DeskTux

Linux on Desktops

User Tools

Site Tools


apps:puppet

This is an old revision of the document!


Puppet

Even if you manage just a handful or two of servers, Puppet can already help you to save loads of time and ensures all your systems run in the desired state.

Somehow, I could not find very many or good manuals on how to set up your own (basic) Puppet server on Debian, so I decided to write my own.

Installation & Configuration

The installation in Debian (10 or later) is – as always in Debian – straight forward. Just run an

apt install puppet puppet-master vim-puppet

That last package is not really needed but comes in really handy when editing your Puppet manifests in vim and you want syntax highlighting. While this would be more needed on a git client it also is nice to have on the Puppet master.

As for the main configuration file /etc/puppet/puppet.conf I leave the Debian standard for what it is.

Manifests

Your manifests should be in /etc/puppet/code/ and the basic structure looks like this:

/etc/puppet/code
            ├── environments
            │   └── production
            │       └── manifests
            └── modules
                ├── module1
                │   ├── examples
                │   ├── files
                │   └── manifests
                ├── module2
                │   ├── examples
                │   ├── files
                │   └── manifests
                └── moduleX
                    ├── examples
                    ├── files
                    └── manifests

Each manifests directory contains at least your init.pp and possibly other Puppet files, except the environment manifest. The /etc/puppet/code/environments/production/manifests/site.pp very basically looks like this:

# DeskTux main Puppet Configuration
include module1
include module2
include moduleX

In the modules, the files directory is not necessary unless you have files to manage and the examples directory should contain a basic init.pp that looks like this:

include moduleX

That way, you can easily test the code of that module by using puppet apply -t init.pp.

Of course, before testing your code, you should first run it through puppet parser validate and puppet-lint. However, this is not a Puppet code manual, you should check their excellent documentation for that.

Connecting Clients

Of course, your Puppet master will be useless if it only manages itself. To connect clients to your Puppet master, make sure it is reachable on port 8140/TCP (both IPv4 and IPv6 work).

On the client, install Puppet by running apt install puppet (and enable it in systemctl, or write a manifest for that ;-)). Then edit the /etc/puppet/puppet.conf and add this section:

[agent]
server = your.puppet.server

Afterwards, run puppet agent -t. This will create a certificate request on the Puppet master. There, run puppet cert list1) and you will get an output similar to this2):

root@puppet:~ # puppet cert list
  "client.system.tld" (SHA256) 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF

To accept that certificate just run puppet cert sign client.system.tld and you are good to go. From now on, that system will be managed by your Puppet master. To test this you can run a puppet agent -t on the client.

Removing clients

In case you need to remove (decommission) a client, you can list all available certificates with puppet cert list -a and then puppet cert clean <client.name.tld>. Don't forget to remove that client from backup and monitoring ;-)

And now?

Now, it might be a good idea to manage your Puppet code from your workstation using git. That way you do not need to log in to the Puppet master all the time to make changes to your code as root.

1)
That might yield a warning that this is deprecated, but for now that is still the way to go.
2)
In case you run full IPv6, there might also be a warning on routing issues, just ignore that. It is a bug.
apps/puppet.1565464833.txt.gz · Last modified: 2019-08-10 21:20 by jens