DeskTux

Linux on Desktops

User Tools

Site Tools

Trace:
apps:puppet

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
apps:puppet [2019-08-11 07:13] – [Manifests] Fix link jensapps:puppet [2024-05-20 10:15] (current) – [Connecting] Syntax jens
Line 4: Line 4:
 Somehow, I could not find very many or good manuals on how to set up your own (basic) Puppet server on Debian, so I decided to write my own. Somehow, I could not find very many or good manuals on how to set up your own (basic) Puppet server on Debian, so I decided to write my own.
  
-==== Installation & Configuration ==== +===== Installation & Configuration ===== 
-The installation in Debian (10 or later) is -- as always in Debian -- straight forward. Just run an +The installation in Debian is -- as always in Debian -- straight forward. Just run an 
- +<code bash> 
-  apt install puppet puppet-master vim-puppet+apt install puppet-agent puppetserver vim-puppet 
 +</code>
      
-That last package is not really needed but comes in really handy when editing your Puppet manifests in vim and you want syntax highlighting. While this would be more needed on a [[git]] client it also is nice to have on the Puppet master.+That last package is not really needed but comes in really handy when editing your Puppet manifests in vim and you want syntax highlighting. While this would be more needed on a [[:apps:git|git]] client it also is nice to have on the Puppet server.
  
 As for the main configuration file ''/etc/puppet/puppet.conf'' I leave the Debian standard for what it is. As for the main configuration file ''/etc/puppet/puppet.conf'' I leave the Debian standard for what it is.
  
-==== Manifests ====+===== Manifests =====
 Your manifests should be in ''/etc/puppet/code/'' and the basic structure looks like this: Your manifests should be in ''/etc/puppet/code/'' and the basic structure looks like this:
  
Line 55: Line 56:
 Of course, before testing your code, you should first run it through ''puppet parser validate'' and ''puppet-lint''. However, this is not a Puppet code manual, you should check their [[https://puppet.com/docs|excellent documentation]] for that. Of course, before testing your code, you should first run it through ''puppet parser validate'' and ''puppet-lint''. However, this is not a Puppet code manual, you should check their [[https://puppet.com/docs|excellent documentation]] for that.
  
-==== Connecting Clients ==== +====Clients ===== 
-Of course, your Puppet master will be useless if it only manages itself. To connect clients to your Puppet master, make sure it is reachable on port 8140/TCP (both IPv4 and IPv6 work).+==== Connecting ==== 
 +Of course, your Puppet server will be useless if it only manages itself. To connect clients to your Puppet server, make sure it is reachable on port 8140/TCP (both IPv4 and IPv6 work).
  
-On the client, install Puppet by running ''apt install puppet'' (and enable it in systemctl, or write a manifest for that ;-)). Then edit the ''/etc/puppet/puppet.conf'' and add this section:+On the client, install Puppet by running ''apt install puppet-agent'' (and enable it in systemctl, or write a manifest for that ;-)). Then edit the ''/etc/puppet/puppet.conf'' and add this section:
  
-<code>+<code ini>
 [agent] [agent]
 server = your.puppet.server server = your.puppet.server
 </code> </code>
  
-Afterwards, run ''puppet agent -t''. This will create a certificate request on the Puppet master. There, run ''puppet cert list''((That might yield a warning that this is deprecated, but for now that is still the way to go.)) and you will get an output similar to this((In case you run full IPv6, there might also be a warning on routing issues, just ignore that. It is a bug.)): +Afterwards, run ''puppet agent -t''. This will create a certificate request on the Puppet server. There, run ''puppetserver ca list'' and you will get an output similar to this: 
- +<code bash
-<code> +root@puppet:~ # puppetserver ca list
-root@puppet:~ # puppet cert list+
   "client.system.tld" (SHA256) 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF   "client.system.tld" (SHA256) 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF
 </code> </code>
  
-To accept that certificate just run ''puppet cert sign client.system.tld'' and you are good to go. From now on, that system will be managed by your Puppet master. To test this you can run a ''puppet agent -t'' on the client.+To accept that certificate just run 
 + 
 +  puppetserver ca sign --certname <client.system.tld
 + 
 +and you are good to go. From now on, that system will be managed by your Puppet server. To test this you can run a ''puppet agent -t'' on the client. 
 + 
 +==== Removing ==== 
 +In case you need to remove (decommission) a client, you can list all available certificates with  
 + 
 +  puppetserver ca list --all 
 + 
 +and then 
 + 
 +  puppetserver ca clean --certname <client.name.tld> 
 +   
 +Don't forget to remove that client from backup and monitoring ;-)
  
-=== Removing clients === +====== What next? ====== 
-In case you need to remove (decommission) a client, you can list all available certificates with ''puppet cert list -a'' and then ''puppet cert clean <client.name.tld>''. Don't forget to remove that client from backup and monitoring ;-)+Now, it might be a good idea to manage your Puppet code from your workstation using [[git]]. That way you do not need to log in to the Puppet server all the time to make changes to your code as root.
  
-===== And now? ===== +~~DISCUSSION~~
-Now, it might be a good idea to manage your Puppet code from your workstation using [[git]]. That way you do not need to log in to the Puppet master all the time to make changes to your code as root.+
apps/puppet.1565507632.txt.gz · Last modified: 2019-08-11 07:13 by jens