MyLinuxTips

Introduction

Puppet is a configuration automation tool that allows you to centralize management of the various Linux flavors running on your network. Puppet supports central management of the important aspects of your systems, such as: files, packages, users, services, cron, mounts, etc.

This is a step by step tutorial on how to install the Puppet Server (puppetmaster) on one machine, and the Puppet Client (puppetd) on another. We then perform a simple test to make sure Puppet is working properly.

Background

This installation is performed on CentOS 5.5 Server, but should work for most Linux flavors with slight modifications.

During this tutorial we’ll be using mylinuxtips.info as our domain name. The server will be given the hostname “puppetserver” and IP 192.168.1.1. The client hostname is “puppetclient” with IP 192.168.1.2.

1. Network Requirements

If DNS isn’t set up on your network, verify the hosts files on both server and client include entries for both machines. For this scenario the following entries would be added to /etc/hosts. Use your favorite text editor to add lines reflecting your own network settings similar to the lines below.
192.168.1.1 puppetserver.mylinuxtips.info puppetserver
192.168.1.2 puppetclient.mylinuxtips.info puppetclient

The server runs on port 8140. Make sure there’s no firewall blocking port 8140 between the two machines.

2. Yum Setup

Many of the packages we need are in the epel repository.
puppeserver:# rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm

4. Client Install

Install Puppet only
puppetclient:# yum install puppet

5. Server Installation

# yum install *puppet*

Starting puppet configuration management tool master server
Manifest /etc/puppet/manifests/site.pp must exist [fail]

6. Server Preparation

The server (puppetserver) requires a manifest to be in place before it’s able to run. Let’s write a manifest that tells puppet to create a file “/tmp/testfile” on the client.
puppet:# vim /etc/puppet/manifests/site.pp
# Create “/tmp/testfile” if it doesn’t exist.
class test_class {
   file { “/tmp/testfile”:
      ensure => present,
      mode   => 644,
      owner  => root,
      group  => root
   }
}

# tell puppet on which client to run the class
node puppetclient {
include test_class
}

Now start the puppet server.
puppet:# /etc/init.d/puppetmaster start

7. Client Preparation

Clients by default will connect to a server on your network with a hostname of “puppet.” If your server’s hostname isn’t “puppet” a directive needs to be inserted into the puppetd configuration file “puppetd.conf.” Even though we don’t need to in this case, we’ll do so for demonstration purposes.
Open “/etc/puppet/puppetd.conf” with your favorite text editor and add “server = puppet.example.com” to the existing file as the example below indicates.
pclient:# vim /etc/puppet/puppetd.conf
[puppetd]
server = puppetserver.mylinuxtips.info

# Make sure all log messages are sent to the right directory
# This directory must be writable by the puppet user
logdir=/var/log/puppet
vardir=/var/lib/puppet
rundir=/var/run

8. Sign Keys

In order for the two systems to communicate securely we need to create signed SSL certificates. You should be logged into both the server and client machines for this next step.
On the client side run.
puppetclient:# puppetd –server puppetserver.mylinuxtips.info –waitforcert 60 –test
You should see the following message.
err: No certificate; running with reduced functionality.
info: Creating a new certificate request for pclient.example.con
info: Requesting certificate
warning: peer certificate won’t be verified in this SSL session
notice: Did not receive certificate

Next, on the server side, run the following command to verify the client is waiting for the cert to be signed.
puppetserver:# puppetca –list
puppetclient.mylinuxtips.info

Then sign the certificate.
puppetserver:# puppetca –sign puppetclient.mylinuxtips.info
Signed puppetclient.mylinuxtips.info
If everything went OK you should see this message on puppetclient.
info: Requesting certificate
warning: peer certificate won’t be verified in this SSL session
notice: Ignoring –listen on onetime run
info: Caching configuration at /etc/puppet/localconfig.yaml
notice: Starting configuration run
notice: //puppetclient/test_class/File[/tmp/testfile]/ensure: created
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished configuration run in 0.11 seconds

9. Test

Check and make sure the file was created.
puppetclient:# ls -l /tmp/testfile

-rw-r–r– 1 root root 0 2007-02-18 18:28 /tmp/testfile

For a test lets edit the manifest and direct Puppet to modify the file mode. Change line,

“mode => 644,” to “mode => 600,”
puppetserver:# vim /etc/puppet/manifests/site.pp
# Create “/tmp/testfile” if it doesn’t exist.
class test_class {
   file { “/tmp/testfile”:
      ensure => present,
      mode   => 600,
      owner  => root,
      group  => root
   }
}

# tell puppet on which client to run the class
node puppetclient {
include test_class
}

On the client run puppetd in verbose mode (-v) and only once (-o).
puppetclient:# puppetd -v -o
You should see the following message, which states that /tmp/testfile changed from mode 644 to 600.
notice: Ignoring –listen on onetime run
info: Config is up to date
notice: Starting configuration run
notice: //puppetclient/test_class/File[/tmp/testfile]/mode: mode changed ‘644’ to ‘600’
notice: Finished configuration run in 0.26 seconds
To verify the work was completed properly.
puppetclient:# ls -l /tmp/testfile
-rw——- 1 root root 0 2007-02-18 18:28 /tmp/testfile

10. Conclusion

Congratulations, testing is complete and you have a working Puppet setup. Your next step is to create a functional manifest, test some more, and then fire up the puppetd daemon on the client side. Puppetd by default will automatically poll the server every 30 minutes.
puppetclient:# /etc/init.d/puppet start