Puppet : Install2023/10/17 |
|
Install and setup the Configuration management tool [Puppet]. It's necessary to setup DNS or hosts settings to resolve names or IP address and also NTP settings first. |
|
| [1] | Configure Puppet on Server Host. |
|
[root@dlp ~]#
dnf -y install https://yum.puppet.com/puppet-release-el-9.noarch.rpm [root@dlp ~]# dnf -y install puppetserver
[root@dlp ~]#
vi /etc/puppetlabs/puppet/puppet.conf # add to the end
confdir = /etc/puppetlabs/puppet
dns_alt_names = dlp.srv.world,dlp
# any [environment] name
environment = production
[main]
certname = dlp.srv.world
server = dlp.srv.world
systemctl enable --now puppetserver |
| [2] | If Firewalld is running on Puppet server Host, allow service. |
|
[root@dlp ~]# firewall-cmd --add-service=puppetmaster success [root@dlp ~]# firewall-cmd --runtime-to-permanent success |
| [3] | Configure Puppet on Client Host. |
|
[root@node01 ~]#
dnf -y install https://yum.puppet.com/puppet-release-el-9.noarch.rpm [root@node01 ~]# dnf -y install puppet-agent
[root@node01 ~]#
vi /etc/puppetlabs/puppet/puppet.conf # add to the end
[main]
certname = node01.srv.world
server = dlp.srv.world
[agent]
server = dlp.srv.world
ca_server = dlp.srv.world
# interval for applying catalogs on server
# if set [0], always applied
# default is 30 minutes if the value is not set
runinterval = 30m
systemctl enable --now puppet |
| [4] | Enable certificate from Puppet Client on Puppet Server. |
|
[root@dlp ~]# /opt/puppetlabs/server/bin/puppetserver ca list --all
Requested Certificates:
node01.srv.world (SHA256) 8F:D1:43:13:FF:A9:31:1E:7F:66:DE:FE:C5:37:66:97:F5:AB:88:DD:20:2A:CB:DF:60:01:7E:7B:CE:09:EF:35
Signed Certificates:
dlp.srv.world (SHA256) 4F:BE:72:F4:14:2A:7B:10:89:3A:0D:6D:E3:8B:12:F0:86:AE:49:7C:4F:B2:A3:D9:AE:CB:96:1F:F0:D0:F4:95 alt names: ["DNS:dlp.srv.world", "DNS:dlp", "DNS:dlp.srv.world"] authorization extensions: [pp_cli_auth: true]
# sign [root@dlp ~]# /opt/puppetlabs/server/bin/puppetserver ca sign --certname node01.srv.world Successfully signed certificate request for node01.srv.world |
| [5] | Verify Puppet Server and Client work normally to create a test manifest. Puppet clients apply manifests on Puppet server for every 30 minutes by default, so wait for a moment to make sure the setting or if you'd like to make sure at once, reload Puppet Client daemon. |
|
# create a directory for putting manifests # for the name [production], specify the name set for [environment = ***] parameter in [puppet.conf] [root@dlp ~]# mkdir -p /etc/puppetlabs/code/environments/production/manifests
[root@dlp ~]#
vi /etc/puppetlabs/code/environments/production/manifests/site.pp # for example, create a [testgroup]
group { 'testgroup':
ensure => present,
gid => 2000,
}
# on Client host, reload puppet if you like to verify settings immediately [root@node01 ~]# systemctl reload puppet
grep testgroup /etc/group testgroup:x:2000: |
| [6] | If you like to apply manifest manually on localhost, run like follows. |
|
[root@dlp ~]# /opt/puppetlabs/bin/puppet apply /etc/puppetlabs/code/environments/production/manifests/site.pp Notice: Compiled catalog for dlp.srv.world in environment production in 0.01 seconds Notice: /Stage[main]/Main/Group[testgroup]/ensure: created Notice: Applied catalog in 0.05 seconds [root@dlp ~]# grep testgroup /etc/group testgroup:x:2000: |
| Sponsored Link |