Puppet 4 installation on Ubuntu 16.04
This post will help the reader to setup and configure puppet 4. It will not be a deep explanatory kind of post but will sure have the required stuffs to make the setup. In node 1 puppet server / puppet master is installed and configured in node 2 puppet agent is installed. Please feel free to comment if there is anything wrong so that the post can be updated based on the needs. Thanks .. :)
required additional files can be also downloaded from :
https://drive.google.com/open?id=0By7X8TzuFNHJQlFPa185cEVMajg
Setting up Puppet Server / Puppet Master (Node 1)
Puppet Server and Puppet Master both are the one and the same.
Requirements:
server
The command hostname -f provides the name of the puppet server and puppet agent using which the certificates will be created by the puppet.
puppet agent communicate with the puppet server by communicating the server with the host name puppet by default.
if required add the host entry in /etc/hosts file like,
<<IP_Address>> puppet
the IP should be reachable by the puppet agent nodes.
Installing Puppet Server
Follow the instructions below to install the puppet server. The commands executed are made bold.
$ pwd
/home/ubuntu
$ curl -O https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 13662 100 13662 0 0 4428 0 0:00:03 0:00:03 --:--:-- 4428
$ sudo dpkg -i puppetlabs-release-pc1-xenial.deb
Selecting previously unselected package puppetlabs-release-pc1.
(Reading database ... 53794 files and directories currently installed.)
Preparing to unpack puppetlabs-release-pc1-xenial.deb ...
Unpacking puppetlabs-release-pc1 (1.1.0-2xenial) ...
Setting up puppetlabs-release-pc1 (1.1.0-2xenial) ...
$ sudo apt-get update
....
....
Fetched 11.2 MB in 7s (1,483 kB/s)
Reading package lists... Done
This post will help the reader to setup and configure puppet 4. It will not be a deep explanatory kind of post but will sure have the required stuffs to make the setup. In node 1 puppet server / puppet master is installed and configured in node 2 puppet agent is installed. Please feel free to comment if there is anything wrong so that the post can be updated based on the needs. Thanks .. :)
required additional files can be also downloaded from :
https://drive.google.com/open?id=0By7X8TzuFNHJQlFPa185cEVMajg
Setting up Puppet Server / Puppet Master (Node 1)
Puppet Server and Puppet Master both are the one and the same.
Requirements:
server
- 4GB RAM
- 2 CPU Cores
The command hostname -f provides the name of the puppet server and puppet agent using which the certificates will be created by the puppet.
puppet agent communicate with the puppet server by communicating the server with the host name puppet by default.
if required add the host entry in /etc/hosts file like,
<<IP_Address>> puppet
the IP should be reachable by the puppet agent nodes.
Installing Puppet Server
Follow the instructions below to install the puppet server. The commands executed are made bold.
$ pwd
/home/ubuntu
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 13662 100 13662 0 0 4428 0 0:00:03 0:00:03 --:--:-- 4428
$ sudo dpkg -i puppetlabs-release-pc1-xenial.deb
Selecting previously unselected package puppetlabs-release-pc1.
(Reading database ... 53794 files and directories currently installed.)
Preparing to unpack puppetlabs-release-pc1-xenial.deb ...
Unpacking puppetlabs-release-pc1 (1.1.0-2xenial) ...
Setting up puppetlabs-release-pc1 (1.1.0-2xenial) ...
$ sudo apt-get update
....
....
Fetched 11.2 MB in 7s (1,483 kB/s)
Reading package lists... Done
$ sudo apt-get install puppetserver
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
ca-certificates-java fontconfig-config fonts-dejavu-core java-common libavahi-client3 libavahi-common-data libavahi-common3 libcups2 libfontconfig1
libjpeg-turbo8 libjpeg8 liblcms2-2 libnspr4 libnss3 libnss3-nssdb libpcsclite1 libxi6 libxrender1 libxtst6 openjdk-8-jre-headless puppet-agent x11-common
Suggested packages:
default-jre cups-common liblcms2-utils pcscd openjdk-8-jre-jamvm libnss-mdns fonts-dejavu-extra fonts-ipafont-gothic fonts-ipafont-mincho ttf-wqy-microhei
| ttf-wqy-zenhei fonts-indic
The following NEW packages will be installed:
ca-certificates-java fontconfig-config fonts-dejavu-core java-common libavahi-client3 libavahi-common-data libavahi-common3 libcups2 libfontconfig1
libjpeg-turbo8 libjpeg8 liblcms2-2 libnspr4 libnss3 libnss3-nssdb libpcsclite1 libxi6 libxrender1 libxtst6 openjdk-8-jre-headless puppet-agent puppetserver
x11-common
0 upgraded, 23 newly installed, 0 to remove and 88 not upgraded.
Need to get 79.8 MB of archives.
After this operation, 246 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
.. ..
.. ..
.. ..
Selecting previously unselected package libjpeg-turbo8:amd64.
(Reading database ... 53799 files and directories currently installed.)
Preparing to unpack .../libjpeg-turbo8_1.4.2-0ubuntu3_amd64.deb ...
Unpacking libjpeg-turbo8:amd64 (1.4.2-0ubuntu3) ...
Selecting previously unselected package liblcms2-2:amd64.
Preparing to unpack .../liblcms2-2_2.6-3ubuntu2_amd64.deb ...
Unpacking liblcms2-2:amd64 (2.6-3ubuntu2) ...
Selecting previously unselected package x11-common.
Preparing to unpack .../x11-common_1%3a7.7+13ubuntu3_all.deb ...
Unpacking x11-common (1:7.7+13ubuntu3) ...
Selecting previously unselected package libxtst6:amd64.
Preparing to unpack .../libxtst6_2%3a1.2.2-1_amd64.deb ...
Unpacking libxtst6:amd64 (2:1.2.2-1) ...
Selecting previously unselected package libnspr4:amd64.
Preparing to unpack .../libnspr4_2%3a4.12-0ubuntu0.16.04.1_amd64.deb ...
Unpacking libnspr4:amd64 (2:4.12-0ubuntu0.16.04.1) ...
Selecting previously unselected package libnss3-nssdb.
Preparing to unpack .../libnss3-nssdb_2%3a3.26.2-0ubuntu0.16.04.2_all.deb ...
Unpacking libnss3-nssdb (2:3.26.2-0ubuntu0.16.04.2) ...
Selecting previously unselected package libnss3:amd64.
Preparing to unpack .../libnss3_2%3a3.26.2-0ubuntu0.16.04.2_amd64.deb ...
Unpacking libnss3:amd64 (2:3.26.2-0ubuntu0.16.04.2) ...
Selecting previously unselected package ca-certificates-java.
Preparing to unpack .../ca-certificates-java_20160321_all.deb ...
Unpacking ca-certificates-java (20160321) ...
Selecting previously unselected package java-common.
Preparing to unpack .../java-common_0.56ubuntu2_all.deb ...
Unpacking java-common (0.56ubuntu2) ...
Selecting previously unselected package libavahi-common-data:amd64.
Preparing to unpack .../libavahi-common-data_0.6.32~rc+dfsg-1ubuntu2_amd64.deb ...
Unpacking libavahi-common-data:amd64 (0.6.32~rc+dfsg-1ubuntu2) ...
Selecting previously unselected package libavahi-common3:amd64.
Preparing to unpack .../libavahi-common3_0.6.32~rc+dfsg-1ubuntu2_amd64.deb ...
Unpacking libavahi-common3:amd64 (0.6.32~rc+dfsg-1ubuntu2) ...
Selecting previously unselected package libavahi-client3:amd64.
Preparing to unpack .../libavahi-client3_0.6.32~rc+dfsg-1ubuntu2_amd64.deb ...
Unpacking libavahi-client3:amd64 (0.6.32~rc+dfsg-1ubuntu2) ...
Selecting previously unselected package libcups2:amd64.
Preparing to unpack .../libcups2_2.1.3-4_amd64.deb ...
Unpacking libcups2:amd64 (2.1.3-4) ...
Selecting previously unselected package libjpeg8:amd64.
Preparing to unpack .../libjpeg8_8c-2ubuntu8_amd64.deb ...
Unpacking libjpeg8:amd64 (8c-2ubuntu8) ...
Selecting previously unselected package fonts-dejavu-core.
Preparing to unpack .../fonts-dejavu-core_2.35-1_all.deb ...
Unpacking fonts-dejavu-core (2.35-1) ...
Selecting previously unselected package fontconfig-config.
Preparing to unpack .../fontconfig-config_2.11.94-0ubuntu1.1_all.deb ...
Unpacking fontconfig-config (2.11.94-0ubuntu1.1) ...
Selecting previously unselected package libfontconfig1:amd64.
Preparing to unpack .../libfontconfig1_2.11.94-0ubuntu1.1_amd64.deb ...
Unpacking libfontconfig1:amd64 (2.11.94-0ubuntu1.1) ...
Selecting previously unselected package libpcsclite1:amd64.
Preparing to unpack .../libpcsclite1_1.8.14-1ubuntu1.16.04.1_amd64.deb ...
Unpacking libpcsclite1:amd64 (1.8.14-1ubuntu1.16.04.1) ...
Selecting previously unselected package libxi6:amd64.
Preparing to unpack .../libxi6_2%3a1.7.6-1_amd64.deb ...
Unpacking libxi6:amd64 (2:1.7.6-1) ...
Selecting previously unselected package libxrender1:amd64.
Preparing to unpack .../libxrender1_1%3a0.9.9-0ubuntu1_amd64.deb ...
Unpacking libxrender1:amd64 (1:0.9.9-0ubuntu1) ...
Selecting previously unselected package openjdk-8-jre-headless:amd64.
Preparing to unpack .../openjdk-8-jre-headless_8u121-b13-0ubuntu1.16.04.2_amd64.deb ...
Unpacking openjdk-8-jre-headless:amd64 (8u121-b13-0ubuntu1.16.04.2) ...
Selecting previously unselected package puppet-agent.
Preparing to unpack .../puppet-agent_1.9.1-1xenial_amd64.deb ...
Unpacking puppet-agent (1.9.1-1xenial) ...
Selecting previously unselected package puppetserver.
Preparing to unpack .../puppetserver_2.7.2-1puppetlabs1_all.deb ...
Unpacking puppetserver (2.7.2-1puppetlabs1) ...
Processing triggers for libc-bin (2.23-0ubuntu5) ...
Processing triggers for systemd (229-4ubuntu13) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for ca-certificates (20160104ubuntu1) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
Setting up libjpeg-turbo8:amd64 (1.4.2-0ubuntu3) ...
Setting up liblcms2-2:amd64 (2.6-3ubuntu2) ...
Setting up x11-common (1:7.7+13ubuntu3) ...
update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults
Setting up libxtst6:amd64 (2:1.2.2-1) ...
Setting up libnspr4:amd64 (2:4.12-0ubuntu0.16.04.1) ...
Setting up java-common (0.56ubuntu2) ...
Setting up libavahi-common-data:amd64 (0.6.32~rc+dfsg-1ubuntu2) ...
Setting up libavahi-common3:amd64 (0.6.32~rc+dfsg-1ubuntu2) ...
Setting up libavahi-client3:amd64 (0.6.32~rc+dfsg-1ubuntu2) ...
Setting up libcups2:amd64 (2.1.3-4) ...
Setting up libjpeg8:amd64 (8c-2ubuntu8) ...
Setting up fonts-dejavu-core (2.35-1) ...
Setting up fontconfig-config (2.11.94-0ubuntu1.1) ...
Setting up libfontconfig1:amd64 (2.11.94-0ubuntu1.1) ...
Setting up libpcsclite1:amd64 (1.8.14-1ubuntu1.16.04.1) ...
Setting up libxi6:amd64 (2:1.7.6-1) ...
Setting up libxrender1:amd64 (1:0.9.9-0ubuntu1) ...
Setting up puppet-agent (1.9.1-1xenial) ...
Created symlink from /etc/systemd/system/multi-user.target.wants/puppet.service to /lib/systemd/system/puppet.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/mcollective.service to /lib/systemd/system/mcollective.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/pxp-agent.service to /lib/systemd/system/pxp-agent.service.
Removed symlink /etc/systemd/system/multi-user.target.wants/pxp-agent.service.
Setting up libnss3-nssdb (2:3.26.2-0ubuntu0.16.04.2) ...
Setting up libnss3:amd64 (2:3.26.2-0ubuntu0.16.04.2) ...
Setting up ca-certificates-java (20160321) ...
Adding debian:ACEDICOM_Root.pem
Adding debian:ACCVRAIZ1.pem
Adding debian:Equifax_Secure_Global_eBusiness_CA.pem
Adding debian:S-TRUST_Universal_Root_CA.pem
Adding debian:Starfield_Class_2_CA.pem
Adding debian:AC_Raíz_Certicámara_S.A..pem
Adding debian:Starfield_Services_Root_Certificate_Authority_-_G2.pem
Adding debian:SwissSign_Platinum_CA_-_G2.pem
Adding debian:Sonera_Class_1_Root_CA.pem
Adding debian:SwissSign_Silver_CA_-_G2.pem
Adding debian:GeoTrust_Primary_Certification_Authority_-_G2.pem
Adding debian:CA_WoSign_ECC_Root.pem
Adding debian:EE_Certification_Centre_Root_CA.pem
Adding debian:GlobalSign_Root_CA_-_R3.pem
Adding debian:DigiCert_Trusted_Root_G4.pem
Adding debian:TC_TrustCenter_Class_3_CA_II.pem
Adding debian:Staat_der_Nederlanden_EV_Root_CA.pem
Adding debian:S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.pem
Adding debian:DigiCert_Assured_ID_Root_CA.pem
Adding debian:CNNIC_ROOT.pem
Adding debian:Comodo_Secure_Services_root.pem
Adding debian:QuoVadis_Root_CA_3_G3.pem
Adding debian:USERTrust_RSA_Certification_Authority.pem
Adding debian:COMODO_ECC_Certification_Authority.pem
Adding debian:WoSign_China.pem
Adding debian:Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.pem
Adding debian:VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.pem
Adding debian:CA_Disig_Root_R2.pem
Adding debian:OISTE_WISeKey_Global_Root_GA_CA.pem
Adding debian:NetLock_Notary_=Class_A=_Root.pem
Adding debian:Starfield_Root_Certificate_Authority_-_G2.pem
Adding debian:TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H5.pem
Adding debian:Certification_Authority_of_WoSign_G2.pem
Adding debian:COMODO_Certification_Authority.pem
Adding debian:Certum_Trusted_Network_CA.pem
Adding debian:Deutsche_Telekom_Root_CA_2.pem
Adding debian:Izenpe.com.pem
Adding debian:Go_Daddy_Root_Certificate_Authority_-_G2.pem
Adding debian:Equifax_Secure_CA.pem
Adding debian:Atos_TrustedRoot_2011.pem
Adding debian:Entrust_Root_Certification_Authority_-_EC1.pem
Adding debian:Hongkong_Post_Root_CA_1.pem
Adding debian:DST_Root_CA_X3.pem
Adding debian:thawte_Primary_Root_CA_-_G3.pem
Adding debian:VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem
Adding debian:E-Tugra_Certification_Authority.pem
Adding debian:QuoVadis_Root_CA.pem
Adding debian:TeliaSonera_Root_CA_v1.pem
Adding debian:Certinomis_-_Autorité_Racine.pem
Adding debian:AddTrust_External_Root.pem
Adding debian:ePKI_Root_Certification_Authority.pem
Adding debian:USERTrust_ECC_Certification_Authority.pem
Adding debian:Verisign_Class_3_Public_Primary_Certification_Authority.pem
Adding debian:StartCom_Certification_Authority_2.pem
Adding debian:Cybertrust_Global_Root.pem
Adding debian:CFCA_EV_ROOT.pem
Adding debian:Entrust_Root_Certification_Authority_-_G2.pem
Adding debian:QuoVadis_Root_CA_2_G3.pem
Adding debian:Go_Daddy_Class_2_CA.pem
Adding debian:Entrust.net_Premium_2048_Secure_Server_CA.pem
Adding debian:AffirmTrust_Commercial.pem
Adding debian:TURKTRUST_Certificate_Services_Provider_Root_2007.pem
Adding debian:Swisscom_Root_CA_1.pem
Adding debian:GlobalSign_Root_CA.pem
Adding debian:Secure_Global_CA.pem
Adding debian:AddTrust_Low-Value_Services_Root.pem
Adding debian:Baltimore_CyberTrust_Root.pem
Adding debian:Certinomis_-_Root_CA.pem
Adding debian:CA_Disig.pem
Adding debian:Staat_der_Nederlanden_Root_CA.pem
Adding debian:ComSign_CA.pem
Adding debian:GeoTrust_Universal_CA.pem
Adding debian:T-TeleSec_GlobalRoot_Class_2.pem
Adding debian:PSCProcert.pem
Adding debian:T-TeleSec_GlobalRoot_Class_3.pem
Adding debian:certSIGN_ROOT_CA.pem
Adding debian:SecureSign_RootCA11.pem
Adding debian:Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
Adding debian:Security_Communication_RootCA2.pem
Adding debian:QuoVadis_Root_CA_3.pem
Adding debian:Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem
Adding debian:EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
Adding debian:OISTE_WISeKey_Global_Root_GB_CA.pem
Adding debian:StartCom_Certification_Authority.pem
Adding debian:Security_Communication_Root_CA.pem
Adding debian:Equifax_Secure_eBusiness_CA_1.pem
Adding debian:Security_Communication_EV_RootCA1.pem
Adding debian:Comodo_Trusted_Services_root.pem
Adding debian:TWCA_Root_Certification_Authority.pem
Adding debian:UTN_USERFirst_Email_Root_CA.pem
Adding debian:IdenTrust_Commercial_Root_CA_1.pem
Adding debian:Certigna.pem
Adding debian:Global_Chambersign_Root_-_2008.pem
Adding debian:DigiCert_Assured_ID_Root_G3.pem
Adding debian:XRamp_Global_CA_Root.pem
Adding debian:Verisign_Class_1_Public_Primary_Certification_Authority.pem
Adding debian:DigiCert_Global_Root_G2.pem
Adding debian:GlobalSign_Root_CA_-_R2.pem
Adding debian:D-TRUST_Root_Class_3_CA_2_EV_2009.pem
Adding debian:Certplus_Class_2_Primary_CA.pem
Adding debian:Microsec_e-Szigno_Root_CA.pem
Adding debian:Taiwan_GRCA.pem
Adding debian:DST_ACES_CA_X6.pem
Adding debian:NetLock_Express_=Class_C=_Root.pem
Adding debian:AffirmTrust_Premium_ECC.pem
Adding debian:Actalis_Authentication_Root_CA.pem
Adding debian:Staat_der_Nederlanden_Root_CA_-_G2.pem
Adding debian:Microsec_e-Szigno_Root_CA_2009.pem
Adding debian:Camerfirma_Chambers_of_Commerce_Root.pem
Adding debian:Juur-SK.pem
Adding debian:Certum_Root_CA.pem
Adding debian:Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.pem
Adding debian:CA_Disig_Root_R1.pem
Adding debian:QuoVadis_Root_CA_2.pem
Adding debian:QuoVadis_Root_CA_1_G3.pem
Adding debian:Swisscom_Root_CA_2.pem
Adding debian:TWCA_Global_Root_CA.pem
Adding debian:GeoTrust_Primary_Certification_Authority_-_G3.pem
Adding debian:GeoTrust_Global_CA.pem
Adding debian:Visa_eCommerce_Root.pem
Adding debian:TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H6.pem
Adding debian:NetLock_Arany_=Class_Gold=_Főtanúsítvány.pem
Adding debian:Sonera_Class_2_Root_CA.pem
Adding debian:EC-ACC.pem
Adding debian:WoSign.pem
Adding debian:DigiCert_Global_Root_CA.pem
Adding debian:GlobalSign_ECC_Root_CA_-_R4.pem
Adding debian:AddTrust_Qualified_Certificates_Root.pem
Adding debian:D-TRUST_Root_Class_3_CA_2_2009.pem
Adding debian:Swisscom_Root_EV_CA_2.pem
Adding debian:Root_CA_Generalitat_Valenciana.pem
Adding debian:DigiCert_High_Assurance_EV_Root_CA.pem
Adding debian:SecureTrust_CA.pem
Adding debian:AffirmTrust_Premium.pem
Adding debian:China_Internet_Network_Information_Center_EV_Certificates_Root.pem
Adding debian:Comodo_AAA_Services_root.pem
Adding debian:SwissSign_Gold_CA_-_G2.pem
Adding debian:COMODO_RSA_Certification_Authority.pem
Adding debian:ApplicationCA_-_Japanese_Government.pem
Adding debian:GeoTrust_Global_CA_2.pem
Adding debian:GeoTrust_Primary_Certification_Authority.pem
Adding debian:WellsSecure_Public_Root_Certificate_Authority.pem
Adding debian:Camerfirma_Global_Chambersign_Root.pem
Adding debian:TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.pem
Adding debian:NetLock_Qualified_=Class_QA=_Root.pem
Adding debian:Verisign_Class_3_Public_Primary_Certification_Authority_2.pem
Adding debian:DigiCert_Assured_ID_Root_G2.pem
Adding debian:IGC_A.pem
Adding debian:Trustis_FPS_Root_CA.pem
Adding debian:Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.pem
Adding debian:UTN_USERFirst_Hardware_Root_CA.pem
Adding debian:Staat_der_Nederlanden_Root_CA_-_G3.pem
Adding debian:Buypass_Class_2_CA_1.pem
Adding debian:Chambers_of_Commerce_Root_-_2008.pem
Adding debian:GeoTrust_Universal_CA_2.pem
Adding debian:Buypass_Class_3_Root_CA.pem
Adding debian:Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem
Adding debian:Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem
Adding debian:Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem
Adding debian:AffirmTrust_Networking.pem
Adding debian:StartCom_Certification_Authority_G2.pem
Adding debian:thawte_Primary_Root_CA.pem
Adding debian:RSA_Security_2048_v3.pem
Adding debian:NetLock_Business_=Class_B=_Root.pem
Adding debian:GlobalSign_ECC_Root_CA_-_R5.pem
Adding debian:AddTrust_Public_Services_Root.pem
Adding debian:DigiCert_Global_Root_G3.pem
Adding debian:Buypass_Class_2_Root_CA.pem
Adding debian:VeriSign_Universal_Root_Certification_Authority.pem
Adding debian:thawte_Primary_Root_CA_-_G2.pem
Adding debian:IdenTrust_Public_Sector_Root_CA_1.pem
Adding debian:Entrust_Root_Certification_Authority.pem
Adding debian:Network_Solutions_Certificate_Authority.pem
done.
Processing triggers for ca-certificates (20160104ubuntu1) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
done.
Setting up openjdk-8-jre-headless:amd64 (8u121-b13-0ubuntu1.16.04.2) ...
update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/rmid to provide /usr/bin/rmid (rmid) in auto mode
update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java to provide /usr/bin/java (java) in auto mode
update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/keytool to provide /usr/bin/keytool (keytool) in auto mode
update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/jjs to provide /usr/bin/jjs (jjs) in auto mode
update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/pack200 to provide /usr/bin/pack200 (pack200) in auto mode
update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/rmiregistry to provide /usr/bin/rmiregistry (rmiregistry) in auto mode
update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/unpack200 to provide /usr/bin/unpack200 (unpack200) in auto mode
update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/orbd to provide /usr/bin/orbd (orbd) in auto mode
update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/servertool to provide /usr/bin/servertool (servertool) in auto mode
update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/tnameserv to provide /usr/bin/tnameserv (tnameserv) in auto mode
update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/jexec to provide /usr/bin/jexec (jexec) in auto mode
Setting up puppetserver (2.7.2-1puppetlabs1) ...
usermod: no changes
Processing triggers for libc-bin (2.23-0ubuntu5) ...
Processing triggers for systemd (229-4ubuntu13) ...
Processing triggers for ureadahead (0.100.0-19) ...
If required change the memory parameters by opening the file using
$ sudo nano /etc/default/puppetserver
Line to be modified ,
JAVA_ARGS="-Xms2g -Xmx2g -XX:MaxPermSize=256m"
to provide memeory upto 3GB the above line has to be changes as
JAVA_ARGS="-Xms3g -Xmx3g -XX:MaxPermSize=256m"
If firewall rules are enabled open firewall for 8140 port so that the puppet server communicates with the puppet agent,
$ sudo ufw allow 8140
Rules updated
Rules updated (v6)
Configuring puppet server to accept puppet agents
$ sudo vim /etc/puppetlabs/puppet/puppet.conf
$ cat /etc/puppetlabs/puppet/puppet.conf
# This file can be used to override the default puppet settings.
# See the following links for more details on what settings are available:
# - https://docs.puppetlabs.com/puppet/latest/reference/config_important_settings.html
# - https://docs.puppetlabs.com/puppet/latest/reference/config_about_settings.html
# - https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html
# - https://docs.puppetlabs.com/puppet/latest/reference/configuration.html
[master]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
autosign = /etc/puppetlabs/puppet/autosign.conf
$ sudo vim /etc/puppetlabs/puppet/autosign.conf
$ cat /etc/puppetlabs/puppet/autosign.conf
*
# * denotes any node thats requests for certificate is provided with certificate
After all these configuration start the puppet server using the command given below,
$ sudo systemctl start puppetserver
$ sudo systemctl status puppetserver
● puppetserver.service - puppetserver Service
Loaded: loaded (/lib/systemd/system/puppetserver.service; disabled; vendor preset: enabled)
Active: active (running) since Tue 2017-02-14 20:17:41 UTC; 43s ago
Process: 15336 ExecStart=/opt/puppetlabs/server/apps/puppetserver/bin/puppetserver start (code=exited, status=0/SUCCESS)
Main PID: 15348 (java)
Tasks: 28
Memory: 1.0G
CPU: 1min 8.222s
CGroup: /system.slice/puppetserver.service
└─15348 /usr/bin/java -Xms2g -Xmx2g -XX:MaxPermSize=256m -Djava.security.egd=/dev/urandom -XX:OnOutOfMemoryError=kill -9 %p -cp /opt/puppetlabs/serv
Feb 14 20:16:58 goku systemd[1]: Starting puppetserver Service...
Feb 14 20:16:58 goku puppetserver[15336]: OpenJDK 64-Bit Server VM warning: ignoring option MaxPermSize=256m; support was removed in 8.0
Feb 14 20:17:41 goku systemd[1]: Started puppetserver Service.
lines 1-14/14 (END)
Configure service to run on boot,
$ sudo systemctl enable puppetserver
Synchronizing state of puppetserver.service with SysV init with /lib/systemd/systemd-sysv-install...
Executing /lib/systemd/systemd-sysv-install enable puppetserver
Enabling puppet commands involves the following steps,
$ sudo nano /etc/environment
$ cat /etc/environment
PATH="/opt/puppetlabs/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"
$ source /etc/environment
check the installation and configuration by checking the puppet version and puppet server version.
$ puppet --version
4.9.2
$ puppetserver --version
puppetserver version: 2.7.2
Before adding client in puppet server execute the following command,
$ puppet cert list
Notice: Signed certificate request for ca
Installing Puppet Agent (Node 2)
Requirements:
Agent requirements atleast minimum,
Agent requirements atleast minimum,
- 2GB RAM
- 1 CPU Cores
Follow the below commands to install and configure puppet agent,
$ pwd
/home/ubuntu
$ wget https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb
--2017-02-14 20:48:27-- https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb
Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 192.155.89.90, 2600:3c03::f03c:91ff:fedb:6b1d
Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|192.155.89.90|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 13662 (13K) [application/x-debian-package]
Saving to: ‘puppetlabs-release-pc1-xenial.deb’
puppetlabs-release-pc1-xenial.deb 100%[==============================================================================>] 13.34K --.-KB/s in 0s
2017-02-14 20:48:29 (170 MB/s) - ‘puppetlabs-release-pc1-xenial.deb’ saved [13662/13662]
$ sudo dpkg -i puppetlabs-release-pc1-xenial.deb
Selecting previously unselected package puppetlabs-release-pc1.
(Reading database ... 53794 files and directories currently installed.)
Preparing to unpack puppetlabs-release-pc1-xenial.deb ...
Unpacking puppetlabs-release-pc1 (1.1.0-2xenial) ...
Setting up puppetlabs-release-pc1 (1.1.0-2xenial) ...
$ sudo apt-get update
.. ..
.. ..
Fetched 11.2 MB in 5s (1,936 kB/s)
Reading package lists... Done
$ sudo apt-get install puppet-agent
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
puppet-agent
0 upgraded, 1 newly installed, 0 to remove and 88 not upgraded.
Need to get 15.5 MB of archives.
After this operation, 92.2 MB of additional disk space will be used.
Get:1 http://apt.puppetlabs.com xenial/PC1 amd64 puppet-agent amd64 1.9.1-1xenial [15.5 MB]
Fetched 15.5 MB in 8s (1,728 kB/s)
Selecting previously unselected package puppet-agent.
(Reading database ... 53799 files and directories currently installed.)
Preparing to unpack .../puppet-agent_1.9.1-1xenial_amd64.deb ...
Unpacking puppet-agent (1.9.1-1xenial) ...
Processing triggers for libc-bin (2.23-0ubuntu5) ...
Setting up puppet-agent (1.9.1-1xenial) ...
Created symlink from /etc/systemd/system/multi-user.target.wants/puppet.service to /lib/systemd/system/puppet.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/mcollective.service to /lib/systemd/system/mcollective.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/pxp-agent.service to /lib/systemd/system/pxp-agent.service.
Removed symlink /etc/systemd/system/multi-user.target.wants/pxp-agent.service.
Processing triggers for libc-bin (2.23-0ubuntu5) ...
$ sudo vim /etc/puppetlabs/puppet/puppet.conf
$ cat /etc/puppetlabs/puppet/puppet.conf
# This file can be used to override the default puppet settings.
# See the following links for more details on what settings are available:
# - https://docs.puppetlabs.com/puppet/latest/reference/config_important_settings.html
# - https://docs.puppetlabs.com/puppet/latest/reference/config_about_settings.html
# - https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html
# - https://docs.puppetlabs.com/puppet/latest/reference/configuration.html
[main]
certname = <<puppet agent fqdn>>
server = <<puppet server fqdn>>
environment = production
runinterval = 1h
$ sudo systemctl start puppet
$ sudo systemctl enable puppet
$ sudo systemctl status puppet
● puppet.service - Puppet agent
Loaded: loaded (/lib/systemd/system/puppet.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2017-02-14 21:06:24 UTC; 10s ago
Main PID: 2041 (puppet)
Tasks: 2
Memory: 56.9M
CPU: 2.067s
CGroup: /system.slice/puppet.service
└─2041 /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/puppet agent --no-daemonize
Feb 14 21:06:24 agent systemd[1]: Started Puppet agent.
Feb 14 21:06:26 agent puppet-agent[2041]: Starting Puppet client version 4.9.2
Feb 14 21:06:27 agent puppet-agent[2062]: Applied catalog in 0.01 seconds
Test the puppet server agent setup using the following command,
$ puppet agent -t --server <<puppet-server-fqdn>>
Info: Creating a new SSL key for <<puppet-agent-fqdn>>
Info: csr_attributes file loading from /home/ubuntu/.puppetlabs/etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for <<puppet-agent-fqdn>>
Info: Certificate Request fingerprint (SHA256): XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Info: Caching certificate for <<puppet-agent-fqdn>>
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for <<puppet-agent-fqdn>>
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Notice: /File[/home/ubuntu/.puppetlabs/opt/puppet/cache/facts.d]/mode: mode changed '0775' to '0755'
Info: Retrieving plugin
Info: Caching catalog for <<puppet-agent-fqdn>>
Info: Applying configuration version '1487106815'
Info: Creating state file /home/ubuntu/.puppetlabs/opt/puppet/cache/state/state.yaml
Notice: Applied catalog in 0.01 seconds
Trouble Shooting Errors
Error: Could not request certificate: The certificate retrieved from the master does not match the agent's private key.
To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certificate.
On the master: execute in sudo user as well sometimes it will be available there
puppet cert clean <<puppet-agent-fqdn>>
On the agent:
1a. On most platforms: find /home/ubuntu/.puppetlabs/etc/puppet/ssl -name <<puppet-agent-fqdn>>.pem -delete
1b. On Windows: del "\home\ubuntu\.puppetlabs\etc\puppet\ssl\certs\<<puppet-agent-fqdn>>.pem" /f
2. puppet agent -t
