is installed so that later the client can receive the configuration from the Puppet server.

Let’s look at the client requests in the queue using the command:

1
sudo puppetserver ca list

We sign the client request using the command:

1
sudo puppetserver ca sign --certname puppet-agent.heyvaldemar.net

NOTE

In this tutorial, Puppet Agent is installed on the puppet-agent.heyvaldemar.net server. You will need to specify your server through which your Puppet Agent will be accessible from the Internet or on the local network of your organization.

The client request has been successfully signed.

Next, you can view all signed and unsigned client requests using the command:

1
sudo puppetserver ca list --all

You can sign all client requests in the queue using the command:

1
sudo puppetserver ca sign --all

You can revoke a client certificate using the command:

1
sudo puppetserver ca revoke --certname puppet-agent.heyvaldemar.net

NOTE

In this tutorial, Puppet Agent is installed on the puppet-agent.heyvaldemar.net server. You will need to specify your server through which your Puppet Agent will be accessible from the Internet or on the local network of your organization.

Now you can create a manifest to test Puppet’s functionality.

A manifest is a data file containing client configuration written in Puppet or Ruby DSL.

Let’s create a manifest using the command:

1
sudo vim /etc/puppetlabs/code/environments/production/manifests/site.pp

Hit the “i” button to go into edit mode, then insert the following configuration:

1
node 'puppet-agent.heyvaldemar.net' {
2
  file { '/tmp/puppetfile':
3
    ensure  => 'present',
4
    owner   => 'root',
5
    group   => 'root',
6
    mode    => '0644',
7
    content => "This File is created by Puppet Server\n",
8
  }
9
}

NOTE

In this tutorial, Puppet Agent is installed on the puppet-agent.heyvaldemar.net server. You will need to specify your server through which your Puppet Agent will be accessible from the Internet or on the local network of your organization.

NOTE

A “puppetfile” file will be created in the “/tmp” directory containing the text “This File is created by Puppet Server”. The user “root” will be the owner of the file.

Now press the “Esc” button to exit edit mode, then type "" and press the “Enter” button to save your changes and exit the editor.

We return to the server with the Puppet Agent installed.

Now you need to get the configuration for the client from the Puppet server using the command:

1
sudo puppet agent -t

Next, you can check that the file was successfully created and contains the text specified earlier in the manifest using the command:

1
cat /tmp/puppetfile

The file was successfully created and contains the text specified in the manifest.