Puppet is a software configuration management tool which includes its own declarative language to describe system configuration. It is a model-driven solution that requires limited programming knowledge to use.
Puppet master is a Ruby application that compiles configurations for any number of Puppet agent nodes, using Puppet code and various other data sources. (For more info, see Overview of Puppet’s Architecture.)
Puppet Server is an application that runs on the Java Virtual Machine (JVM) and provides the same services as the classic Puppet master application. It mostly does this by running the existing Puppet master code in several JRuby interpreters, but it replaces some parts of the classic application with new services written in Clojure.
Puppet Server is one of two recommended ways to run the Puppet master service; the other is a Rack server. Today they’re mostly equivalent — Puppet Server is easier to set up and performs better under heavy loads, but they provide the same services. In the future, Puppet Server’s features will further surpass the Rack Puppet master, and we plan to eventually disable Rack support.
Note: Puppet Enterprise 3.7 and later use Puppet Server by default. You do not need to manually install or configure it.
A module is a collection of manifests and data (such as facts, files and templates) that have a specific directory structure. Modules are useful to organize your Puppet code because you can split your code into multiple manifests. It is recommended to use modules to organize almost all Puppet manifests.
To add a module to Puppet, place it in the /usr/share/puppet/modules directory.
cat /usr/share/puppet/modules/module_test/manifests/init.pp
class module_test {
file {'/etc/module_test':
content => "This is a sample Puppet module",
}
}
cat /etc/puppet/code/environments/production/manifests/nodes.pp
node default { }
node 'sles2.a-eon.tld' {
include module_test
}
Puppet server installation (Debian Trixie/Sid PPC64):
Output:
Code: Select all
Setting up puppetserver (7.9.5-2) ...
puppetserver.service is a disabled or a static unit, not starting it.
Output:
Code: Select all
# puppet config set environment production --section server
Code: Select all
# puppet config set server debian-ppc64.a-eon.tld --section server
Code: Select all
# puppet config set ca_server debian-ppc64.a-eon.tld
Output:
Code: Select all
[main]
[server]
environment = production
server = debian-ppc64.a-eon.tld
ca_server = debian-ppc64.a-eon.tld
Output:
Code: Select all
###########################################
# Init settings for puppetserver
###########################################
# Modify this if you'd like to change the memory allocation, enable JMX, etc
JAVA_ARGS="-Xms1g -Xmx1g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"
# Modify this as you would JAVA_ARGS but for non-service related subcommands
JAVA_ARGS_CLI="${JAVA_ARGS_CLI:-}"
# Modify this if you'd like TrapperKeeper specific arguments
TK_ARGS=""
# These normally shouldn't need to be edited
INSTALL_DIR="/usr/share/puppetserver"
CONFIG="/etc/puppet/puppetserver/conf.d"
BOOTSTRAP_CONFIG="/etc/puppet/puppetserver/services.d"
Output:
Code: Select all
● puppetserver.service - Puppet Server
Loaded: loaded (/lib/systemd/system/puppetserver.service; disabled; preset: enabled)
Active: active (running) since Sun 2023-09-10 16:40:58 CEST; 55s ago
Docs: https://puppet.com/docs/puppet/latest/server/about_server.html
Process: 6710 ExecStartPre=sh -c echo -n 0 > ${RUNTIME_DIRECTORY}/restart (code=exited, status=0/SUCCESS)
Process: 6713 ExecStartPost=sh -c while ! head -c1 ${RUNTIME_DIRECTORY}/restart | grep -q '^1'; do kill -0 $MAINPID && sleep 1 || exit 1; done (code=exit>
Main PID: 6712 (java)
CPU: 6min 6.565s
CGroup: /system.slice/puppetserver.service
└─6712 /usr/bin/java -Xms1g -Xmx1g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger -Djruby.lib=/usr/share/jruby/lib -XX:+Crash>
Sep 10 16:37:27 debian-ppc64.a-eon.tld systemd[1]: Starting puppetserver.service - Puppet Server...
Sep 10 16:39:36 debian-ppc64.a-eon.tld java[6712]: OpenJDK 64-Bit Server VM warning: You have loaded library /usr/lib/powerpc64-linux-gnu/jni/libjffi-1.2.so >
Sep 10 16:39:36 debian-ppc64.a-eon.tld java[6712]: It's highly recommended that you fix the library with 'execstack -c <libfile>', or link it with '-z noexec>
Sep 10 16:40:58 debian-ppc64.a-eon.tld systemd[1]: Started puppetserver.service - Puppet Server.
Puppet agent (client) installation (SLES 15 SP2 x86_64):
Old agent:
Code: Select all
sudo zypper addrepo https://download.opensuse.org/repositories/home:steffens:lvermgeo:server/SLE_15_SP2/home:steffens:lvermgeo:server.repo
Code: Select all
sudo zypper addrepo https://download.opensuse.org/repositories/home:s_liehmann/SLE_15_SP2/home:s_liehmann.repo
New agent:
puppet-agent-7.26.0-1.sles15.x86_64.rpm
For Debian agent (client):
apt install puppet
Code: Select all
# puppet config set server debian-ppc64.a-eon.tld --section agent
Code: Select all
# puppet config set ca_server debian-ppc64.a-eon.tld --section agent
Code: Select all
# puppet config set runinterval 5m --section agent
Code: Select all
# cat /etc/puppetlabs/puppet/puppet.conf
Output:
Code: Select all
[agent]
server = debian-ppc64.a-eon.tld
ca_server = debian-ppc64.a-eon.tld
runinterval = 5m
Output:
Code: Select all
192.168.178.130 debian-ppc64.a-eon.tld debian-ppc64
192.168.178.64 sles.a-eon.tld sles
Output:
Code: Select all
Info: Creating a new RSA SSL key for sles.a-eon.tld
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for sles.a-eon.tld
Info: Certificate Request fingerprint (SHA256): 7A:17:B5:1F:4A:7C:44:5C:4B:E1:F8:38:F7:34:57:BA:31:71:CC:9F:65:A0:EC:69:EA:7E:BA:4A:43:23:22:29
Info: Certificate for sles.a-eon.tld has not been signed yet
For the Debian agent:
Code: Select all
Info: Creating a new SSL key for rodc.a-eon.tld
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for rodc.a-eon.tld
Info: Certificate Request fingerprint (SHA256): 27:89:CE:37:27:04:4E:A4:23:40:E2:37:17:71:40:E4:6E:1C:75:FC:0E:7B:5D:D7:83:7D:95:EF:B9:22:DC:0D
Info: Caching certificate for ca
Back to Puppet server (Debian Trixie/Sid PPC64):
Output:
Code: Select all
Requested Certificates:
sles.a-eon.tld (SHA256) 7A:17:B5:1F:4A:7C:44:5C:4B:E1:F8:38:F7:34:57:BA:31:71:CC:9F:65:A0:EC:69:EA:7E:BA:4A:43:23:22:29
Signed Certificates:
debian-ppc64.a-eon.tld (SHA256) 89:03:BB:32:16:30:DF:E8:D7:AF:2A:4C:D9:60:45:27:EA:E3:35:38:96:51:7A:A0:9F:7C:04:04:73:63:7C:E9 alt names: ["DNS:puppet-server", "DNS:debian-ppc64.a-eon.tld", "DNS:debian-ppc64.a-eon.tld"] authorization extensions: [pp_cli_auth: true]
rodc.a-eon.tld (SHA256) 7E:8F:31:4E:BA:BF:6D:57:D2:BB:7A:B0:CD:51:EF:E1:B8:2A:B0:F3:1E:5E:2C:BC:06:97:CB:69:3A:29:5C:D5 alt names: ["DNS:rodc.a-eon.tld"]
Code: Select all
# puppetserver ca sign --certname sles.a-eon.tld
Output:
Code: Select all
Successfully signed certificate request for sles.a-eon.tld