Configuring Puppet Server 1

Setting up Puppet Server and PuppetDB

So, I was planning on doing a blog post on setting up Puppet Server and PuppetDB on separate servers, with r10k and Hiera. The blog got a bit too large, so I decided to split it up into a three-part blog series.

I should probably note that this series is targeted towards users of Puppet Open Source and there is an expectation the readers are somewhat familiar with the Bash CLI and basic Linux Admin.

Today, I will be focusing on setting up Puppet Server and PuppetDB on separate servers using the puppetlabs-puppetdb Puppet Module. With blogs on r10k and Hiera to come as parts 2 and 3 respectively.

Today I will walk you through the steps that I learned to build and (mostly) automate the installation and setup of an Open Source Puppet Server, with PuppetDB. The process will be done using Puppet Platform 5.x and RedHat/CentOS 7.x (though the step should mostly apply to any supported OS). We will also be using two servers:

Pre-Install steps

Setting up Puppet Server

So the first thing to do on our server that will act as the Puppet Server is install the Puppet Platform 5.x repo, the puppetserver and git packages and start the service:

sudo yum install https://yum.puppetlabs.com/puppet5/puppet5-release-el-7.noarch.rpm
sudo yum install -y puppetserver git

The next step is to fine tune the Java memory settings for the Puppet Server to what your server needs. You’ll need to update the /etc/sysconfig/puppetserver file and edit the following line:

JAVA_ARGS="-Xms2g -Xmx2g"

Set those values to whatever best suites your server (mine is currently set to the default 2G for 2 GB RAM).

Next step will be to start the service:

sudo systemctl start puppetserver
sudo systemctl enable puppetserver

Run puppet agent -t --noop to verify that the puppet agent can connect to the local puppet server.

Install/Setup the Puppet Agent on the PuppetDB Server

Now log into you PuppetDB server. It should just be a base CentOS installation at this point.

Install the Puppet Platform 5.x repo using the same command from the Puppet Server installation, then install the puppet-agent package (This was installed as a dependency during the Puppet Server install).

sudo yum install https://yum.puppetlabs.com/puppet5/puppet5-release-el-7.noarch.rpm
sudo yum install -y puppet-agent

Next, modify the /etc/puppetlabs/puppet/puppet.conf file with the following contents:

[main]
certname = puppetdb.local

[agent]
server = puppetserver.local

Replace the certname value with the fqdn of the PuppetDB server and the server value with the fqdn or hostname of your Puppet Server as found in DNS or the /etc/hosts file.

Once this is complete, run the Puppet Agent on the PuppetDB server:

sudo puppet agent -t

Then log switch back to the Puppet Server and run:

sudo puppet cert sign puppetdb.local

replace puppetdb.local with the value you placed in the certname setting on the PuppetDB.

Now, run sudo puppet agent -t again on the PuppetDB server to complete the agent setup.

Install the relevent Puppet Modules and code to setup PuppetDB

NOTE: You can setup PuppetDB via Puppet Module, Manually with Packages, or from source. I am only covering the Puppet Module method. For other methods see the PuppetDB Installation Docs

Next step will be to install the puppetlabs-puppetdb module into your Puppet Server’s production environment. Normally I would do this using r10k, but that will be covered in a future blog post.

To install the module, run the following command on the Puppet Server VM:

sudo puppet module install puppetlabs-puppetdb --environment production

Next, cd into the puppet production environment (on the Puppet Server) and open the site.pp file for editing:

cd /etc/puppetlabs/code/environments/production
sudo vim site.pp

Add the following code to it:

node 'puppetserver.local' {
  class { '::puppetdb::master::config':
    puppetdb_server => 'puppetdb.local',
  }  
}

node 'puppetdb.local' {
  class { '::puppetdb':
    ssl_listen_address   => 'puppetdb.local',
    open_ssl_listen_port => true,
    postgres_version     => '9.6',
  }
}

node default {}

Where the node names match whatever your Puppet Server and PuppetDB certnames are. By default Puppet defaults to the FQDN, followed by the Hostname if no certname is manually set in the /etc/puppetlabs/puppet/puppet.conf file.

Once you have done that, you’re all set. Run the following command on both servers:

sudo puppet agent -t

Make sure to run it on the PuppetDB server first as it will install PostgreSQL and PuppetDB, setup the Database and IPTables, then start both the postgresql and puppetdb services.

Then run it on the Puppet Server, where it will install the new puppetdb-related packages and setup the config to connect to PuppetDB.

That’s it. Run the Puppet Agent command once more on each system to ensure that everything is running correctly (It should not show any errors or changes at this point).

Extra Notes

Resources