Debian 12 bookworm
Sponsored Link

Puppet : Install2023/08/10

 

Install and setup the Configuration management tool [Puppet].
It's possible to use it on a server with standalone though, however, the example here configures Puppet with server and client environment.

It's necessary to setup DNS or hosts settings to resolve names or IP address and also NTP settings first.

[1] Configure Puppet on Server Host.
root@dlp:~#
apt -y install puppet-master
root@dlp:~#
vi /etc/puppet/puppet.conf
# add to the end

[main]
certname = dlp.srv.world
server = dlp.srv.world

[server]
dns_alt_names = dlp.srv.world,dlp
# any [environment] name
environment = production

root@dlp:~#
systemctl enable --now puppetserver

[2] Configure Puppet on Client Host.
root@node01:~#
apt -y install puppet-agent
root@node01:~#
vi /etc/puppet/puppet.conf
# add to the end

[main]
certname = node01.srv.world
server = dlp.srv.world

[agent]
server = dlp.srv.world
ca_server = dlp.srv.world
# interval for applying catalogs on server
# if set [0], always applied
# default is 30 minutes if the value is not set
runinterval = 30m

root@node01:~#
systemctl enable --now puppet

[3] Enable certificate from Puppet Client on Puppet Server.
root@dlp:~#
puppetserver ca list --all

Requested Certificates:
    node01.srv.world       (SHA256)  29:29:5F:AE:77:5C:A6:BD:F2:AB:C0:D5:3F:11:07:51:6B:12:2F:FD:77:4C:6A:13:BB:F3:3E:5A:96:45:1F:B3
Signed Certificates:
    dlp.srv.world       (SHA256)  DA:A0:09:AA:9A:8E:87:E3:CA:D0:67:A3:FB:AD:BA:DC:F7:37:73:D1:50:23:8F:FD:69:3D:44:9C:86:9B:D7:F4       alt names: ["DNS:dlp.srv.world", "DNS:dlp", "DNS:dlp.srv.world"]        authorization extensions: [pp_cli_auth: true]

# sign

root@dlp:~#
puppetserver ca sign --certname node01.srv.world

Successfully signed certificate request for node01.srv.world
[4] Verify Puppet Server and Client work normally to create a test manifest.
Puppet clients apply manifests on Puppet server for every 30 minutes by default, so wait for a moment to make sure the setting or if you'd like to make sure at once, reload Puppet Client daemon.
# create a directory for putting manifests
# for the name [production], specify the name set for [environment = ***] parameter in [puppet.conf]

root@dlp:~#
mkdir -p /etc/puppet/code/environments/production/manifests
root@dlp:~#
vi /etc/puppet/code/environments/production/manifests/site.pp
# for example, create a [testgroup]

group { 'testgroup':
  ensure => present,
  gid    => 2000,
}

# on Client host, reload puppet if you like to verify settings immediately

root@node01:~#
systemctl reload puppet
root@node01:~#
grep testgroup /etc/group

testgroup:x:2000:
[5] If you like to apply manifest manually on localhost, run like follows.
root@dlp:~#
puppet apply /etc/puppet/code/environments/production/manifests/site.pp

Notice: Compiled catalog for dlp.srv.world in environment production in 0.01 seconds
Notice: /Stage[main]/Main/Group[testgroup]/ensure: created
Notice: Applied catalog in 0.04 seconds
root@dlp:~#
grep testgroup /etc/group

testgroup:x:2000:
Matched Content