Puppet is a ruby based configuration management tool (IT automation software), licensed under Apache 2.0 designed to help system administrators, automate many repetitive task they regularly perform . It is open-source, flexible, customizable framework for managing the configuratons of computer system. It defines and enforce the state of your infrustructure throughout the software development cycle. Puppet ensures consistency and dependability across your infrustrucutre.
Puppet can be used to manage configuration on Unix, Linux and Microsoft Windows platform. Puppet can manage hosts throughout it’s life cycle: begining from initial builds and installation, to upgrade, maintenance and finally, end-of -life. Puppet is designed to continiously interect with the hosts.
Puppet is an open-source software configuration management tool based on ruby. Puppet is designed to manage the configuration of Unix-like and Microsoft Windows systems declaratively. The user describes system resources and their state, either using Puppet’s declarative language or a Ruby DSL (domain-specific language). This information is stored in files called “Puppet manifests”. Puppet discovers the system information via a utility called Facter, and compiles the Puppet manifests into a system-specific catalog containing resources and resource dependency, which are applied against the target systems. Any actions taken by Puppet are then reported.
Desired State of Puppet Infrastructure
- Facts: The puppet agent on each node, send data about the node’s state called as facts to the puppet master server.
- Catalog: The puppet master uses fact to compile detailed data about how the node should be configured, called the catalog and send it back to the puppet agent. The puppet agent makes any changes as per the catalog. The agent can also simulate these changes in –noop mode i.e. dry run.
- Report: Each puppet agent sends report to the puppet master, indicating any changes made to the configuration.
- Report Collection: Puppets open API can send data to the third-party tool. So, infrustructure can be shared with other teams.
System Requirements
Puppet Server is configured to use 2GB of RAM by default. Just to play around with an installation on a Virtual Machine. However, ram can be reduced to minimum of 512MB in test enviornment. Make sure you have good amount of ram when using puppet server in production though to guarantee optimal performance.
Puppet Server: Installing
Enable the puppetlabs package repository i.e. for centos and debian based systems. Check the operating system version and download the compatiable repository package.
krishna@puppetserver:~$ wget https://apt.puppetlabs.com/puppet-release-xenial.deb --2017-07-13 07:13:46-- https://apt.puppetlabs.com/puppet-release-xenial.deb Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 54.230.190.113, 54.230.190.178, 54.230.190.46, ... Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|54.230.190.113|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 6828 (6.7K) [application/x-debian-package] Saving to: ‘puppet-release-xenial.deb’ puppet-release-xenial.deb 100%[===================================================================>] 6.67K --.-KB/s in 0s 2017-07-13 07:13:47 (1.16 GB/s) - ‘puppet-release-xenial.deb’ saved [6828/6828] krishna@puppetserver:~$ ls -ltrh puppet-release-xenial.deb -rw-rw-r-- 1 krishna krishna 6.7K Jul 8 01:07 puppet-release-xenial.deb krishna@puppetserver:~$ krishna@puppetserver:~$ sudo dpkg -i puppet-release-xenial.deb sudo: unable to resolve host puppetserver Selecting previously unselected package puppet-release. (Reading database ... 59647 files and directories currently installed.) Preparing to unpack puppet-release-xenial.deb ... Unpacking puppet-release (1.0.0-1xenial) ... Setting up puppet-release (1.0.0-1xenial) ... krishna@puppetserver:~$ krishna@puppetserver:~$ sudo apt-get update Ign:1 http://apt.puppetlabs.com xenial InRelease Get:2 http://apt.puppetlabs.com xenial Release [58.8 kB] Get:3 http://apt.puppetlabs.com xenial Release.gpg [841 B] Get:4 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB] Hit:5 http://us.archive.ubuntu.com/ubuntu xenial InRelease Get:6 http://apt.puppetlabs.com xenial/puppet amd64 Packages [2,483 B] Get:7 http://us.archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB] Get:8 http://apt.puppetlabs.com xenial/puppet i386 Packages [2,482 B] Get:9 http://apt.puppetlabs.com xenial/puppet all Packages [1,620 B] Get:10 http://us.archive.ubuntu.com/ubuntu xenial-backports InRelease [102 kB] Fetched 373 kB in 1s (188 kB/s) Reading package lists... Done krishna@puppetserver:~$ krishna@puppetserver:~$ sudo apt-cache show puppetserver Package: puppetserver Version: 5.0.0-1puppetlabs1 Architecture: all Maintainer: Puppet Labs <info@puppetlabs.com> Installed-Size: 77373 Depends: openjdk-8-jre-headless, net-tools, adduser, procps, puppet-agent (>= 4.99.0) Section: utils Priority: optional Homepage: http://puppetlabs.com Description: Puppet Labs puppetserver Contains: Puppet Server (puppetlabs/puppetserver 5.0.0,org.clojure/clojure 1.8.0,puppetlabs/puppetserver 5.0.0,puppetlabs/trapperkeeper-webserver-jetty9 2.0.1) Description-md5: 3f5182c244c6715fbd1ed2b1b54559e8 Filename: pool/xenial/puppet/p/puppetserver/puppetserver_5.0.0-1puppetlabs1_all.deb MD5sum: 30b225a5b729fc1b7c9e73a5f76136df SHA1: 459a2c7674c2a6912b4df694d16ba2af7a239687 SHA256: 74b574fc6f0610d6fd50bf85c669c600e97e05916272ddbf206e639902db8e4b SHA512: 28826ed0ebf11cb3958bc6b55fb7d87703abca6f563ec3a76d30f6d20ff70b912fe50ab2181f8b094b2ddab698ab04cea3c2ad3e71ecfb7d22eb368bb1221158 Size: 66076812 krishna@puppetserver:~$
Install
Install the Puppet Server using the below command. This command will install puppetserver (don’t confuse with puppet-server) along with all it’s dependencies. The dependency packages are listed below as well. This gives an idea of the dependencies.
krishna@puppetserver:~$ sudo apt-get install puppetserver sudo: unable to resolve host puppetserver Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: ca-certificates-java fontconfig-config fonts-dejavu-core java-common libavahi-client3 libavahi-common-data libavahi-common3 libcups2 libfontconfig1 libjpeg-turbo8 libjpeg8 liblcms2-2 libnspr4 libnss3 libnss3-nssdb libpcsclite1 libxi6 libxrender1 libxtst6 openjdk-8-jre-headless puppet-agent x11-common Suggested packages: default-jre cups-common liblcms2-utils pcscd openjdk-8-jre-jamvm libnss-mdns fonts-dejavu-extra fonts-ipafont-gothic fonts-ipafont-mincho ttf-wqy-microhei | ttf-wqy-zenhei fonts-indic The following NEW packages will be installed: ca-certificates-java fontconfig-config fonts-dejavu-core java-common libavahi-client3 libavahi-common-data libavahi-common3 libcups2 libfontconfig1 libjpeg-turbo8 libjpeg8 liblcms2-2 libnspr4 libnss3 libnss3-nssdb libpcsclite1 libxi6 libxrender1 libxtst6 openjdk-8-jre-headless puppet-agent puppetserver x11-common 0 upgraded, 23 newly installed, 0 to remove and 111 not upgraded. Need to get 111 MB of archives. After this operation, 276 MB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 libjpeg-turbo8 amd64 1.4.2-0ubuntu3 [111 kB] Get:2 http://apt.puppetlabs.com xenial/puppet amd64 puppet-agent amd64 5.0.0-1xenial [15.1 MB] Get:3 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 liblcms2-2 amd64 2.6-3ubuntu2 [137 kB] Get:4 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 x11-common all 1:7.7+13ubuntu3 [22.4 kB] Get:5 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 libxtst6 amd64 2:1.2.2-1 [14.1 kB] Get:6 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libnspr4 amd64 2:4.13.1-0ubuntu0.16.04.1 [112 kB] Get:7 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libnss3-nssdb all 2:3.28.4-0ubuntu0.16.04.2 [10.6 kB] Get:8 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libnss3 amd64 2:3.28.4-0ubuntu0.16.04.2 [1,147 kB] Get:9 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 ca-certificates-java all 20160321 [12.9 kB] Get:10 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 java-common all 0.56ubuntu2 [7,742 B] Get:11 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 libavahi-common-data amd64 0.6.32~rc+dfsg-1ubuntu2 [21.7 kB] Get:12 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 libavahi-common3 amd64 0.6.32~rc+dfsg-1ubuntu2 [21.6 kB] Get:13 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 libavahi-client3 amd64 0.6.32~rc+dfsg-1ubuntu2 [25.1 kB] Get:14 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 libcups2 amd64 2.1.3-4 [197 kB] Get:15 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 libjpeg8 amd64 8c-2ubuntu8 [2,194 B] Get:16 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 fonts-dejavu-core all 2.35-1 [1,039 kB] Get:17 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 fontconfig-config all 2.11.94-0ubuntu1.1 [49.9 kB] Get:18 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libfontconfig1 amd64 2.11.94-0ubuntu1.1 [131 kB] Get:19 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libpcsclite1 amd64 1.8.14-1ubuntu1.16.04.1 [21.4 kB] Get:20 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 libxi6 amd64 2:1.7.6-1 [28.6 kB] Get:21 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 libxrender1 amd64 1:0.9.9-0ubuntu1 [18.5 kB] Get:22 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 openjdk-8-jre-headless amd64 8u131-b11-0ubuntu1.16.04.2 [27.0 MB] Get:23 http://apt.puppetlabs.com xenial/puppet amd64 puppetserver all 5.0.0-1puppetlabs1 [66.1 MB] Fetched 111 MB in 7min 8s (260 kB/s) Selecting previously unselected package libjpeg-turbo8:amd64. (Reading database ... 59652 files and directories currently installed.) Preparing to unpack .../libjpeg-turbo8_1.4.2-0ubuntu3_amd64.deb ... Unpacking libjpeg-turbo8:amd64 (1.4.2-0ubuntu3) ... Selecting previously unselected package liblcms2-2:amd64. Preparing to unpack .../liblcms2-2_2.6-3ubuntu2_amd64.deb ... Unpacking liblcms2-2:amd64 (2.6-3ubuntu2) ... Selecting previously unselected package x11-common. Preparing to unpack .../x11-common_1%3a7.7+13ubuntu3_all.deb ... Unpacking x11-common (1:7.7+13ubuntu3) ... Selecting previously unselected package libxtst6:amd64. Preparing to unpack .../libxtst6_2%3a1.2.2-1_amd64.deb ... Unpacking libxtst6:amd64 (2:1.2.2-1) ... Selecting previously unselected package libnspr4:amd64. Preparing to unpack .../libnspr4_2%3a4.13.1-0ubuntu0.16.04.1_amd64.deb ... Unpacking libnspr4:amd64 (2:4.13.1-0ubuntu0.16.04.1) ... Selecting previously unselected package libnss3-nssdb. Preparing to unpack .../libnss3-nssdb_2%3a3.28.4-0ubuntu0.16.04.2_all.deb ... Unpacking libnss3-nssdb (2:3.28.4-0ubuntu0.16.04.2) ... Selecting previously unselected package libnss3:amd64. Preparing to unpack .../libnss3_2%3a3.28.4-0ubuntu0.16.04.2_amd64.deb ... Unpacking libnss3:amd64 (2:3.28.4-0ubuntu0.16.04.2) ... Selecting previously unselected package ca-certificates-java. Preparing to unpack .../ca-certificates-java_20160321_all.deb ... Unpacking ca-certificates-java (20160321) ... Selecting previously unselected package java-common. Preparing to unpack .../java-common_0.56ubuntu2_all.deb ... Unpacking java-common (0.56ubuntu2) ... Selecting previously unselected package libavahi-common-data:amd64. Preparing to unpack .../libavahi-common-data_0.6.32~rc+dfsg-1ubuntu2_amd64.deb ... Unpacking libavahi-common-data:amd64 (0.6.32~rc+dfsg-1ubuntu2) ... Selecting previously unselected package libavahi-common3:amd64. Preparing to unpack .../libavahi-common3_0.6.32~rc+dfsg-1ubuntu2_amd64.deb ... Unpacking libavahi-common3:amd64 (0.6.32~rc+dfsg-1ubuntu2) ... Selecting previously unselected package libavahi-client3:amd64. Preparing to unpack .../libavahi-client3_0.6.32~rc+dfsg-1ubuntu2_amd64.deb ... Unpacking libavahi-client3:amd64 (0.6.32~rc+dfsg-1ubuntu2) ... Selecting previously unselected package libcups2:amd64. Preparing to unpack .../libcups2_2.1.3-4_amd64.deb ... Unpacking libcups2:amd64 (2.1.3-4) ... Selecting previously unselected package libjpeg8:amd64. Preparing to unpack .../libjpeg8_8c-2ubuntu8_amd64.deb ... Unpacking libjpeg8:amd64 (8c-2ubuntu8) ... Selecting previously unselected package fonts-dejavu-core. Preparing to unpack .../fonts-dejavu-core_2.35-1_all.deb ... Unpacking fonts-dejavu-core (2.35-1) ... Selecting previously unselected package fontconfig-config. Preparing to unpack .../fontconfig-config_2.11.94-0ubuntu1.1_all.deb ... Unpacking fontconfig-config (2.11.94-0ubuntu1.1) ... Selecting previously unselected package libfontconfig1:amd64. Preparing to unpack .../libfontconfig1_2.11.94-0ubuntu1.1_amd64.deb ... Unpacking libfontconfig1:amd64 (2.11.94-0ubuntu1.1) ... Selecting previously unselected package libpcsclite1:amd64. Preparing to unpack .../libpcsclite1_1.8.14-1ubuntu1.16.04.1_amd64.deb ... Unpacking libpcsclite1:amd64 (1.8.14-1ubuntu1.16.04.1) ... Selecting previously unselected package libxi6:amd64. Preparing to unpack .../libxi6_2%3a1.7.6-1_amd64.deb ... Unpacking libxi6:amd64 (2:1.7.6-1) ... Selecting previously unselected package libxrender1:amd64. Preparing to unpack .../libxrender1_1%3a0.9.9-0ubuntu1_amd64.deb ... Unpacking libxrender1:amd64 (1:0.9.9-0ubuntu1) ... Selecting previously unselected package openjdk-8-jre-headless:amd64. Preparing to unpack .../openjdk-8-jre-headless_8u131-b11-0ubuntu1.16.04.2_amd64.deb ... Unpacking openjdk-8-jre-headless:amd64 (8u131-b11-0ubuntu1.16.04.2) ... Selecting previously unselected package puppet-agent. Preparing to unpack .../puppet-agent_5.0.0-1xenial_amd64.deb ... Unpacking puppet-agent (5.0.0-1xenial) ... Selecting previously unselected package puppetserver. Preparing to unpack .../puppetserver_5.0.0-1puppetlabs1_all.deb ... Unpacking puppetserver (5.0.0-1puppetlabs1) ... Processing triggers for libc-bin (2.23-0ubuntu5) ... Processing triggers for systemd (229-4ubuntu16) ... Processing triggers for ureadahead (0.100.0-19) ... Processing triggers for man-db (2.7.5-1) ... Processing triggers for ca-certificates (20160104ubuntu1) ... Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done. Setting up libjpeg-turbo8:amd64 (1.4.2-0ubuntu3) ... Setting up liblcms2-2:amd64 (2.6-3ubuntu2) ... Setting up x11-common (1:7.7+13ubuntu3) ... update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults Setting up libxtst6:amd64 (2:1.2.2-1) ... Setting up libnspr4:amd64 (2:4.13.1-0ubuntu0.16.04.1) ... Setting up java-common (0.56ubuntu2) ... Setting up libavahi-common-data:amd64 (0.6.32~rc+dfsg-1ubuntu2) ... Setting up libavahi-common3:amd64 (0.6.32~rc+dfsg-1ubuntu2) ... Setting up libavahi-client3:amd64 (0.6.32~rc+dfsg-1ubuntu2) ... Setting up libcups2:amd64 (2.1.3-4) ... Setting up libjpeg8:amd64 (8c-2ubuntu8) ... Setting up fonts-dejavu-core (2.35-1) ... Setting up fontconfig-config (2.11.94-0ubuntu1.1) ... Setting up libfontconfig1:amd64 (2.11.94-0ubuntu1.1) ... Setting up libpcsclite1:amd64 (1.8.14-1ubuntu1.16.04.1) ... Setting up libxi6:amd64 (2:1.7.6-1) ... Setting up libxrender1:amd64 (1:0.9.9-0ubuntu1) ... Setting up puppet-agent (5.0.0-1xenial) ... Created symlink from /etc/systemd/system/multi-user.target.wants/puppet.service to /lib/systemd/system/puppet.service. Created symlink from /etc/systemd/system/multi-user.target.wants/mcollective.service to /lib/systemd/system/mcollective.service. Created symlink from /etc/systemd/system/multi-user.target.wants/pxp-agent.service to /lib/systemd/system/pxp-agent.service. Removed symlink /etc/systemd/system/multi-user.target.wants/pxp-agent.service. Setting up libnss3-nssdb (2:3.28.4-0ubuntu0.16.04.2) ... Setting up libnss3:amd64 (2:3.28.4-0ubuntu0.16.04.2) ... Setting up ca-certificates-java (20160321) ... Adding debian:Microsec_e-Szigno_Root_CA.pem Adding debian:Cybertrust_Global_Root.pem Adding debian:Entrust_Root_Certification_Authority_-_G2.pem Adding debian:Microsec_e-Szigno_Root_CA_2009.pem Adding debian:Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem Adding debian:QuoVadis_Root_CA.pem Adding debian:TeliaSonera_Root_CA_v1.pem Adding debian:GlobalSign_ECC_Root_CA_-_R5.pem Adding debian:NetLock_Business_=Class_B=_Root.pem Adding debian:VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.pem Adding debian:DigiCert_Assured_ID_Root_CA.pem Adding debian:IdenTrust_Public_Sector_Root_CA_1.pem Adding debian:UTN_USERFirst_Email_Root_CA.pem Adding debian:GlobalSign_Root_CA.pem Adding debian:QuoVadis_Root_CA_1_G3.pem Adding debian:TWCA_Global_Root_CA.pem Adding debian:ACCVRAIZ1.pem Adding debian:ePKI_Root_Certification_Authority.pem Adding debian:Security_Communication_EV_RootCA1.pem Adding debian:DST_ACES_CA_X6.pem Adding debian:Entrust_Root_Certification_Authority_-_EC1.pem Adding debian:DigiCert_Assured_ID_Root_G3.pem Adding debian:TWCA_Root_Certification_Authority.pem Adding debian:Comodo_AAA_Services_root.pem Adding debian:CA_Disig_Root_R2.pem Adding debian:ComSign_CA.pem Adding debian:Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.pem Adding debian:CNNIC_ROOT.pem Adding debian:Go_Daddy_Class_2_CA.pem Adding debian:Global_Chambersign_Root_-_2008.pem Adding debian:WoSign.pem Adding debian:Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem Adding debian:thawte_Primary_Root_CA_-_G2.pem Adding debian:CA_Disig.pem Adding debian:Swisscom_Root_EV_CA_2.pem Adding debian:GeoTrust_Universal_CA_2.pem Adding debian:AffirmTrust_Premium_ECC.pem Adding debian:AddTrust_External_Root.pem Adding debian:PSCProcert.pem Adding debian:Equifax_Secure_CA.pem Adding debian:S-TRUST_Universal_Root_CA.pem Adding debian:S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.pem Adding debian:T-TeleSec_GlobalRoot_Class_2.pem Adding debian:E-Tugra_Certification_Authority.pem Adding debian:Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.pem Adding debian:QuoVadis_Root_CA_2_G3.pem Adding debian:Staat_der_Nederlanden_EV_Root_CA.pem Adding debian:Security_Communication_Root_CA.pem Adding debian:GeoTrust_Primary_Certification_Authority.pem Adding debian:OISTE_WISeKey_Global_Root_GB_CA.pem Adding debian:DST_Root_CA_X3.pem Adding debian:Entrust_Root_Certification_Authority.pem Adding debian:XRamp_Global_CA_Root.pem Adding debian:Deutsche_Telekom_Root_CA_2.pem Adding debian:CA_WoSign_ECC_Root.pem Adding debian:DigiCert_High_Assurance_EV_Root_CA.pem Adding debian:StartCom_Certification_Authority_G2.pem Adding debian:Staat_der_Nederlanden_Root_CA_-_G3.pem Adding debian:Certinomis_-_Autorité_Racine.pem Adding debian:COMODO_RSA_Certification_Authority.pem Adding debian:Starfield_Services_Root_Certificate_Authority_-_G2.pem Adding debian:ApplicationCA_-_Japanese_Government.pem Adding debian:Buypass_Class_3_Root_CA.pem Adding debian:VeriSign_Universal_Root_Certification_Authority.pem Adding debian:Juur-SK.pem Adding debian:WellsSecure_Public_Root_Certificate_Authority.pem Adding debian:thawte_Primary_Root_CA_-_G3.pem Adding debian:GlobalSign_ECC_Root_CA_-_R4.pem Adding debian:IdenTrust_Commercial_Root_CA_1.pem Adding debian:USERTrust_RSA_Certification_Authority.pem Adding debian:SecureSign_RootCA11.pem Adding debian:Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem Adding debian:DigiCert_Global_Root_G2.pem Adding debian:Actalis_Authentication_Root_CA.pem Adding debian:Staat_der_Nederlanden_Root_CA.pem Adding debian:DigiCert_Trusted_Root_G4.pem Adding debian:Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem Adding debian:Taiwan_GRCA.pem Adding debian:TC_TrustCenter_Class_3_CA_II.pem Adding debian:SwissSign_Platinum_CA_-_G2.pem Adding debian:QuoVadis_Root_CA_3.pem Adding debian:TURKTRUST_Certificate_Services_Provider_Root_2007.pem Adding debian:COMODO_ECC_Certification_Authority.pem Adding debian:AddTrust_Qualified_Certificates_Root.pem Adding debian:GeoTrust_Primary_Certification_Authority_-_G2.pem Adding debian:GeoTrust_Universal_CA.pem Adding debian:IGC_A.pem Adding debian:Verisign_Class_3_Public_Primary_Certification_Authority.pem Adding debian:Trustis_FPS_Root_CA.pem Adding debian:GeoTrust_Primary_Certification_Authority_-_G3.pem Adding debian:Comodo_Secure_Services_root.pem Adding debian:Security_Communication_RootCA2.pem Adding debian:Sonera_Class_1_Root_CA.pem Adding debian:Starfield_Root_Certificate_Authority_-_G2.pem Adding debian:China_Internet_Network_Information_Center_EV_Certificates_Root.pem Adding debian:DigiCert_Global_Root_CA.pem Adding debian:GlobalSign_Root_CA_-_R3.pem Adding debian:T-TeleSec_GlobalRoot_Class_3.pem Adding debian:EC-ACC.pem Adding debian:AffirmTrust_Commercial.pem Adding debian:TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H5.pem Adding debian:Staat_der_Nederlanden_Root_CA_-_G2.pem Adding debian:AddTrust_Low-Value_Services_Root.pem Adding debian:AC_Raíz_Certicámara_S.A..pem Adding debian:Equifax_Secure_eBusiness_CA_1.pem Adding debian:NetLock_Qualified_=Class_QA=_Root.pem Adding debian:Certum_Trusted_Network_CA.pem Adding debian:AffirmTrust_Premium.pem Adding debian:certSIGN_ROOT_CA.pem Adding debian:StartCom_Certification_Authority_2.pem Adding debian:Certigna.pem Adding debian:Equifax_Secure_Global_eBusiness_CA.pem Adding debian:Comodo_Trusted_Services_root.pem Adding debian:Secure_Global_CA.pem Adding debian:Starfield_Class_2_CA.pem Adding debian:Atos_TrustedRoot_2011.pem Adding debian:DigiCert_Assured_ID_Root_G2.pem Adding debian:Entrust.net_Premium_2048_Secure_Server_CA.pem Adding debian:DigiCert_Global_Root_G3.pem Adding debian:Certum_Root_CA.pem Adding debian:AffirmTrust_Networking.pem Adding debian:Go_Daddy_Root_Certificate_Authority_-_G2.pem Adding debian:Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.pem Adding debian:Network_Solutions_Certificate_Authority.pem Adding debian:CA_Disig_Root_R1.pem Adding debian:Certplus_Class_2_Primary_CA.pem Adding debian:QuoVadis_Root_CA_3_G3.pem Adding debian:Certification_Authority_of_WoSign_G2.pem Adding debian:Root_CA_Generalitat_Valenciana.pem Adding debian:NetLock_Notary_=Class_A=_Root.pem Adding debian:Verisign_Class_1_Public_Primary_Certification_Authority.pem Adding debian:SwissSign_Gold_CA_-_G2.pem Adding debian:COMODO_Certification_Authority.pem Adding debian:GeoTrust_Global_CA.pem Adding debian:ACEDICOM_Root.pem Adding debian:D-TRUST_Root_Class_3_CA_2_2009.pem Adding debian:Visa_eCommerce_Root.pem Adding debian:EE_Certification_Centre_Root_CA.pem Adding debian:Camerfirma_Chambers_of_Commerce_Root.pem Adding debian:CFCA_EV_ROOT.pem Adding debian:D-TRUST_Root_Class_3_CA_2_EV_2009.pem Adding debian:Swisscom_Root_CA_2.pem Adding debian:GlobalSign_Root_CA_-_R2.pem Adding debian:Swisscom_Root_CA_1.pem Adding debian:Hongkong_Post_Root_CA_1.pem Adding debian:Izenpe.com.pem Adding debian:NetLock_Arany_=Class_Gold=_Főtanúsítvány.pem Adding debian:TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.pem Adding debian:TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H6.pem Adding debian:SwissSign_Silver_CA_-_G2.pem Adding debian:RSA_Security_2048_v3.pem Adding debian:SecureTrust_CA.pem Adding debian:Certinomis_-_Root_CA.pem Adding debian:QuoVadis_Root_CA_2.pem Adding debian:thawte_Primary_Root_CA.pem Adding debian:Sonera_Class_2_Root_CA.pem Adding debian:Buypass_Class_2_Root_CA.pem Adding debian:OISTE_WISeKey_Global_Root_GA_CA.pem Adding debian:Camerfirma_Global_Chambersign_Root.pem Adding debian:Verisign_Class_3_Public_Primary_Certification_Authority_2.pem Adding debian:VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem Adding debian:StartCom_Certification_Authority.pem Adding debian:GeoTrust_Global_CA_2.pem Adding debian:WoSign_China.pem Adding debian:USERTrust_ECC_Certification_Authority.pem Adding debian:NetLock_Express_=Class_C=_Root.pem Adding debian:AddTrust_Public_Services_Root.pem Adding debian:Buypass_Class_2_CA_1.pem Adding debian:Baltimore_CyberTrust_Root.pem Adding debian:UTN_USERFirst_Hardware_Root_CA.pem Adding debian:Chambers_of_Commerce_Root_-_2008.pem Adding debian:Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem Adding debian:EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem done. Processing triggers for ca-certificates (20160104ubuntu1) ... Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done. done. Setting up openjdk-8-jre-headless:amd64 (8u131-b11-0ubuntu1.16.04.2) ... update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/rmid to provide /usr/bin/rmid (rmid) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java to provide /usr/bin/java (java) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/keytool to provide /usr/bin/keytool (keytool) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/jjs to provide /usr/bin/jjs (jjs) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/pack200 to provide /usr/bin/pack200 (pack200) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/rmiregistry to provide /usr/bin/rmiregistry (rmiregistry) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/unpack200 to provide /usr/bin/unpack200 (unpack200) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/orbd to provide /usr/bin/orbd (orbd) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/servertool to provide /usr/bin/servertool (servertool) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/tnameserv to provide /usr/bin/tnameserv (tnameserv) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/jexec to provide /usr/bin/jexec (jexec) in auto mode Setting up puppetserver (5.0.0-1puppetlabs1) ... usermod: no changes Processing triggers for libc-bin (2.23-0ubuntu5) ... Processing triggers for systemd (229-4ubuntu16) ... Processing triggers for ureadahead (0.100.0-19) ... krishna@puppetserver:~$
Now, Puppet Server has been installed successfully with all the requisite packages. Start the Puppet Server service. Please verify and make sure that enough ram is allocated to the OS and JVM. Centos 7.0 comes with systemd as default i.e. system and service manager for Linux.
root@puppetserver:~# systemctl status puppetserver
● puppetserver.service - puppetserver Service
Loaded: loaded (/lib/systemd/system/puppetserver.service; disabled; vendor preset: enabled)
Active: inactive (dead)
root@puppetserver:~#
root@puppetserver:~# systemctl start puppetserver
root@puppetserver:~#
root@puppetserver:~# systemctl status puppetserver
● puppetserver.service - puppetserver Service
Loaded: loaded (/lib/systemd/system/puppetserver.service; disabled; vendor preset: enabled)
Active: active (running) since Thu 2017-07-13 07:56:13 IST; 20s ago
Process: 5712 ExecStart=/opt/puppetlabs/server/apps/puppetserver/bin/puppetserver start (code=exited, status=0/SUCCESS)
Main PID: 5724 (java)
Tasks: 28
Memory: 658.6M
CPU: 1min 2.939s
CGroup: /system.slice/puppetserver.service
└─5724 /usr/bin/java -Xms1g -Xmx1g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger -Djava.security.egd=/dev/urandom
Jul 13 07:55:10 puppetserver systemd[1]: Starting puppetserver Service...
Jul 13 07:56:13 puppetserver systemd[1]: Started puppetserver Service.
lines 1-13/13 (END)
root@puppetserver:~# ps -ef | grep puppet
puppet 5724 1 53 07:55 ? 00:01:02 /usr/bin/java -Xms1g -Xmx1g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger -Djava.security.egd=/dev/urandom -XX:OnOutOfMemoryError=kill -9 %p -cp /opt/puppetlabs/server/apps/puppetserver/puppet-server-release.jar:/opt/puppetlabs/server/apps/puppetserver/jruby-1_7.jar clojure.main -m puppetlabs.trapperkeeper.main --config /etc/puppetlabs/puppetserver/conf.d --bootstrap-config /etc/puppetlabs/puppetserver/services.d/,/opt/puppetlabs/server/apps/puppetserver/config/services.d/ --restart-file /opt/puppetlabs/server/data/puppetserver/restartcounter
root 5934 5693 0 07:57 pts/0 00:00:00 grep --color=auto puppet
root@puppetserver:~#
root@puppetserver:~# puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppetserver.domain.name
Info: Applying configuration version '1499912850'
Info: Creating state file /opt/puppetlabs/puppet/cache/state/state.yaml
Notice: Applied catalog in 0.02 seconds
root@puppetserver:~#
Memory Allocation
Puppet Server will be configured to use 2GB of RAM by default. However, while using puppet server in production you should have a good amount of ram assigned to it for optimal performance. The syntax to change the Puppet Server memory allocation is shown below:
Open /etc/default/puppetserver and modify these settings
krishna@puppetserver:~$ cat /etc/default/puppetserver ########################################### # Init settings for puppetserver ########################################### # Location of your Java binary (version 7 or higher) JAVA_BIN="/usr/bin/java" # Modify this if you'd like to change the memory allocation, enable JMX, etc JAVA_ARGS="-Xms2g -Xmx2g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger" # These normally shouldn't need to be edited if using OS packages USER="puppet" GROUP="puppet" INSTALL_DIR="/opt/puppetlabs/server/apps/puppetserver" CONFIG="/etc/puppetlabs/puppetserver/conf.d" # Bootstrap path BOOTSTRAP_CONFIG="/etc/puppetlabs/puppetserver/services.d/,/opt/puppetlabs/server/apps/puppetserver/config/services.d/" # SERVICE_STOP_RETRIES can be set here to alter the default stop timeout in # seconds. For systemd, the shorter of this setting or 'TimeoutStopSec' in # the systemd.service definition will effectively be the timeout which is used. SERVICE_STOP_RETRIES=60 # START_TIMEOUT can be set here to alter the default startup timeout in # seconds. For systemd, the shorter of this setting or 'TimeoutStartSec' # in the service's systemd.service configuration file will effectively be the # timeout which is used. START_TIMEOUT=300 # Maximum number of seconds that can expire for a service reload attempt before # the result of the attempt is interpreted as a failure. RELOAD_TIMEOUT=120 krishna@puppetserver:~$
Performance
Puppet Server is fast. It has 3x performance improvement over puppet master. It means that an individaul Puppet Server can handle a much larger volume of puppet agent nodes. The performance gain will increase as it becomes more and more mature. Now we have to deal with simplified configuration in Puppet Server, rather than managing several discrete packages (Apache, Passenger, Puppet, etc.) with their separate configuration interfaces (Puppet Master).
Conclusion
Puppet Server is very straight forward to install and setup. Along with ease, it provides a huge performance improvement over the classic puppet master setup. Now, a single command does all the things (yum install puppetserver) for you.
After some hands on with the new Puppet Server, you will really feel the difference. You will enjoy.