Arch Linux BasedManjaro

How To Install Puppet on Manjaro

r00t

Install Puppet on Manjaro

Puppet stands as one of the most powerful configuration management tools available for Linux systems today. For Manjaro users seeking to automate their infrastructure management, Puppet offers a robust solution that combines ease of use with enterprise-grade capabilities. This comprehensive guide walks you through the complete process of installing and configuring Puppet on Manjaro Linux, from basic setup to advanced features and troubleshooting.

Table of Contents

Understanding Puppet and Its Components

Puppet is an open-source configuration management tool developed by Puppet Labs (now Puppet Inc.) that helps system administrators automate the provisioning, configuration, and management of servers. At its core, Puppet follows a client-server architecture consisting of several essential components.

Puppet Server (Master) functions as the central hub of your infrastructure, storing configuration data and coordinating with agents. It maintains a catalog of resources that defines how your systems should be configured and serves these configurations to the agents upon request.

Puppet Agent runs on managed nodes and communicates with the Puppet Server to receive configuration instructions. The agent applies these configurations locally, ensuring the system maintains the desired state specified by the master.

PuppetDB stores data generated by Puppet, including inventory information, catalogs, and reports. This database enables more advanced features like exported resources and complex queries about your infrastructure.

Puppet uses a declarative language to define system configurations in files called manifests. These manifests describe the desired state of your systems rather than the specific steps to achieve that state. This approach allows Puppet to determine the most efficient way to bring systems into compliance.

Modules are reusable, shareable collections of Puppet code that encapsulate specific functionality. They provide a structured way to organize your Puppet code and can be shared with others through the Puppet Forge.

Prerequisites for Installation

Before installing Puppet on Manjaro, ensure your system meets the following requirements:

System Requirements:

  • A minimum of 2GB RAM for Puppet Server (4GB or more recommended for production environments)
  • At least 2 CPU cores for the master node
  • Minimum 10GB of free disk space
  • Manjaro Linux (latest stable version recommended)

Network Configuration:

  • Static IP addresses for all nodes in your Puppet infrastructure
  • Properly configured DNS resolution or hosts file entries
  • Open ports for Puppet communication (default: 8140)

Hostname Setup:

  • Fully Qualified Domain Names (FQDNs) for all hosts
  • The hostname “puppet” should resolve to your Puppet Server if you’re using the default configuration

Time Synchronization:

  • Synchronized time across all nodes (using NTP or similar service)
  • This is crucial as Puppet’s certificate system relies on accurate timestamps

Setting Up Your Manjaro Environment

The first step involves preparing your Manjaro system for Puppet installation. This includes updating your system, configuring hostname resolution, and ensuring networking is properly set up.

Update Your Manjaro System

Begin by updating your system to ensure you have the latest packages and security updates:

sudo pacman -Syu

This command synchronizes the package databases and updates your system packages to their latest versions.

Configure Proper Hostnames

Set up the hostname for your Puppet Server using the following command:

sudo hostnamectl set-hostname puppet-master.example.com

For agent nodes, use a similar approach but with appropriate hostnames:

sudo hostnamectl set-hostname puppet-agent1.example.com

The hostname should reflect your network’s naming convention and domain structure.

Configure /etc/hosts File

Edit your hosts file to ensure all Puppet nodes can communicate with each other:

sudo nano /etc/hosts

Add entries for your Puppet master and all agent nodes:

# Puppet infrastructure
192.168.1.10 puppet-master.example.com puppet-master
192.168.1.20 puppet-agent1.example.com puppet-agent1
192.168.1.21 puppet-agent2.example.com puppet-agent2

Replace the IP addresses and hostnames with your actual network configuration.

Verify Network Connectivity

Ensure that your nodes can communicate with each other:

ping puppet-master.example.com
ping puppet-agent1.example.com

If these commands fail, troubleshoot your network configuration before proceeding.

Installing Puppet Repository on Manjaro

Manjaro is an Arch-based Linux distribution, so we’ll need to adapt the repository installation process for this platform.

Add Puppet Repository

Since Manjaro uses the Arch Linux package manager (pacman), we need to add the Puppet repository to our system. Create a new file in the pacman configuration directory:

sudo mkdir -p /etc/pacman.d/repos
sudo nano /etc/pacman.d/repos/puppet.repo

Add the following content to the file:

[puppet]
Server = https://yum.puppet.com/archlinux/$arch
SigLevel = Never

Now include this repository in your pacman configuration:

sudo nano /etc/pacman.conf

Add at the end of the file:

Include = /etc/pacman.d/repos/puppet.repo

Update Package Database

Update your package database to include the new repository:

sudo pacman -Sy

This synchronizes the package databases, making Puppet packages available for installation.

Installing Puppet Server (Master)

With the repositories configured, we can now install the Puppet Server package on the designated master node.

Install Puppetserver Package

sudo pacman -S puppetserver

This command installs the Puppet Server package along with its dependencies, including Java and supporting libraries.

Configure Java Memory Allocation

The Puppet Server runs on Java and requires memory configuration. Edit the service configuration file:

sudo nano /etc/default/puppetserver

Modify the JAVA_ARGS line to set appropriate memory limits for your system:

JAVA_ARGS="-Xms512m -Xmx1g"

Adjust these values based on your server’s available memory. For production environments with sufficient RAM, you might increase these values to “-Xms2g -Xmx2g” or higher.

Configure Puppet Master Settings

Edit the main Puppet configuration file:

sudo nano /etc/puppetlabs/puppet/puppet.conf

Add the following configuration in the [master] section:

[master]
dns_alt_names = puppet,puppet-master,puppet-master.example.com
certname = puppet-master.example.com
server = puppet-master.example.com
environment = production
runinterval = 1h

These settings define the master’s certificate name, server address, environment, and how often Puppet runs on agent nodes.

Start and Enable Puppet Server

Start the Puppet Server service and enable it to start at boot:

sudo systemctl start puppetserver
sudo systemctl enable puppetserver

Verify that the service is running correctly:

sudo systemctl status puppetserver

You should see output indicating that the service is active and running.

Installing Puppet Agent

Now that the Puppet Server is operational, let’s install and configure Puppet Agent on the nodes you want to manage.

Install Puppet Agent Package

On each agent node, run:

sudo pacman -S puppet-agent

This installs the Puppet Agent package with all necessary dependencies.

Configure Agent Settings

Edit the Puppet configuration file on each agent:

sudo nano /etc/puppetlabs/puppet/puppet.conf

Add the following configuration:

[agent]
server = puppet-master.example.com
certname = puppet-agent1.example.com
environment = production
runinterval = 1h

Replace “puppet-agent1.example.com” with the actual hostname of each agent node.

Add Puppet Binaries to PATH

Puppet binaries are installed in /opt/puppetlabs/bin, which might not be in your PATH by default. Add it by creating a new file:

sudo nano /etc/profile.d/puppet-agent.sh

Add the following content:

#!/bin/bash
export PATH=$PATH:/opt/puppetlabs/bin

Make the file executable:

sudo chmod +x /etc/profile.d/puppet-agent.sh

Apply the changes:

source /etc/profile.d/puppet-agent.sh

This ensures that Puppet commands are available in your shell.

Start and Enable Puppet Agent

Start the Puppet Agent service and enable it to start at boot:

sudo systemctl start puppet
sudo systemctl enable puppet

Verify that the service is running:

sudo systemctl status puppet

Certificate Management in Puppet

Puppet uses SSL certificates for secure communication between the master and agents. Understanding this process is crucial for proper Puppet operation.

Initial Certificate Request

When a Puppet agent runs for the first time, it generates a certificate signing request (CSR) and sends it to the master. This request must be manually approved on the master before the agent can receive configurations.

Signing Certificate Requests

On the Puppet master, view pending certificate requests:

sudo /opt/puppetlabs/bin/puppet cert list

This displays all unsigned certificate requests. To sign a specific certificate:

sudo /opt/puppetlabs/bin/puppet cert sign puppet-agent1.example.com

To sign all pending requests at once:

sudo /opt/puppetlabs/bin/puppet cert sign --all

However, use this option with caution in production environments.

Verifying Certificate Status

Check which certificates have been signed:

sudo /opt/puppetlabs/bin/puppet cert list --all

This command displays all certificates, including those that have been signed.

Revoking and Cleaning Certificates

If you need to remove a node or recreate its certificate, you can revoke and clean the existing certificate:

sudo /opt/puppetlabs/bin/puppet cert clean puppet-agent1.example.com

This removes all trace of the certificate from the master, allowing the agent to submit a new request.

Configuring Puppet Master Settings

Fine-tuning your Puppet Server configuration can improve performance and security.

Customizing Main Configuration

The main configuration file (puppet.conf) offers various settings to customize Puppet’s behavior. Some important settings include:

[main]
# How long the certificate is valid for
ca_ttl = 5y

# Log level
log_level = notice

# Whether to use the cached catalog
usecacheonfailure = true

[master]
# Autosign certificates (not recommended in production)
# autosign = true

# How long nodes should wait before trying to reconnect
waitforcert = 60

Adjust these settings based on your specific requirements.

Setting Up Environments

Puppet environments allow you to isolate and test changes before applying them to production systems. Create the environment directory structure:

sudo mkdir -p /etc/puppetlabs/code/environments/production/manifests
sudo mkdir -p /etc/puppetlabs/code/environments/production/modules
sudo mkdir -p /etc/puppetlabs/code/environments/testing/manifests
sudo mkdir -p /etc/puppetlabs/code/environments/testing/modules

Each environment can have its own manifests and modules, enabling staged deployments and testing.

Security Considerations

Secure your Puppet infrastructure by following these best practices:

  • Use firewalls to restrict access to the Puppet Server
  • Regularly rotate certificates
  • Implement role-based access control
  • Monitor certificate signing activities
  • Keep Puppet software updated

Creating Your First Manifest

Puppet manifests define the desired state of your systems. Let’s create a simple manifest to get started.

Creating site.pp

The site.pp file is the main entry point for Puppet configurations. Create it with:

sudo nano /etc/puppetlabs/code/environments/production/manifests/site.pp

Add a basic configuration:

# Default node configuration
node default {
  # Ensure the htop package is installed
  package { 'htop':
    ensure => installed,
  }
  
  # Create a simple file
  file { '/tmp/puppet-test':
    ensure  => present,
    content => "Puppet is working on ${hostname}!\n",
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
  }
}

# Configuration specific to a certain node
node 'puppet-agent1.example.com' {
  include base
  
  # Install nginx
  package { 'nginx':
    ensure => installed,
  }
  
  # Start and enable the nginx service
  service { 'nginx':
    ensure  => running,
    enable  => true,
    require => Package['nginx'],
  }
}

This manifest ensures that htop is installed on all nodes, creates a test file, and installs and starts nginx specifically on puppet-agent1.

Testing Your Manifest

After creating your manifest, test it with a dry run on an agent:

sudo puppet agent --test --noop

The --noop option performs a simulation without making actual changes, allowing you to verify your manifest’s logic.

Applying the Manifest

To apply the manifest for real:

sudo puppet agent --test

This forces an immediate Puppet run, applying all configurations defined in the manifest.

Setting Up PuppetDB (Optional)

PuppetDB enhances Puppet’s functionality by storing data about your infrastructure. Let’s see how to set it up.

Installing PuppetDB

Install PuppetDB and its PostgreSQL dependency:

sudo pacman -S puppetdb postgresql

Configuring PostgreSQL for PuppetDB

Initialize and start PostgreSQL:

sudo -u postgres initdb --locale en_US.UTF-8 -D '/var/lib/postgres/data'
sudo systemctl start postgresql
sudo systemctl enable postgresql

Create a database user and database for PuppetDB:

sudo -u postgres createuser -P puppetdb
sudo -u postgres createdb -O puppetdb puppetdb

Connecting Master to PuppetDB

Configure Puppet Server to use PuppetDB by creating a puppetdb.conf file:

sudo nano /etc/puppetlabs/puppet/puppetdb.conf

Add the following content:

[main]
server_urls = https://puppet-master.example.com:8081

Then create the routes.yaml file to enable storage of reports and catalogs in PuppetDB:

sudo nano /etc/puppetlabs/puppet/routes.yaml

Add:

---
master:
  facts:
    terminus: puppetdb
    cache: yaml
  storeconfigs:
    terminus: puppetdb

Restart the Puppet Server to apply these changes:

sudo systemctl restart puppetserver

Common Troubleshooting Tips

Even with careful setup, issues may arise. Here are solutions to common problems.

Connection Issues

If agents cannot connect to the master:

  1. Verify that the Puppet Server is running: 
    sudo systemctl status puppetserver
  2. Check network connectivity: 
    ping puppet-master.example.com
telnet puppet-master.example.com 8140
  3. Ensure the firewall allows traffic on port 8140: 
    sudo iptables -L
  4. Verify the hostname resolution in /etc/hosts or DNS.

Certificate Problems

For certificate-related issues:

  1. If certificates were previously generated, clean them before creating new ones: 
    sudo puppet ssl clean
sudo /opt/puppetlabs/bin/puppet cert clean puppet-agent1.example.com
  2. Check certificate expiration: 
    sudo /opt/puppetlabs/bin/puppet cert list --all
  3. Verify time synchronization between master and agents.

Log Analysis

Puppet logs can provide valuable troubleshooting information:

  • Puppet Server logs: /var/log/puppetlabs/puppetserver/
  • Puppet Agent logs: /var/log/puppetlabs/puppet/

Examine these logs for error messages and warnings that might point to the source of issues.

Puppet Modules and Forge

Puppet Forge is a repository of pre-built modules that can save you time and effort. Let’s explore how to use it.

Installing Modules from Puppet Forge

To search for modules:

puppet module search apache

To install a module:

sudo puppet module install puppetlabs-apache

This installs the official Apache module maintained by Puppet Labs.

Creating Custom Modules

Create your own module structure:

cd /etc/puppetlabs/code/environments/production/modules
sudo puppet module generate username-modulename

This generates a skeleton module structure that you can customize for your needs.

Module Best Practices

When working with modules:

  • Follow the standard module structure
  • Use descriptive names for classes and resources
  • Document your module thoroughly
  • Test modules before deploying to production
  • Keep modules focused on a single responsibility

Automating Manjaro-Specific Tasks

Puppet can automate many Manjaro-specific administrative tasks.

Package Management

Manage packages with Puppet’s package resource:

# Install packages
package { ['htop', 'vim', 'git']:
  ensure => installed,
}

# Remove packages
package { 'unused-package':
  ensure => absent,
}

# Update specific packages
package { 'security-critical-package':
  ensure => latest,
}

Service Management

Control systemd services:

service { 'nginx':
  ensure     => running,
  enable     => true,
  hasrestart => true,
  hasstatus  => true,
  require    => Package['nginx'],
}

User Management

Create and manage user accounts:

user { 'webadmin':
  ensure     => present,
  home       => '/home/webadmin',
  shell      => '/bin/bash',
  managehome => true,
  groups     => ['sudo', 'www-data'],
}

Advanced Puppet Features

As you become comfortable with Puppet basics, you can leverage more advanced features.

Using Hiera for Data Separation

Hiera separates data from code, making your Puppet manifests more reusable:

sudo mkdir -p /etc/puppetlabs/code/environments/production/hieradata
sudo nano /etc/puppetlabs/code/environments/production/hiera.yaml

Create a basic Hiera configuration:

---
version: 5
defaults:
  datadir: hieradata
  data_hash: yaml_data
hierarchy:
  - name: "Per-node data"
    path: "nodes/%{trusted.certname}.yaml"
  - name: "Common data"
    path: "common.yaml"

Then create your data files in the hieradata directory.

Facts and Custom Facts

Puppet uses facts to gather information about systems. View available facts with:

puppet facts

Create custom facts by adding Ruby scripts to the lib/facter directory in your modules.

Implementing Roles and Profiles

The roles and profiles pattern helps organize your Puppet code:

  • Profiles: Technology-specific configurations
  • Roles: Business-specific combinations of profiles

This pattern improves code reusability and maintainability.

Post-Installation Best Practices

After successfully setting up Puppet, follow these best practices to ensure a stable and secure infrastructure.

Backup Strategies

Regularly back up these critical components:

  • SSL certificates (/etc/puppetlabs/puppet/ssl/)
  • Configuration files (/etc/puppetlabs/puppet/)
  • Manifests and modules (/etc/puppetlabs/code/)
  • PuppetDB data if installed

An automated backup script can ensure this happens consistently.

Security Hardening

Secure your Puppet infrastructure:

  • Restrict access to the Puppet Server
  • Use strong passwords for all accounts
  • Keep Puppet and all packages updated
  • Configure strict firewall rules
  • Enable SELinux or AppArmor

Monitoring Puppet Infrastructure

Set up monitoring for your Puppet environment:

  • Monitor Puppet Server resource usage
  • Set up alerts for failed Puppet runs
  • Track certificate expiration dates
  • Monitor PuppetDB performance
  • Set up log monitoring for error detection

Congratulations! You have successfully installed Puppet. Thanks for using this tutorial for installing the Puppet on Manjaro Linux. For additional help or useful information, we recommend you check the official Puppet website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2025 idroot.us | All Rights Reserved | Follow us for more Linux tutorials!
Back to top button