RHEL BasedRocky Linux

How To Install Puppet on Rocky Linux 10

r00t
7 minutes read

Install Puppet on Rocky Linux 10

Configuration management has become essential for modern IT infrastructure. Puppet stands out as one of the most powerful automation tools available, enabling system administrators to manage thousands of servers efficiently. Rocky Linux 10, as a robust enterprise-grade distribution, provides an excellent foundation for Puppet deployment.

This comprehensive guide walks through every step of installing and configuring Puppet on Rocky Linux 10, from initial setup to advanced optimization. Whether managing a small development environment or large-scale production infrastructure, this tutorial ensures successful Puppet implementation.

Prerequisites and System Requirements

Hardware Requirements

Puppet server installation demands adequate system resources for optimal performance. The minimum configuration requires a 2-core processor with 1GB RAM for basic setups handling fewer than 100 nodes. Production environments managing 1,000 or more nodes benefit from 4-core processors with 4GB RAM.

Storage considerations include allocating at least 20GB disk space for Puppet installation, certificates, and log files. Enterprise deployments should provision additional storage for module repositories and configuration archives.

Software Requirements

A fresh Rocky Linux 10 installation provides the optimal starting point. Root access or sudo privileges are mandatory for installation and configuration tasks. System administrators need basic command-line proficiency and familiarity with text editors like nano or vim.

Network connectivity remains crucial throughout the installation process. Stable internet access enables repository downloads and package installations. DNS resolution capabilities ensure proper hostname configuration and certificate generation.

Network Configuration

Proper hostname and FQDN configuration forms the foundation of Puppet deployment. DNS resolution must function correctly for both forward and reverse lookups. Firewall configuration requires opening TCP port 8140 for Puppet server communication.

Time synchronization between Puppet server and agents prevents certificate validation issues. Network administrators should configure NTP or chrony services before beginning installation.

Environment Preparation

System Updates

Beginning with a fully updated system prevents compatibility issues and security vulnerabilities. Execute comprehensive system updates using the DNF package manager:

sudo dnf update -y

Install essential utilities that support Puppet operations:

sudo dnf install -y wget curl nano vim git

System reboot ensures all kernel updates take effect properly. This step prevents service conflicts during Puppet installation.

Hostname Configuration

Puppet relies heavily on proper hostname resolution for certificate generation and node identification. Configure the system hostname using hostnamectl:

sudo hostnamectl set-hostname puppet.example.com

Edit the hosts file to include proper hostname entries:

sudo echo "127.0.0.1 puppet.example.com puppet" >> /etc/hosts

Verify hostname configuration with multiple commands:

hostname -f
hostnamectl status

Best practices recommend using fully qualified domain names that reflect actual network infrastructure. Avoid localhost or generic hostnames in production environments.

Repository Setup

Rocky Linux systems require additional repositories for Puppet installation. Enable the EPEL repository first:

sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm -y

PowerTools repository provides developer libraries and dependencies:

sudo dnf config-manager --set-enabled powertools

Update repository metadata cache:

sudo dnf makecache

Security Configuration

Firewall configuration enables Puppet server accessibility while maintaining security. Open the required port for Puppet communication:

sudo firewall-cmd --permanent --add-port=8140/tcp
sudo firewall-cmd --reload

SELinux considerations may require temporary adjustments during initial setup:

sudo setenforce 0
sudo sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config

Production environments should implement proper SELinux policies rather than disabling enforcement entirely.

Installing Puppet Server

Adding Puppet Repository

Puppet installation requires adding the official Puppet repository to Rocky Linux. Download and install the Puppet release package:

sudo dnf install https://yum.puppet.com/puppet-release-el-9.noarch.rpm -y

Verify repository installation success:

rpm -qi puppet-release

Confirm available repositories include Puppet entries:

sudo dnf repolist

The repository configuration enables access to Puppet packages and their dependencies. Package versions remain consistent with Enterprise Linux compatibility standards.

Installing Puppet Server Package

Install the complete Puppet server package using DNF:

sudo dnf install puppetserver -y

This command installs numerous dependencies including Java OpenJDK, NSS libraries, and Puppet agent components. The installation process typically requires several minutes depending on network speed.

Verify successful installation:

rpm -qi puppetserver

Check installed package versions and dependencies:

rpm -qa | grep puppet

Package installation creates necessary directories, configuration files, and service definitions automatically.

Initial Server Configuration

Basic Puppet configuration begins with editing the main configuration file. Create or modify /etc/puppetlabs/puppet/puppet.conf:

[main]
certname = puppet.example.com
server = puppet.example.com
environment = production
runinterval = 30m

[master]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code

Environment configuration establishes production as the default environment. Run interval settings determine how frequently agents check for configuration updates.

Configuring Puppet Server

Configuration File Editing

Detailed puppet.conf configuration enables advanced features and performance optimization. The main section contains global parameters affecting both server and agent operations:

[main]
certname = puppet.example.com
server = puppet.example.com
environment = production
runinterval = 1800

Server-specific settings optimize performance and define operational parameters:

[server]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
ca = true

Memory allocation requires adjustment based on infrastructure size. Edit /etc/sysconfig/puppetserver to modify JVM settings:

JAVA_ARGS="-Xms2g -Xmx2g"

Certificate Management

Puppet uses SSL certificates for secure communication between servers and agents. The certificate authority initializes automatically during first startup. Manual certificate generation provides additional control:

sudo /opt/puppetlabs/bin/puppetserver ca setup

Certificate locations follow standard Puppet directory structures:

  • CA certificates: /etc/puppetlabs/puppet/ssl/ca/
  • Server certificates: /etc/puppetlabs/puppet/ssl/certs/
  • Private keys: /etc/puppetlabs/puppet/ssl/private_keys/

Security considerations include protecting private keys and implementing certificate rotation policies.

Service Management

Start Puppet server services using systemctl:

sudo systemctl start puppetserver

Enable automatic service startup at boot:

sudo systemctl enable puppetserver

Verify service status and operation:

sudo systemctl status puppetserver

Log files provide detailed information about service operation and troubleshooting data:

sudo tail -f /var/log/puppetlabs/puppetserver/puppetserver.log

Installing and Configuring Puppet Agent

Local Agent Installation

Puppet server installation includes agent components, but manual activation ensures proper configuration. The agent service requires separate startup and configuration:

sudo systemctl start puppet
sudo systemctl enable puppet

Agent-specific configuration parameters differ from server settings. Local agent configuration enables testing and validation of server functionality.

Remote Agent Setup

Remote systems require Puppet repository installation before agent deployment. Distribute repository packages to target systems:

sudo rpm -Uvh https://yum.puppet.com/puppet-release-el-9.noarch.rpm

Install agent-only packages on remote systems:

sudo dnf install puppet-agent -y

Agent configuration points to the Puppet server:

[main]
certname = agent.example.com
server = puppet.example.com
environment = production
runinterval = 1800

Network connectivity testing verifies communication paths between agents and servers.

Agent-Server Communication

Initial agent connection requires certificate signing approval. Agents generate certificate signing requests during first connection:

sudo /opt/puppetlabs/bin/puppet agent --test

Server administrators review and approve pending certificates:

sudo /opt/puppetlabs/bin/puppetserver ca list
sudo /opt/puppetlabs/bin/puppetserver ca sign --certname agent.example.com

Automated certificate signing enables rapid deployment but requires careful security consideration.

Verification and Testing

Server Functionality Testing

Comprehensive testing validates Puppet server installation and configuration. Execute agent test runs to verify server responses:

sudo /opt/puppetlabs/bin/puppet agent --test --verbose

Server logs provide detailed information about agent connections and catalog compilation:

sudo tail -f /var/log/puppetlabs/puppetserver/puppetserver.log

Network connectivity testing confirms port accessibility and firewall configuration.

Certificate Management

Certificate validation ensures secure communication channels. List all managed certificates:

sudo /opt/puppetlabs/bin/puppetserver ca list --all

Review certificate details and expiration dates:

sudo /opt/puppetlabs/bin/puppetserver ca list --format json

Certificate revocation procedures handle compromised or decommissioned systems:

sudo /opt/puppetlabs/bin/puppetserver ca revoke --certname compromised.example.com

Agent Communication Testing

Agent functionality testing verifies catalog retrieval and application processes. Test configuration runs demonstrate proper operation:

sudo /opt/puppetlabs/bin/puppet agent --test --noop

The noop flag previews changes without applying them to systems. Production testing should always begin with dry-run executions.

Advanced Configuration

Performance Tuning

Puppet server performance optimization accommodates growing infrastructure demands. JVM memory allocation requires adjustment based on node count and catalog complexity:

JAVA_ARGS="-Xms4g -Xmx4g -XX:MaxPermSize=256m"

Connection pool optimization improves concurrent agent handling:

# In /etc/puppetlabs/puppetserver/conf.d/webserver.conf
webserver: {
  port: 8140
  max-threads: 200
}

Cache configuration reduces compilation overhead for frequently accessed catalogs.

Module Management

Puppet modules extend functionality and provide pre-built configurations. Install modules from Puppet Forge:

sudo /opt/puppetlabs/bin/puppet module install puppetlabs-apache

Custom module development enables organization-specific configurations. Module structure follows established conventions:

/etc/puppetlabs/code/modules/custom_module/
├── manifests/
├── files/
├── templates/
└── metadata.json

Module dependency management prevents version conflicts and ensures compatibility.

Environment Configuration

Multiple environments support development, staging, and production workflows. Environment configuration isolates code changes:

mkdir -p /etc/puppetlabs/code/environments/{development,staging,production}

Code deployment strategies include Git integration and automated testing pipelines. Version control integration enables change tracking and rollback capabilities.

Troubleshooting Common Issues

Installation Problems

Repository access issues commonly affect Puppet installation. Network connectivity problems prevent package downloads and updates. Proxy configuration may require additional settings in DNF configuration files.

Dependency resolution problems occur when conflicting packages exist. Clean package cache and retry installations:

sudo dnf clean all
sudo dnf makecache

Permission errors indicate insufficient user privileges or SELinux restrictions.

Certificate Issues

Certificate generation failures often result from hostname configuration problems. DNS resolution must function properly for certificate validation. Time synchronization issues cause certificate validity problems.

Clock skew between servers and agents exceeds acceptable tolerances. Configure NTP synchronization across all systems:

sudo systemctl enable --now chronyd

Service and Connectivity Problems

Port blocking prevents agent-server communication. Firewall configuration requires specific port accessibility. Network troubleshooting should verify connectivity using telnet or nc commands:

telnet puppet.example.com 8140

Service startup failures indicate configuration errors or resource constraints. Review log files for specific error messages and resolution guidance.

Security Best Practices

SSL/TLS Configuration

Certificate security hardening improves overall system protection. Regular certificate rotation prevents long-term key compromise. Implement automated certificate renewal processes where possible.

Encryption protocol selection affects communication security and performance. Disable obsolete protocols and cipher suites that contain known vulnerabilities.

Access Control

User permission management restricts administrative access to authorized personnel. Implement role-based access control for different operational responsibilities. Resource access restrictions prevent unauthorized configuration changes.

Authentication mechanisms should integrate with existing identity management systems. Multi-factor authentication provides additional security layers for administrative access.

System Hardening

SELinux configuration for Puppet requires proper policy development. Production systems should maintain enforcing mode with appropriate policy exceptions. Custom SELinux policies accommodate specific organizational requirements.

Log monitoring and auditing detect suspicious activities and configuration changes. Centralized logging systems aggregate Puppet events with other security monitoring tools.

Maintenance and Best Practices

Regular Maintenance Tasks

System updates and patches maintain security and functionality. Puppet server updates require careful planning to prevent service disruption. Schedule maintenance windows for major updates and testing.

Certificate renewal procedures prevent service interruptions from expired certificates. Automated renewal reduces administrative overhead and prevents outages.

Performance monitoring identifies bottlenecks and capacity requirements. Resource utilization tracking guides infrastructure scaling decisions.

Backup and Recovery

Configuration backup strategies protect against data loss and corruption. Regular backups should include configuration files, certificates, and module repositories. Test backup restoration procedures regularly.

Certificate backup procedures ensure rapid recovery from system failures. Store certificate backups securely with appropriate access controls.

Disaster recovery planning addresses various failure scenarios. Document recovery procedures and test them in non-production environments.

Monitoring and Logging

Log rotation configuration prevents disk space exhaustion from growing log files. Configure logrotate policies for all Puppet log files:

/var/log/puppetlabs/puppetserver/*.log {
    daily
    rotate 30
    compress
    delaycompress
    missingok
    create 0644 puppet puppet
    postrotate
        systemctl reload puppetserver
    endscript
}

Performance metrics monitoring tracks system health and identifies optimization opportunities. Integration with monitoring systems provides alerting capabilities.

Congratulations! You have successfully installed Puppet. Thanks for using this tutorial for installing Puppet open-source automation and configuration management tool  on your Rocky Linux 10 system. For additional help or useful information, we recommend you check the official Puppet website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
7 minutes read
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2025 idroot.us | All Rights Reserved | Follow us for more Linux tutorials!
Back to top button