This article is written for those who were searching for a detailed and simple for the understanding guide on how to install Puppet on Ubuntu Server.

Puppet is an open-core software configuration management tool. It runs on many Unix-like systems as well as on Microsoft Windows and includes its own declarative language to describe system configuration.

In this guide, we will consider the case when you already have a server with the Ubuntu Server 18.04 LTS operating system installed on it.

You can read more about how to install Ubuntu Server 18.04 LTS in my guide «Installing Ubuntu Server 18.04 LTS».

In addition, OpenSSH must be installed on the server, and port 22 must be open in order to be able to connect to the server using the SSH protocol.

To install OpenSSH on the server, you can use the command:

sudo apt-get install openssh-server

If you plan to connect to the server using the Windows operating system, you can use PuTTY, a freeware client for various remote access protocols, including SSH, Telnet, rlogin.

This guide covers connecting to a server using the iTerm2 terminal emulator installed on the macOS operating system.

Please note that you will need to open the following TCP ports to access your server:

  • 8140 – for Puppet Agent.

Connect to the server on which it is planned to install Puppet Server.

Name the server using the command:

sudo hostnamectl set-hostname puppet.heyvaldemar.net

In this guide, puppet.heyvaldemar.net is used as the name of the Puppet server.

The server with the agent installed must resolve the name of the Puppet server, and also the Puppet server must resolve the name of the client-server.

Verify that the server name has the correct DNS record, and update the /etc/hosts file on the server with the command:

echo "3.121.241.77 puppet.heyvaldemar.net puppetdb.heyvaldemar.net puppet puppetdb" | sudo tee -a /etc/hosts

In this guide, puppet.heyvaldemar.net is used as the name of the Puppet server.

Please note that the puppetdb.heyvaldemar.net entry is useful to you if you plan to install PuppetDB in the future. This name must also have a valid DNS record.

You can learn how to install Puppet on Ubuntu Server by reading «Installing Puppet on Ubuntu Server».

Restart the hostamed service so that the changes made to the server name take effect using the command:

sudo systemctl restart systemd-hostnamed

Check the server name using the command:

hostname

Now replace the current shell process with a new one using the command:

exec bash

The correct time must be set on the Puppet server, as it will act as a certification authority for signing certificates from clients.

To set the time correctly, you will need to install the NTP package and synchronize the time with the upstream NTP servers.

Update the local package index to the latest changes in the repositories using the command:

sudo apt update

Install NTP and ntpdate using the command:

sudo apt install -y ntp ntpdate

Please note ntpdate allows you to manually check the configuration of your connection to the NTP server.

Synchronize time with upstream NTP servers using the command:

sudo ntpdate -u 0.ubuntu.pool.ntp.org

Check the correct date and time on the server using the command:

date

Please note that this guide covers a server located in Berlin.

Let’s see the list of time zone values for all locations using the command:

sudo timedatectl list-timezones

Choose the appropriate value for your location and change the time zone using the command:

sudo timedatectl set-timezone Europe/Berlin

Please note that this guide covers a server located in Berlin.

Again check the correctness of the date and time on the server using the command:

date

Now you need to download and install the Puppet Server repository configuration package.

Download the Puppet Server repository configuration package using the command:

wget https://apt.puppetlabs.com/puppet6-release-bionic.deb

Install the Puppet Server repository configuration package using the command:

udo dpkg -i puppet6-release-bionic.deb

Update the local package index to the latest changes in the repositories using the command:

sudo apt update

Now install Puppet Server using the command:

sudo apt install -y puppetserver

Puppet executables are located in the directory “/opt/puppetlabs/bin/”, which by default is not in the environment variable “PATH” and in the variable “secure_path”, which is used for “sudo” operations.

Please note that the path to the executable files does not matter for Puppet services since starting the services does not depend on “PATH” and “secure_path”.

By adding the path to the executable files to the variables, you can use sudo puppet agent -t instead of sudo /opt/puppetlabs/bin/puppet agent -t.

Add the path to the Puppet executables to the “secure_path” variable.

Open the “sudoers” configuration file in a text editor using the command:

sudo visudo

Find the “secure_path” variable, and at the end of the line, before the closing quote, add the path to the Puppet executables :/opt/puppetlabs/bin.

In order to save changes to the file “sudoers”, press “Ctrl + x”.

Now you need to confirm the changes to the file.

Нажимаем на кнопку “y”.

Press the “Enter” button to confirm the file is saved.

Now add the path to the Puppet executables to the “PATH” environment variable.

Open the “environment” configuration file in a text editor using the command:

sudo vim /etc/environment

Press the “i” button to switch to edit mode, and at the end of the line, before the closing quote, add the path to the Puppet executables :/opt/puppetlabs/bin.

Now press the “Esc” button to exit the editing mode, and then enter “:x” and press the “Enter” button to save the changes and exit the editor.

By default, the Puppet Server JVM is configured to use 2 GB of RAM. This value can be changed in the Puppet configuration file by opening it in a text editor using the command:

sudo vim /etc/default/puppetserver

Press on the “i” button to go into edit mode, find the line JAVA_ARGS="-Xms2g -Xmx2g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger" and change the “Xms” and “Xmx” parameters according to the requirements for your Puppet server.

Please note that in this manual the parameters “Xms” and “Xmx” will be set to 1 GB.

Now press the “Esc” button to exit the editing mode, and then enter “:x” and press the “Enter” button to save the changes and exit the editor.

Next, you need to make changes to another Puppet configuration file by opening it in a text editor using the command:

sudo vim /etc/puppetlabs/puppet/puppet.conf

Press the “i” button to enter the editing mode, find the “[master]” section and add a new line with alternative names of the Puppet server:

dns_alt_names = puppet,puppetdb,puppet.heyvaldemar.net,puppetdb.heyvaldemar.net

Next, add a new section “[main]” with the following parameters:

[main]
certname = puppet.heyvaldemar.net
server = puppet.heyvaldemar.net
environment = production
runinterval = 15m

In this guide, Puppet Server is installed on puppet.heyvaldemar.net. You will need to specify your server, through which your Puppet Server will be accessible from the Internet or in the local network of your organization.

Please note that the puppetdb and puppetdb.heyvaldemar.net entries will come in handy if you plan to install PuppetDB in the future. This name must also have a valid DNS record.

You can learn how to install Puppet on Ubuntu Server by reading «Installing Puppet on Ubuntu Server».

Please note that the “runinterval” parameter specifies the time interval between agent requests to the Puppet server.

Now press the “Esc” button to exit the editing mode, and then enter “:x” and press the “Enter” button to save the changes and exit the editor.

Now create the root and intermediate CA signatures for the Puppet Server using the command:

sudo puppetserver ca setup

Start Puppet Server with the command:

sudo systemctl start puppetserver

Verify that the Puppet Server has started successfully using the command:

sudo systemctl status puppetserver

Enable Puppet Server autorun when the operating system starts using the command:

sudo systemctl enable puppetserver

Next, connect to the server on which you plan to install the Puppet Agent.

Name the server using the command:

sudo hostnamectl set-hostname puppet-agent.heyvaldemar.net

In this guide, “puppet-agent.heyvaldemar.net” is used as the server name with the Puppet agent installed.

The server with the agent installed must resolve the name of the Puppet server, and also the Puppet server must resolve the name of the client-server.

Verify that the server name has the correct DNS record, and also update the “/etc/hosts” file by adding the IP address and name of the client-server using the command:

echo "18.197.232.105 puppet-agent.heyvaldemar.net puppet-agent" | sudo tee -a /etc/hosts

In this guide, “puppet-agent.heyvaldemar.net” is used as the server name with the Puppet agent installed.

Next, add the IP address and name of the Puppet server to the file “/etc/hosts” using the command:

echo "3.121.241.77 puppet.heyvaldemar.net puppetdb.heyvaldemar.net puppet puppetdb" | sudo tee -a /etc/hosts

Having this record will allow the server with the agent installed to resolve the Puppet server name even without a DNS record.

Please note that the puppetdb.heyvaldemar.net entry is useful to you if you plan to install PuppetDB in the future. This name must also have a valid DNS record.

You can learn how to install Puppet on Ubuntu Server by reading «Installing Puppet on Ubuntu Server».

Restart the hostamed service so that the changes made to the server name take effect using the command:

sudo systemctl restart systemd-hostnamed

Check the server name using the command:

hostname

Now replace the current shell process with a new one using the command:

exec bash

The server with the Puppet Agent must be set to the correct time.

To set the time correctly, you will need to install the NTP package and synchronize the time with the upstream NTP servers.

Update the local package index to the latest changes in the repositories using the command:

sudo apt update

Install NTP and ntpdate using the command:

sudo apt install -y ntp ntpdate

Please note ntpdate allows you to manually check the configuration of your connection to the NTP server.

Synchronize time with upstream NTP servers using the command:

sudo ntpdate -u 0.ubuntu.pool.ntp.org

Check the correct date and time on the server using the command:

date

Please note that this guide covers a server located in Berlin.

Let’s see the list of time zone values for all locations using the command:

sudo timedatectl list-timezones

Choose the appropriate value for your location and change the time zone using the command:

sudo timedatectl set-timezone Europe/Berlin

Please note that this guide covers a server located in Berlin.

Again check the correctness of the date and time on the server using the command:

date

Now you need to download and install the Puppet Agent repository configuration package.

Download the Puppet Agent repository configuration package using the command:

wget https://apt.puppetlabs.com/puppet6-release-bionic.deb

Install the Puppet Agent repository configuration package using the command:

sudo dpkg -i puppet6-release-bionic.deb

Update the local package index to the latest changes in the repositories using the command:

sudo apt update

Now install the Puppet Agent using the command:

sudo apt install -y puppet-agent

Puppet executables are located in the directory “/opt/puppetlabs/bin/”, which by default is not in the environment variable “PATH” and in the variable “secure_path”, which is used for “sudo” operations.

Please note that the path to the executable files does not matter for Puppet services since starting the services does not depend on “PATH” and “secure_path”.

By adding the path to the executable files to the variables, you can use sudo puppet agent -t instead of sudo /opt/puppetlabs/bin/puppet agent -t.

Add the path to the Puppet executables to the “secure_path” variable.

Open the “sudoers” configuration file in a text editor using the command:

sudo visudo

Find the “secure_path” variable, and at the end of the line, before the closing quote, add the path to the Puppet executables :/opt/puppetlabs/bin.

Now you need to confirm the changes to the file.

Press on the “y” button.

Press the “Enter” button to confirm the file is saved.

Now add the path to the Puppet executables to the “PATH” environment variable.

Open the “environment” configuration file in a text editor using the command:

sudo vim /etc/environment

Press the “i” button to switch to edit mode, and at the end of the line, before the closing quote, add the path to the Puppet executables :/opt/puppetlabs/bin.

Now press the “Esc” button to exit the editing mode, and then enter “:x” and press the “Enter” button to save the changes and exit the editor.

Next, you need to make changes to the Puppet configuration file by opening it in a text editor using the command:

sudo vim /etc/puppetlabs/puppet/puppet.conf

Press on the “i” button to enter the editing mode, add a new section “[main]” with the following parameters:

[main]
certname = puppet-agent.heyvaldemar.net
server = puppet.heyvaldemar.net
environment = production
runinterval = 15m

In this guide, the Puppet Agent is installed on the puppet-agent.heyvaldemar.net server. You will need to specify your server, through which your Puppet Agent will be available from the Internet or in the local network of your organization.

Puppet Server is also installed on the puppet.heyvaldemar.net server. You will need to specify your server on which your Puppet Server will be accessible from the Internet or in your organization’s local area network.

Please note that the “runinterval” parameter specifies the time interval between agent requests to the Puppet server.

Now press the “Esc” button to exit the editing mode, and then enter “:x” and press the “Enter” button to save the changes and exit the editor.

Start the Puppet Agent and include it in the autorun when the operating system starts up using the command:

sudo puppet resource service puppet ensure=running enable=true

Return to the server with Puppet Server installed.

Now you need to approve the certificate request for the server on which the Puppet Agent is installed so that later the client can receive the configuration from the Puppet server.

Look at client requests in the queue using the command:

sudo puppetserver ca list

Sign the client request using the command:

sudo puppetserver ca sign --certname puppet-agent.heyvaldemar.net

In this guide, the Puppet Agent is installed on the puppet-agent.heyvaldemar.net server. You will need to specify your server, through which your Puppet Agent will be available from the Internet or in the local network of your organization.

Client request successfully signed.

Next, you can view all signed and unsigned client requests using the command:

sudo puppetserver ca list --all

Please note that you can sign all client requests in the queue using the command:

sudo puppetserver ca sign --all

You can revoke a client certificate using the command:

sudo puppetserver ca revoke --certname puppet-agent.heyvaldemar.net

In this guide, the Puppet Agent is installed on the puppet-agent.heyvaldemar.net server. You will need to specify your server, through which your Puppet Agent will be available from the Internet or in your organization’s local network.

Now you can create a manifest to test the functionality of Puppet.

A manifest is a data file containing a client configuration written in Puppet or Ruby DSL.

Create a manifest using the command:

sudo vim /etc/puppetlabs/code/environments/production/manifests/site.pp

Press the “i” button to enter the editing mode, then insert the following configuration:

node 'puppet-agent.heyvaldemar.net' {
  file { '/tmp/puppetfile':
    ensure => 'present',
    owner => 'root',
    group => 'root',
    mode => '0644',
    content => "This File is created by Puppet Server\n"
  }
}

In this guide, the Puppet Agent is installed on the puppet-agent.heyvaldemar.net server. You will need to specify your server, through which your Puppet Agent will be available from the Internet or in your organization’s local network.

Please note that the “puppetfile” file containing the text “This File is created by Puppet Server” will be created in the “/tmp” directory. The user will be assigned the root user.

Now press the “Esc” button to exit the editing mode, and then enter “:x” and press the “Enter” button to save the changes and exit the editor.

Return to the server with the installed Puppet Agent.

Now you need to get the configuration for the client from the Puppet server using the command:

sudo puppet agent -t

Next, you can verify that the file was successfully created and contains the text specified earlier in the manifest using the command:

cat /tmp/puppetfile

The file was successfully created and contains the text specified in the manifest.

Author

Hi, I’m Vladimir Mikhalev, but my friends call me Valdemar. I have a lot of experience in the design and maintenance of various information systems. On my website, you will find detailed and clear guides for setting up IT solutions. Dive into the ocean, full of positive and technology! For cooperation: callvaldemar@gmail.com

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.