CentOSRHEL Based

How To Install Puppet on CentOS Stream 10

r00t

Install Puppet on CentOS Stream 10

In this tutorial, we will show you how to install Puppet on CentOS Stream 10. Puppet stands as one of the most powerful configuration management tools available today, enabling system administrators to automate deployment, configuration, and management of services across multiple servers simultaneously. By implementing Puppet in your CentOS Stream 10 environment, you can dramatically reduce repetitive tasks, ensure consistency across your infrastructure, and quickly scale your operations. This guide walks you through the complete process of installing and configuring Puppet on CentOS Stream 10, providing you with a solid foundation for infrastructure automation.

Understanding Puppet and Its Benefits

Puppet operates on a client-server architecture where a central Puppet master server manages configurations for multiple agent nodes. The system works through a declarative language that defines the desired state of your infrastructure. When agents connect to the master, they receive instructions (called catalogs) that bring them into compliance with this defined state.

Key advantages of implementing Puppet include:

  • Consistent Configuration: Ensure all systems maintain identical configurations
  • Reduced Manual Intervention: Automation of repetitive system administration tasks
  • Version Control Integration: Track changes to your infrastructure configurations
  • Scalability: Easily manage hundreds or thousands of servers
  • Compliance Management: Maintain and enforce security policies across your infrastructure

Before diving into the installation process, it’s essential to understand the architecture and components that make Puppet function effectively in enterprise environments.

Prerequisites for Puppet Installation

System Requirements

Before beginning the installation, verify your CentOS Stream 10 system meets these minimum requirements:

  • CPU: 2 cores minimum (4+ cores recommended for production)
  • RAM: 4GB minimum (8GB+ recommended for production environments)
  • Disk space: 20GB available storage
  • Full installation of CentOS Stream 10 with the latest updates applied

Network Configuration

Proper network setup is crucial for Puppet’s client-server communication:

  • Configure static IP addresses for both the Puppet server and agent nodes
  • Ensure DNS resolution works correctly between all systems
  • Verify the hostname is properly set and matches DNS records
  • Open port 8140 on the firewall for Puppet communication

Time Synchronization

Time synchronization is critical for Puppet’s certificate management system:

# Install chrony for time synchronization
sudo dnf install chrony -y

# Enable and start the chrony service
sudo systemctl enable chronyd
sudo systemctl start chronyd

# Verify time synchronization
chronyc sources

Properly synchronized time prevents certificate validation issues that can break your Puppet infrastructure.

Understanding Puppet Architecture

Master-Agent Model

Puppet typically operates in a master-agent model:

  • Puppet Server (Master): Central server that maintains configuration data and provides catalogs to agents
  • Puppet Agents: Nodes that apply configurations received from the master
  • Catalog: Compiled configuration document that tells agents what resources to manage
  • Certificate Authority: Built into the Puppet server for secure communication between master and agents

Communication Flow

  1. Agents send facts (system information) to the master
  2. Master compiles a catalog based on these facts and defined manifests
  3. Agents apply the catalog to bring systems into the desired state
  4. Agents report back to the master about any changes made

This secure communication requires SSL certificates, which are automatically generated and managed through Puppet’s built-in certificate authority.

Preparing the System for Puppet Installation

Updating the System

Always start with a fully updated system:

# Update all packages
sudo dnf update -y

# Install supporting packages
sudo dnf install wget curl vim -y

Configuring Firewall Settings

Configure the firewall to allow Puppet communication:

# Install firewalld if not already installed
sudo dnf install firewalld -y

# Enable and start firewalld
sudo systemctl enable firewalld
sudo systemctl start firewalld

# Open port 8140 for Puppet
sudo firewall-cmd --permanent --add-port=8140/tcp
sudo firewall-cmd --reload

Setting Up Hosts File

Ensure proper name resolution between your Puppet server and agent nodes:

# Edit the hosts file
sudo nano /etc/hosts

# Add entries for Puppet server and agents
192.168.1.10 puppet-server.example.com puppet-server
192.168.1.11 puppet-agent1.example.com puppet-agent1
192.168.1.12 puppet-agent2.example.com puppet-agent2

Configuring Hostname

Set a meaningful, fully-qualified domain name for your Puppet server:

# Set hostname for the Puppet server
sudo hostnamectl set-hostname puppet-server.example.com

# Verify the hostname
hostname -f

A properly configured hostname enhances certificate management and simplifies agent configuration.

Installing Puppet Server

Adding Puppet Repository

First, add the official Puppet repository to your system:

# Download and install the Puppet repository package
sudo rpm -Uvh https://yum.puppet.com/puppet8-release-el-9.noarch.rpm

While the above repository is for EL8-based systems, it can often work with CentOS Stream 10 with proper adjustments. If you encounter issues, check Puppet’s official documentation for the latest repository information.

Installing Puppet Server Package

Install the Puppet server package:

# Install the Puppet server
sudo dnf install puppetserver -y

# Verify installation
rpm -qi puppetserver

The server installation includes the agent packages, so your master will also function as a Puppet agent.

Initial Server Configuration

Configure memory allocation for the Puppet server:

# Edit the Puppet server configuration
sudo nano /etc/sysconfig/puppetserver

Locate the JAVA_ARGS line and adjust memory settings based on your available resources:

# For systems with 4GB RAM
JAVA_ARGS="-Xms512m -Xmx1g"

# For systems with 8GB+ RAM
JAVA_ARGS="-Xms2g -Xmx2g"

Memory allocation is crucial for Puppet server performance, especially in environments with many nodes.

Installing Puppet Agent

Adding Repository on Agent Nodes

On each agent node, add the Puppet repository:

# Download and install the Puppet repository package
sudo rpm -Uvh https://yum.puppet.com/puppet7-release-el-9.noarch.rpm

Installing Puppet Agent Package

Install the Puppet agent software:

# Install the Puppet agent
sudo dnf install puppet-agent -y

# Verify installation
rpm -qi puppet-agent

Basic Agent Configuration

Configure the agent to recognize the Puppet server:

# Edit the Puppet configuration file
sudo nano /etc/puppetlabs/puppet/puppet.conf

Add the server information:

[main]
server = puppet-server.example.com
runinterval = 1800

This configuration directs the agent to connect to your Puppet server and run every 30 minutes (1800 seconds).

Configuring Puppet Server

Main Configuration File

Edit the main Puppet configuration file:

# Edit puppet.conf on the server
sudo nano /etc/puppetlabs/puppet/puppet.conf

Add basic server settings:

[server]
dns_alt_names = puppet,puppet-server,puppet-server.example.com

[main]
certname = puppet-server.example.com
server = puppet-server.example.com
environment = production
runinterval = 1800

[agent]
server = puppet-server.example.com

Environment Configuration

Set up the production environment directory structure:

# Create directories for the production environment
sudo mkdir -p /etc/puppetlabs/code/environments/production/{manifests,modules,data}
sudo chown -R puppet:puppet /etc/puppetlabs/code/environments/production

This establishes the directory structure for your Puppet code, following the recommended organization pattern.

Memory and Performance Tuning

For optimal performance, adjust JVM garbage collection settings:

# Edit the server configuration
sudo nano /etc/sysconfig/puppetserver

Add these advanced JVM settings:

JAVA_ARGS="$JAVA_ARGS -XX:+UseG1GC -XX:MaxGCPauseMillis=200"

These settings help manage memory more efficiently, especially important for larger deployments.

Certificate Management

Understanding Puppet’s PKI Infrastructure

Puppet uses Public Key Infrastructure (PKI) to secure communication between server and agents. Each node has its own certificate that must be signed by the Puppet CA.

Starting the Puppet Server

Start and enable the Puppet server service:

# Start and enable the Puppet server
sudo systemctl start puppetserver
sudo systemctl enable puppetserver

# Check the status
sudo systemctl status puppetserver

The first startup may take several minutes as Puppet generates its CA certificates.

Signing Agent Certificates

When an agent first connects to the Puppet server, it generates a certificate signing request (CSR). On the Puppet server, view and sign these requests:

# List certificate requests
sudo /opt/puppetlabs/bin/puppetserver ca list

# Sign a specific certificate
sudo /opt/puppetlabs/bin/puppetserver ca sign --certname puppet-agent1.example.com

# Sign all pending certificates
sudo /opt/puppetlabs/bin/puppetserver ca sign --all

Automating Certificate Signing

For large deployments, consider autosigning certificates:

# Create an autosign configuration
sudo nano /etc/puppetlabs/puppet/autosign.conf

Add trusted domain patterns:

*.example.com

Be cautious with autosigning as it reduces security. In production environments, consider policy-based autosigning instead.

Creating and Testing Basic Manifests

Creating a Simple Manifest

Create a basic manifest to test your setup:

# Create a site.pp manifest
sudo nano /etc/puppetlabs/code/environments/production/manifests/site.pp

Add a simple configuration:

node default {
  file { '/tmp/puppet_test':
    ensure  => file,
    content => "Puppet is working!\n",
    mode    => '0644',
  }
}

Testing the Manifest

On your agent node, run Puppet to apply the configuration:

# Run Puppet in test mode first
sudo /opt/puppetlabs/bin/puppet agent --test

# If successful, enable and start the agent service
sudo systemctl enable puppet
sudo systemctl start puppet

Verifying Changes

Check that the test file was created:

# Check the test file content
cat /tmp/puppet_test

If the file exists with the correct content, your Puppet infrastructure is working correctly.

Puppet Modules

Understanding Puppet Modules

Modules are reusable, shareable collections of Puppet code and data. They simplify management of specific software or system configurations.

Installing Modules from Puppet Forge

Puppet Forge is a repository of pre-built modules:

# Install a module for managing NTP
sudo /opt/puppetlabs/bin/puppet module install puppetlabs-ntp

# Install Apache module
sudo /opt/puppetlabs/bin/puppet module install puppetlabs-apache

Creating a Basic Custom Module

Create your own module structure:

# Create a module directory structure
sudo mkdir -p /etc/puppetlabs/code/environments/production/modules/mymodule/{manifests,files,templates,examples}

Create a simple class:

# Create the init.pp file for your module
sudo nano /etc/puppetlabs/code/environments/production/modules/mymodule/manifests/init.pp

Add basic class content:

class mymodule {
  notify { 'My module is working!': }
  
  file { '/etc/motd':
    ensure  => file,
    content => "Managed by Puppet\n",
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
  }
}

Advanced Configuration

Hiera Integration

Hiera separates data from code in your Puppet environment:

# Create a basic Hiera configuration
sudo nano /etc/puppetlabs/puppet/hiera.yaml

Configure the hierarchy:

---
version: 5
defaults:
  datadir: data
  data_hash: yaml_data
hierarchy:
  - name: "Node-specific data"
    path: "nodes/%{::trusted.certname}.yaml"
  - name: "Common data"
    path: "common.yaml"

Create sample data:

# Create common data file
sudo nano /etc/puppetlabs/code/environments/production/data/common.yaml

Add sample data:

---
message: "This is a message from Hiera"

Using External Facts

Create custom facts to enhance your Puppet configurations:

# Create a directory for external facts
sudo mkdir -p /etc/puppetlabs/facter/facts.d

# Create a simple fact
sudo nano /etc/puppetlabs/facter/facts.d/custom_facts.txt

Add custom fact data:

environment=production
role=webserver

Node Classification

Edit the site.pp manifest to classify nodes:

# Edit the site.pp file
sudo nano /etc/puppetlabs/code/environments/production/manifests/site.pp

Add node definitions:

node 'puppet-agent1.example.com' {
  include mymodule
  include apache
}

node 'puppet-agent2.example.com' {
  include mymodule
  include mysql::server
}

Common Troubleshooting

Certificate Issues

If you encounter certificate problems:

# On the agent, remove existing certificates
sudo rm -rf /etc/puppetlabs/puppet/ssl

# On the server, revoke and clean the certificate
sudo /opt/puppetlabs/bin/puppetserver ca clean --certname puppet-agent1.example.com

Then run the agent again to generate a new certificate request.

Connection Problems

Test basic connectivity:

# Test TCP connection to Puppet server
nc -zv puppet-server.example.com 8140

# Check DNS resolution
dig puppet-server.example.com

Manifest Failures

Debug manifest issues:

# Run Puppet in debug mode
sudo /opt/puppetlabs/bin/puppet agent --test --debug

Log Analysis

Review Puppet logs for errors:

# View Puppet server logs
sudo tail -f /var/log/puppetlabs/puppetserver/puppetserver.log

# View agent logs
sudo tail -f /var/log/puppetlabs/puppet/puppet.log

Congratulations! You have successfully installed Puppet. Thanks for using this tutorial for installing Puppet in the CentOS Stream 10 system. For additional help or useful information, we recommend you check the official Puppet website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2025 idroot.us | All Rights Reserved | Follow us for more Linux tutorials!
Back to top button