Puppet - Overview and Installation

Puppet is a Configuration Management Tool, which is in the market since 2005. Puppet is used for deploying a particular application, configuring nodes and managing servers.

Fig: Puppet Master and Agent

Puppet performs the following functions:

• Defining distinct configurations for each and every host, and continuously checking and confirming whether the required configuration is in place and is not altered (if altered Puppet will revert back to the required configuration) on the host.
• Dynamic scaling-up and scaling-down of machines.
• Providing control over all your configured machines, so a centralized (master-server or repo-based) change gets propagated to all, automatically.

Puppet Master-Slave Architecture:

Puppet Master: 
Puppet Master is the key mechanism which handles all the configuration related stuff. It applies the configuration to nodes using the Puppet agent.

Puppet Agent: 
Puppet Agents are the actual working machines which are managed by the Puppet Master. They have the Puppet agent daemon service running inside them. Puppet Agent or the puppet node sends facts to the Puppet Master.

Fig: Puppet Master-Slave Architecture

Facts: 
These facts are basically key-value data-pair that represent some aspect of Puppet slave. That aspect can be IP address, OS or VM and then Factor gathers some basic information about Puppet Slave, such as hardware details, network settings, OS, IP addresses, MAC addresses etc.

On the basis of facts, changes are done on any target machine. There are pre-defined and custom facts in Puppet. These Facts are available in Puppet master's manifest as variables. Puppet Master uses those Facts that have received from Puppet Agent to compile a Catalog. That Catalog defines how the slave should be configured.

Catalog: 
The Catalog is a document that describes the desired state for each resource that Puppet Master manages in a slave. The catalog is compiled by the Puppet Master and then it is sent back to the node.

Report: 
The node reports back to Puppet indicating the configuration is implemented successfully, which is visible in the Puppet Dashboard.

So, the connection between node, Puppet Master and Puppet Slave happens with the help of SSL.

Puppet Master-Slave Connection:
First, Puppet Slave requests for Puppet Master Certificate. Once Puppet Master receives the request, it will send the Master Certificate.

Fig: Puppet Master-Slave Connection

Once Puppet Slave receives the Master Certificate, Puppet Master will again send a request for Slave Certificate. Now, Puppet Slave will generate its own certificate and send it to the Puppet Master.

Now, Puppet Master need to sign that certificate, and once when the certificate has signed, Puppet Slave can request for the data. Then, finally Puppet Master will send the data to the Puppet Slave.

Resources: Resources are the fundamental unit. This can be anything like a user or a file etc.

Syntax:
          resource_type { 'resource_name'
               attribute => value
               …
          }

Example:

          file { '/etc/inetd.conf':

           ensure => '/etc/inet/inetd.conf',

          }

Classes: A class is a group of resources and we can declare a class among multiple manifests.

Syntax:

          class example_class {

           ---

                code

                ---

          }

Manifest: Manifests are basically Puppet programs. Manifests are composed of puppet code with .pp extension.

Example:

          class { 'apache' } //use apache module

                apache::vhost { 'example.com': //define vhost resource

                port => '80',

                docroot => '/var/www/html',

                }

          }

Puppet - Installation

Pre-requisites: 

1. Puppet master server should have minimum two processor cores and at least 1 GB of RAM and its recommended that Puppet master server should have 2-4 processor cores and at least 4 GB of RAM.
2. If you are installing Puppet version 5 of below, then make sure hostname should be 'puppet'.
3. Install NTP
4. Install Java
5. Install Puppet Server 

Steps we need to follow:

1. Update Hostname if using Puppet 5

2. Install NTP

3. Install Puppet Server (you may need to install Java and puppet-agent >=5.5.0 as dependencies)

4. Verify the version of Puppet Server

5. Create a soft link for puppet 

Step 1: Update Hostname:

1. hostnames can contain letters (from a to z) and digits (from 0 to 9).

2. hostnames can contain hyphen ( - ) and dot ( . ) special characters.

3. hostnames must contain between 2 and 63 characters long.

4. hostnames letters are case-insensitive.

Know what is current hostname:

          $ hostname

Update hostname temporary. In last use command bash:

          $ hostname puppet

          $ bash

Update hostname permanently. Open file /etc/hostname and put hostname as 'puppet' and save:

          $ sudo vi /etc/hostname

          Puppet

          :wq

Step 2: Install NTP:

It acts as a certificate authority for agent nodes, the Puppet master server must maintain accurate system time to avoid potential problems when it issues agent certificates. Certificates can appear to be expired if there are time discrepancies.

List time zone of linux machine (CentOS-7):

          $ timedatectl | grep "Time zone"

List all time zones:

          $ timedatectl list-timezones

Set appropriate time zone:

          $ sudo timedatectl set-timezone Asia/Kolkata

          $ sudo yum -y update 

          $ sudo yum install -y ntp 

Open ntp.conf for editing, that is located at /etc/ntp.conf

          $ sudo vi /etc/ntp.conf

Add the time servers from the NTP Pool Project page to the top of the file (replace these with the servers of your choice):

server 2.in.pool.ntp.org

server 1.asia.pool.ntp.org

server 2.asia.pool.ntp.org

Start NTP to add the new time servers:

          $ sudo service ntpd restart

Enable Configuration:

          $ systemctl enable ntpd

Step 3: Install Puppet Server: 

Open link is browser: http://yum.puppetlabs.com ➔ puppet5 ➔ el ➔ 7 ➔ x86_64 ➔ Right click on latest version of puppetserver and click on Copy link address:

          $ sudo rpm -ivh rpm -ivh http://yum.puppetlabs.com/puppet5/el/7/x86_64/puppetserver-5.3.8-1.el7.noarch.rpm

Error: Failed dependencies:

          java-1.8.0-openjdk-headless is needed by puppetserver-6.4.0-1.el8.noarch

          puppet-agent >= 5.5.0 is needed by puppetserver-6.4.0-1.el8.noarch

So, first, we need to install Java:

          $ sudo yum install -y java

Now, we are going to install the second dependency, which is puppet-agent >=5.5.0

Navigate to: http://yum.puppetlabs.com ➔ puppet5 ➔ el ➔ 5 ➔ x86_64 ➔ Right click on the latest version of puppet-agent and click on Copy link address ➔ go to the terminal and use the command:

          $ sudo rpm –ivh http://yum.puppetlabs.com/puppet5/el/7/x86_64/puppet-agent-5.5.8-1.el7.x86_64.rpm

Now, finally, install Puppet Server:

          $ sudo rpm -ivh rpm -ivh http://yum.puppetlabs.com/puppet5/el/7/x86_64/puppetserver-5.3.8-1.el7.noarch.rpm

Step 4: Verify the version of Puppet Server:

To verify the version of Puppet Server use command:

          $ puppet -V

This puppet command may not be working right now. So, try:

          $ /opt/puppetlabs/bin/puppetserver -V

In my case, it's puppet 5.5.8. To use 'puppet' command we need to create a soft link.

Step 5: Create a soft link for puppet:

If we run puppet command, normally this will not work. For this we need to create a soft link:

          $ ln -s /opt/puppetlabs/bin/puppet /usr/bin/puppet

Now, you can use 'puppet -V' apart from '/opt/puppetlabs/bin/puppetserver -V'.