Puppet - Master
In Puppet, the client server architecture of Puppet master is considered as the controlling authority of the entire setup. Puppet master acts as the server in the setup and controls all the activities on all the nodes.
For any server which needs to act as Puppet master, it should have Puppet server software running. This server software is the key component of controlling all the activities on nodes. In this setup, one key point to remember is to have a super user access to all the machines that one is going to use in the setup. Following are the steps to setup Puppet master.
Prerequisites
Private Network DNS − Forward and backward should be configured, wherein each server should have a unique hostname. If one does not have the DNS configured, then one can use a private network for communication with the infrastructure.
Firewall Open Port − Puppet master should be open on a particular port so that it can listen to the incoming requests on a particular port. We can use any port which is open on the firewall.
Creating Puppet Master Server
Puppet master that we are creating is going to be on CentOS 7 × 64 machine using Puppet as the host name. The minimum system configuration for the creation of Puppet master is two CPU core and 1GB of memory. Configuration may have bigger size as well depending on the number of nodes we are going to manage with this master. In the infrastructure, is bigger than it is configured using 2 GB RAM.
| Host Name |
Role |
Private FQDN |
| Brcleprod001 |
Puppet master |
bnrcleprod001.brcl.com |
Next, one needs to generate Puppet master SSL certificate and the name of the master machine will be copied in the configuration file of all the nodes.
Installing NTP
Since Puppet master is the central authority for agent nodes in any given setup, it is one of the key responsibility of the Puppet master to maintain accurate system time to avoid potential configuration problems, which can arise when it issues agent certificates to nodes.
If the time conflict issue arises, then certificates can appear expired if there are time discrepancies between the master and the node. Network time protocol is one of the key mechanisms to avoid such kind of problems.
Listing Available Time Zones
$ timedatectl list-timezones
The above command will provide a whole list of available time zones. It will provide regions with time zone availability.
Following command can be used to set the required time zone on the machine.
$ sudo timedatectl set-timezone India/Delhi
Install NTP on the Puppet server machine using the yum utility of CentOS machine.
$ sudo yum -y install ntp
Sync NTP with the system time which we have set in the above commands.
$ sudo ntpdate pool.ntp.org
In common practice, we will update the NTP configuration to use common pools which is available nearer to the machine datacenters. For this, we need to edit ntp.conf file under /etc.
$ sudo vi /etc/ntp.conf
Add the time server from the NTP pool time zones available. Following is how the ntp.conf file looks like.
brcleprod001.brcl.pool.ntp.org
brcleprod002.brcl.pool.ntp.org
brcleprod003.brcl.pool.ntp.org
brcleprod004.brcl.pool.ntp.org
Save the configuration. Start the server and enable the daemon.
$ sudo systemctl restart ntpd
$ sudo systemctl enable ntpd
Setup Puppet Server Software
Puppet server software is a software which runs on the Puppet master machine. It is the machine which pushes configurations to other machines running the Puppet agent software.
Enable official Puppet labs collection repository using the following command.
$ sudo rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-el7.noarch.rpm
Install puppetserver package.
$ sudo yum -y install puppetserver
Configure Memory Allocation on the Puppet Server
As we have discussed, by default, the Puppet server gets configured on 2GB RAM machine. One can customize the setup according to the free memory available on the machine and how many nodes the server will manage.
Edit the puppet server configuration on the vi mode
$ sudo vi /etc/sysconfig/puppetserver
Find the JAVA_ARGS and use the –Xms and –Xms options to set the memory allocation.
We will allocate 3GB of space
JAVA_ARGS="-Xms3g -Xmx3g"
Once done, save and exit from the edit mode.
After all the above setup is complete, we are ready to start the Puppet server on the master machine with the following command.
$ sudo systemctl start puppetserver
Next, we will do the setup so that the puppet server starts whenever the master server boots.
$ sudo systemctl enable puppetserver
Puppet.conf Master Section
[master]
autosign = $confdir/autosign.conf { mode = 664 }
reports = foreman
external_nodes = /etc/puppet/node.rb
node_terminus = exec
ca = true
ssldir = /var/lib/puppet/ssl
certname = sat6.example.com
strict_variables = false
manifest =
/etc/puppet/environments/$environment/manifests/site.pp
modulepath = /etc/puppet/environments/$environment/modules
config_version =
