How to install Puppet Server on Linux (AlmaLinux)

Reading Time: 9 minutes

As a configuration management tool, Puppet automates IT infrastructure provisioning, server configuration, and resource management. Puppet Server is the central hub that manages configuration information, compiles configuration catalogs, and serves them to Puppet Agents.

Key points

Having read this article in full, you will gain understanding of the following concepts related to Puppet software for configuration management:

  1. What are Puppet Server, Puppet Bolt, and Puppet Agent
  2. Getting started with Puppet
  3. Installing the Puppet Server, Puppet Bolt, and Puppet Agent software
  4. How to use Puppet
  5. How to test Puppet
  6. How to update Puppet
  7. How to uninstall Puppet

What are Puppet Server, Puppet Bolt, and Puppet Agent?

Puppet Agent is the software installed on each node that communicates with the Puppet Server to retrieve configuration instructions and apply them to the node. On the other hand, Puppet Bolt is a standalone agentless task runner that allows you to execute commands, scripts, and tasks across your infrastructure without requiring a Puppet Server or Puppet Agent setup.

Installing Puppet Server on AlmaLinux is essential for efficient and scalable infrastructure management. By centralizing configuration management, Puppet Server streamlines the deployment and maintenance of software and services across your AlmaLinux servers. It enables you to define desired states for your infrastructure, ensuring consistency and reducing manual intervention. With Puppet Server, you can easily enforce security policies, manage updates, and automate repetitive tasks, ultimately improving the reliability and agility of your Almalinux environment.

Prerequisites for installing Puppet Server

Here are the prerquisites necessary to have in place before you can install Puppet Server and Puppet Agents.

  • Allocate two AlmaLinux servers for the Puppet software — this article uses two AlmaLinux 8 servers:
    • 192.168.10.20 for Puppet Server
    • 192.168.10.21 for Puppet Agent
  • Confirm that you have root or sudo access to install the Puppet Server and Puppet Agent.
  • Before installing Puppet Server and Puppet Agent, the AlmaLinux system must be updated to the most recent version.

Perform initial AlmaLinux server setup

The steps covered in the next sections give guidance with regard to the initial AlmaLinux server setup required.

Step #1. Updating the AlmaLinux system

Execute the following command to update the AlmaLinux system in preparation ahead of the Puppet Server and Puppet Agent installation:

sudo dnf update

Step #2. Configure the hostname in Puppet Server and Puppet Agent

To set the hostname for Puppet Server, execute the following command:

sudo hostnamectl set-hostname puppetserver.example.com

To set the hostname for Puppet Agent, execute the following command:

sudo hostnamectl set-hostname puppetagent.example.com

Replace puppetserver.example.com and puppetagent.example.com with the required values. Then, open the /etc/hosts file on both Puppet Server and Puppet Agent using any of the common Linux text editors such as nano or others:

sudo nano /etc/hosts

Add the following details, then save and close the file:

192.168.10.20 puppetserver.example.com puppetserver
192.168.10.21 puppetagent.example.com puppetagent

Replace the IP address and hostname with the IP address and hostname of your Puppet Server and Puppet Agent. To reflect the new hostname in the configuration, reboot both servers by executing the following command:

sudo reboot

Install Puppet Server

To install the Puppet Server on AlmaLinux, follow the these steps.

Step #1. Enable the Puppet repository

To enable the Puppet repository, execute the following command:

sudo rpm -Uvh https://yum.puppet.com/puppet6-release-el-8.noarch.rpm

Step #2. Install the Puppet Server

To install the Puppet Server package, execute the following command:

sudo dnf install puppetserver

Here is the output:

root@puppetserver ~]# sudo dnf install puppetserver
Puppet 6 Repository el 8 - x86_64                                                                                    48 MB/s |  38 MB     00:00
Last metadata expiration check: 0:00:10 ago on Tue 20 Feb 2024 03:03:32 AM UTC.
Dependencies resolved.
====================================================================================================================================================
 Package                                   Architecture         Version                                               Repository               Size
====================================================================================================================================================
Installing:
 puppetserver                              noarch               6.20.0-1.el8                                          puppet6                  75 M
Installing dependencies:
—-
—-
 puppet-agent                              x86_64               6.28.0-1.el8                                          puppet6                  26 M

—-
—-

Installed:
—-
—-
  puppet-agent-6.28.0-1.el8.x86_64                                               puppetserver-6.20.0-1.el8.noarch
—-
—-
Complete!

To ensure that the Puppet Server has been installed, execute the following command:

rpm -qi puppetserver

Step #3. Configure the Puppet Server

To configure Puppet Server, open the Puppet Server configuration file /etc/puppetlabs/puppet/puppet.conf for editing:

sudo nano /etc/puppetlabs/puppet/puppet.conf

Add the following lines to the server section:

dns_alt_names=puppetserver.example.com,puppetserver

Next, add the following lines, then save and close the file.

[main]
certname = puppetserver.example.com
server = puppetserver.example.com
environment = production
runinterval = 1h

Replace puppetserver.example.com with Puppet Server’s hostname. To start the Puppet Server, execute the following command:

sudo systemctl start puppetserver

To enable the Puppet Server to start on boot, execute the following command:

sudo systemctl enable puppetserver

The Puppet Agent is also installed during Puppet Server installation. However, the Puppet Agent does not start automatically and must be started manually. To start the Puppet Agent, execute the following command:

sudo systemctl start puppet

To enable the Puppet Agent to start on boot, execute the following command:

sudo systemctl enable puppet

Step #4. Allow th ePuppet service in the firewall

To open the TCP port 8140 for the Puppet Server, execute the following command:

sudo firewall-cmd --reload
sudo firewall-cmd --list-all

Step #5. Add the Puppet binary folder to $PATH

Puppet binaries are stored in the /opt/puppetlabs/bin directory. By default, this directory is not in $PATH. To add Puppet binaries to $PATH, execute the following command:

echo 'export PATH=$PATH:/opt/puppetlabs/bin' | tee -a ~/.bashrc

Then, execute the following command to reload the ~/.bashrc file in the current shell. Doing so will update the PATH variable with the changes made in the previous command:

source ~/.bashrc

Step #6. Install the Puppet Bolt tool

Puppet Bolt is a tool for open-source orchestration, and it can be installed on both the Puppet Server and Puppet Agents. To install Puppet Bolt tool for orchestration, execute the following command:

sudo dnf install puppet-bolt

Install Puppet Agent

To install Puppet Agent on AlmaLinux, please follow the steps in the next sections.

Step #1. Enable the Puppet repository

To enable the Puppet repository, execute the following command:

sudo rpm -Uvh https://yum.puppet.com/puppet6-release-el-8.noarch.rpm

Step #2. Install the Puppet Agent

To install Puppet Agent, execute the following command:

sudo dnf install puppet-agent

Here is the output:

]# sudo dnf install puppet-agent
Puppet 6 Repository el 8 - x86_64                                                                                    51 MB/s |  38 MB     00:00
Last metadata expiration check: 0:00:09 ago on Tue 20 Feb 2024 04:13:19 AM UTC.
Dependencies resolved.
====================================================================================================================================================
 Package                               Architecture                    Version                               Repository                        Size
====================================================================================================================================================
Installing:
 puppet-agent                          x86_64                          6.28.0-1.el8                          puppet6                           26 M
—-
—-
Installed:
  puppet-agent-6.28.0-1.el8.x86_64

Complete!

To start the Puppet Agent, execute the following command:

sudo systemctl start puppet

To enable the Puppet Agent to start on boot, execute the following command:

sudo systemctl enable puppet

Step #3. Configure the Puppet Agent

To configure Puppet Agent, open Puppet Server configuration file /etc/puppetlabs/puppet/puppet.conf for editing:

sudo nano /etc/puppetlabs/puppet/puppet.conf

Add the following lines, then save and close the file:

[agent]
server=puppetserver.example.com
ca_server=puppetserver.example.com

Then, restart Puppet Agent by executing the following command to reflect the changes:

sudo systemctl restart puppet

Step #4. Connect the Puppet Agent to Puppet Server

To generate a new certificate on the Puppet Agent and authenticate to the Puppet Server, execute the following command:

puppet ssl bootstrap

The output will show that the certificate still needs to be signed. Here is the output:

[root@puppetagent ~]# puppet ssl bootstrap
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppetagent.example.com
Info: Certificate Request fingerprint (SHA256): F9:C4:2D:AE:B8:EC:4E:06:BA:3C:8D:91:BA:F2:AB:FE:91:2A:B4:C4:38:A5:E9:DC:D2:B0:A7:3D:00:8C:5F:3A
Info: Certificate for puppetagent.example.com has not been signed yet
Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (puppetagent.example.com).
Info: Will try again in 120 seconds.

To verify the list of certificates (pending and accepted), execute the following command on the Puppet Server:

puppetserver ca list --all

Here is the output:

[root@puppetserver ~]# puppetserver ca list --all
Requested Certificates:
    puppetagent.example.com       (SHA256)  F9:C4:2D:AE:B8:EC:4E:06:BA:3C:8D:91:BA:F2:AB:FE:91:2A:B4:C4:38:A5:E9:DC:D2:B0:A7:3D:00:8C:5F:3A
Signed Certificates:
    puppetserver.example.com       (SHA256)  FA:E1:C4:02:B0:5A:DB:B6:DC:F9:CC:18:12:73:D3:35:45:7D:30:27:23:22:FE:D3:4C:E0:84:7D:05:03:39:3D	alt names: ["DNS:puppetserver.example.com", "DNS:puppetserver", "DNS:puppetserver.example.com"]	authorization extensions: [pp_cli_auth: true]

Then, sign the certificate request generated by the Puppet Agent by executing the following command:

puppetserver ca sign --certname puppetagent.example.com

Replace puppetagent.example.com using Puppet Agent’s hostname. Here is the output:

[root@puppetserver ~]# puppetserver ca sign --certname puppetagent.example.com
Successfully signed certificate request for puppetagent.example.com

The Puppet Agent should now display "Notice: Completed SSL initialization" message in the output:

[root@puppetagent ~]# puppet ssl bootstrap
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppetagent.example.com
Info: Certificate Request fingerprint (SHA256): F9:C4:2D:AE:B8:EC:4E:06:BA:3C:8D:91:BA:F2:AB:FE:91:2A:B4:C4:38:A5:E9:DC:D2:B0:A7:3D:00:8C:5F:3A
Info: Certificate for puppetagent.example.com has not been signed yet
Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (puppetagent.example.com).
Info: Will try again in 120 seconds.
Notice: Completed SSL initialization

Then, verify the list of certificates by executing the following command on the Puppet Server:

puppetserver ca list --all

If everything works properly, you should see the Puppet Agent certificate in the Signed Certificates section. Here is the output:

[root@puppetserver ~]# puppetserver ca list --all
Signed Certificates:
    puppetserver.example.com       (SHA256)  FA:E1:C4:02:B0:5A:DB:B6:DC:F9:CC:18:12:73:D3:35:45:7D:30:27:23:22:FE:D3:4C:E0:84:7D:05:03:39:3D	alt names: ["DNS:puppetserver.example.com", "DNS:puppetserver", "DNS:puppetserver.example.com"]	authorization extensions: [pp_cli_auth: true]
    puppetagent.example.com        (SHA256)  FE:7E:FF:D2:1E:05:60:6E:4A:BF:91:05:13:E2:0B:E5:50:45:29:57:A0:E5:12:32:17:CD:4B:EE:6C:5B:60:1A	alt names: ["DNS:puppetagent.example.com"]

Step #5. Verify Puppet Installation

To check whether the Puppet Server is installed and running, execute the following command:

sudo systemctl status puppetserver

Here is the output:

[root@puppetserver ~]# sudo systemctl status puppetserver
● puppetserver.service - puppetserver Service
   Loaded: loaded (/usr/lib/systemd/system/puppetserver.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2024-02-20 03:37:52 UTC; 59min ago
 Main PID: 49775 (java)
    Tasks: 48 (limit: 4915)
   Memory: 1.0G
   CGroup: /system.slice/puppetserver.service
           └─49775 /usr/bin/java -Xms2g -Xmx2g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger -XX:OnOutOfMemoryError=kill -9 %p >

To check whether the Puppet Agent is installed and running, execute the following command:

sudo systemctl status puppet

Here is the output from the Puppet Server:

[root@puppetserver ~]# sudo systemctl status puppet
● puppet.service - Puppet agent
   Loaded: loaded (/usr/lib/systemd/system/puppet.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2024-02-20 03:38:21 UTC; 1h 0min ago
 Main PID: 49907 (puppet)
    Tasks: 2 (limit: 24688)
   Memory: 48.3M
   CGroup: /system.slice/puppet.service
           └─49907 /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/puppet agent --no-daemonize

Here is the output from the Puppet Agent:

[root@puppetagent ~]# sudo systemctl status puppet
● puppet.service - Puppet agent
   Loaded: loaded (/usr/lib/systemd/system/puppet.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2024-02-20 04:30:20 UTC; 8min ago
 Main PID: 49212 (puppet)
    Tasks: 2 (limit: 24688)
   Memory: 48.0M
   CGroup: /system.slice/puppet.service
           └─49212 /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/puppet agent --no-daemonize

To check whether the Puppet Bolt is installed and running, execute the following command:

bolt --version

See the How to install and configure Puppet on CentOS, Fedora, Ubuntu, or Opensuse article to learn more about the installation and configuration of Puppet on these other operating systems.

How to use Puppet

To use Puppet to manage system configurations and resources, review the steps in the following sections.

Step #1. Create Puppet manifests

Using the Puppet manifests (.pp files), define the desired state of your systems. Manifests describe the resources and configurations you want Puppet to manage.

Step #2. Apply manifests

Use the Puppet Agent to apply manifests from the Puppet Server to manage configurations across multiple systems:

sudo /opt/puppetlabs/bin/puppet agent --test

Step #3. Update Puppet manifests

Modify your Puppet manifests as needed to reflect changes in your infrastructure. Ensure that changes are tested in a controlled environment before applying them to production.

Step #4. Monitor and maintain your Puppet infrastructure

Regularly check your Puppet infrastructure to ensure that configurations are appropriately implemented. Address any errors or mistakes that may occur throughout the configuration management process.

How to test Puppet

To check that the Puppet Agent is correctly connected to the Puppet Server and applying configurations, please follow the steps below.

Step #1. Create a Puppet manifest

Create a simple Puppet manifest file (for example, sample_manifest.pp) on the Puppet Server in the default module directory (/etc/puppetlabs/code/environments/production/manifests):

# /etc/puppetlabs/code/environments/production/manifests/sample_manifest.pp
file { '/tmp/testfile':
  ensure => present,
  content => 'This is a test file created by Puppet.',
}

Step #2. Apply the manifest

Apply the manifest to the Puppet Server to confirm that it is syntactically correct and that the Puppet Agent can retrieve the configuration:

xsudo /opt/puppetlabs/bin/puppet apply /etc/puppetlabs/code/environments/production/manifests/sample_manifest.pp

Here is the output:

[root@puppetserver ~]# sudo /opt/puppetlabs/bin/puppet apply /etc/puppetlabs/code/environments/production/manifests/sample_manifest.pp
Notice: Compiled catalog for puppetserver.example.com in environment production in 0.01 seconds
Notice: /Stage[main]/Main/File[/tmp/testfile]/ensure: defined content as '{md5}a5c224c88a8a5f089eee59622303d1f3'
Notice: Applied catalog in 0.02 seconds

Step #3. Run Puppet Agent

On the Puppet Agent, run the Puppet Agent to retrieve and apply the configuration from the Puppet Server.

sudo /opt/puppetlabs/bin/puppet agent --test

Here is the output:

[root@puppetagent ~]# sudo /opt/puppetlabs/bin/puppet agent --test
Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Caching catalog for puppetagent.example.com
Info: Applying configuration version '1708409468'
Notice: /Stage[main]/Main/File[/tmp/testfile]/ensure: defined content as '{md5}a5c224c88a8a5f089eee59622303d1f3'
Notice: Applied catalog in 0.02 seconds

Step #4. Verify Configuration

Check if the Puppet Agent has created the file required in the manifest (/tmp/testfile).

cat /tmp/testfile

It should show the information specified in the Puppet manifest. Here is the output:

[root@puppetagent ~]# cat /tmp/testfile
This is a test file created by Puppet.

How to update Puppet

To update the Puppet Server, execute the following command:

sudo dnf update puppetserver

To update the Puppet Agent, execute the following command:

sudo dnf update puppet-agent

To update Puppet Bolt, execute the following command:

sudo dnf update puppet-bolt

How to uninstall Puppet

To uninstall the Puppet Server, execute the following command:

sudo dnf remove puppetserver

To uninstall the Puppet Agent, execute the following command:

sudo dnf remove puppet-agent

To uninstall Puppet Bolt, execute the following command:

sudo dnf remove puppet-bolt

To remove any remaining configuration files manually, execute the following command:

sudo rm -rf /etc/puppetlabs/

Warning: It is critical to be cautious when using rm -rf since it can delete files and directories recursively and forcefully without prompting confirmation. If used incorrectly, it can result in permanent data loss with system folders such as /etc and /opt.

To remove any residual Puppet directories and files, execute the following command:

sudo rm -rf /opt/puppetlabs/

Get started with Puppet today! Empower your AlmaLinux setup on our hosting

Puppet installation on AlmaLinux is a simple procedure that can significantly improve your server management abilities. By following the instructions in this article, you can rapidly set up Puppet Server, Puppet Bolt, and Puppet Agent.

A well-done Puppet implementation using the instructions outlined in this post will let you automate tasks, manage configurations, and simplify your IT infrastructure. Puppet on AlmaLinux is a potent tool for effective and scalable server automation, regardless of your experience with server administration.

Purchasing a web hosting plan with Liquid Web to install Puppet on AlmaLinux is a strategic decision for enhancing server management and automation. Liquid Web's reliable hosting services provide a stable environment for running Puppet, ensuring seamless automation of tasks and efficient configuration management. Liquid Web's hosting plans offer the reliability and support needed to leverage Puppet on AlmaLinux effectively, making it an ideal choice for businesses looking to enhance their server automation capabilities.

Avatar for Mohammed Noufal

About the Author: Mohammed Noufal

Mohammed Noufal is a B.Tech graduate with a decade of experience in server administration and web hosting. He is a father to two daughters and finds fulfillment in their growth. In his free time, he enjoys blogging, sharing experiences, and listening to music. With a strong technical background, family commitment, and creative outlets, he represents a well-rounded life journey.

Latest Articles

Using a Cloudflare Argo Tunnel with load balancing

Read Article

Subdomain takeover — protect your website against it!

Read Article

Controlling PHP settings with a custom php.ini file

Read Article

Linux dos2unix command syntax — removing hidden Windows characters from files

Read Article

Change cPanel password from WebHost Manager (WHM)

Read Article