Install Puppet on Ubuntu 18.04

Posted on August 5, 2019 by David Singer

Category: Technical Support | Tags: Automation, CentOS 7, Firewall, Puppet, Ubuntu, Ubuntu 18.04

Reading Time: 9 minutes

What is Puppet?

In this tutorial, we will install Puppet on a Ubuntu 18.04 server. Puppet is an open core, server based, task management type of automation software that is primarily used to limit your interactions for many of the mundane, day to day server tasks that used to require personal intervention.

This software allows you as the server owner to delegate specific functions to the software, thereby freeing you up for more critical business efforts. Puppet is a master/client based system that can interact with both Windows and Linux servers. The Puppet master server is run from a Linux server (a small downside given the time and effort it will save in the long run) but, can control efforts on other server types as well.

The work that needs to be completed on the remote server is defined by a configuration file called a manifest file. This file contains the instructions for the group or type of server(s) being controlled. A few of the tasks types that can be implemented are:

Quickly modify an action or process on the fly to a single server or a group of servers
Disperse or share a script among multiple servers and then run that script
Stop/Restart server services before or after a particular event has occurred
Implement changes in a specific order to a unique process
Execute an action(s) at a specific time over multiple groups of servers at a time of your choosing

Additionally, you can control which users can access and perform a set of tasks and have the changes documented in an audit trail log for later review and evaluation. If you have difficulty in selecting work that needs to be performed, you can search PuppetForge site to see if a manifest file already exists, so you’re not wasting time reinventing the wheel!

System Prerequisites and Requirements

Puppet’s master server calls for an increased amount of resources to satisfy the many remote requests from the clients, so a larger server with more RAM is needed if many clients are requesting updates. The number of resources required on the master will depend on the following information:

The number of remote clients the master server is controlling
How often the remote clients are asking for updates
The number of resources that are managed on each remote client
The intricacy of the manifest files and modules being used by the master server

Note

The puppet master server will not run on windows. It must be run on a Linux server.

Hardware Requirements

Client Server:

There is no specific minimum resource required to run the puppet client software.

Master Server:

The resources for the puppet master server will be based on the number of client servers, the tasks being performed, the timeframe of each request, and the number of managed resources on the client servers. According to puppet labs, the following chart can be used to approximate the necessary resources on a master server.

Node volume	Cores	Heap	ReservedCodeCache
dozens	2	1 GB	n/a
1,000	2-4	4 GB	512M

Naming Resolution and Timekeeping

Naming Resolution

When setting up the client for install, there are a few caveats which need to be addressed first. The initial concerns will be utilizing a consistent naming scheme across the master and clients. This will allow for an easy way to allow for the addition of more clients down the road. Using server names like puppetclient01.domain.com or pc01.domain.com on the client indicates that this will be the first puppet client server. Using PM01.domain.com for the puppet master server will allow the client to locate and connect with the master easily. This change can be made in the puppet configuration file.

Timekeeping

For the master and clients to sync up correctly during task runs, we need to ensure that the Network Time Protocol (NTP) service is installed and running on the servers that are being used. This allows the master server to act as the certificate authority for the clients that are linked to it. This will reduce the number of certificate errors that can be encountered if this service is off. To verify the NTP settings are correct, use the timedatectl command:

root@host [~] timedatectl Local time: Wed 2019-05-29 17:18:51 EDT Universal time: Wed 2019-05-29 21:18:51 UTC RTC time: Wed 2019-05-29 21:18:52 Time zone: America/New_York (EDT, -0400) System clock synchronized: yes systemd-timesyncd.service active: yes RTC in local TZ: no
Configuring the Firewall

When using a master/client type of environment, the master server should always have a specific port open to allow for incoming server connections from the remote clients. You can utilize either of the commands below to ensure that a port is open and listening:

root@host [~] netstat -tulpn | grep LISTEN |grep 8140 root@host [~] lsof -i -P -n | grep LISTEN |grep 8140

If no answer is returned with the netstat or lsof commands, you will then need to open a port in both firewalls to enable the master/client to communicate effectively (the default port is 8140). To open a port in Ubuntu’s UFW firewall, try this command:

root@host [~] ufw allow 8140/tcp Rules updated Rules updated (v6) root@host [~]

Installation

Puppet Master Server Install

There are multiple versions of puppet available for Ubuntu, but in this article, we will be using the version for Ubuntu 18.04 (Bionic). On Ubuntu 18.04, you will need to enable the universe repository, which contains all the packages necessary to install the Puppet “Master” Server. To enable this repo from the command line, simply run:

root@host[~] add-apt-repository "deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc) universe" && apt-get update root@host[~] add-apt-repository "deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc) universe" Hit:1 http://us.archive.ubuntu.com/ubuntu bionic InRelease Get:2 http://us.archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB] Get:3 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB] Get:4 http://us.archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB] Get:5 http://us.archive.ubuntu.com/ubuntu bionic-updates/main i386 Packages [517 kB] Get:6 http://archive.ubuntu.com/ubuntu bionic InRelease [242 kB] Get:7 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages [618 kB] Get:8 http://archive.ubuntu.com/ubuntu bionic/universe amd64 Packages [8570 kB] Get:9 http://archive.ubuntu.com/ubuntu bionic/universe i386 Packages [8531 kB] Get:10 http://archive.ubuntu.com/ubuntu bionic/universe Translation-en [4941 kB] Fetched 23.7 MB in 4s (5666 kB/s) Reading package lists... Done root@host[~]

Now, let’s run a quick update to ensure we have access to all the software in that repo:

root@host [~] apt-get update Hit:1 http://us.archive.ubuntu.com/ubuntu bionic InRelease Hit:2 http://us.archive.ubuntu.com/ubuntu bionic-updates InRelease Get:3 http://us.archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB] Get:4 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB] Hit:5 http://archive.ubuntu.com/ubuntu bionic InRelease Fetched 163 kB in 1s (315 kB/s) Reading package lists... Done

Once this repo has been enabled and updated, let’s run the installation command:

root@host [~] apt install puppetmaster Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: augeas-lenses debconf-utils facter fonts-lato hiera javascript-common libaugeas0 libboost-filesystem1.65.1 libboost-locale1.65.1 libboost-log1.65.1 libboost-program-options1.65.1 libboost-regex1.65.1 libboost-system1.65.1 libboost-thread1.65.1 libcpp-hocon0.1.6 libfacter3.10.0 libjs-jquery libleatherman-data libleatherman1.4.0 libruby2.5 libyaml-cpp0.5v5 puppet puppet-master rake ruby ruby-augeas ruby-deep-merge ruby-did-you-mean ruby-json ruby-minitest ruby-net-telnet ruby-power-assert ruby-selinux ruby-shadow ruby-test-unit ruby2.5 rubygems-integration unzip zip Suggested packages: augeas-doc mcollective-common puppet-common apache2 | lighttpd | httpd augeas-tools ruby-rrd ruby-hocon ri ruby-dev bundler The following NEW packages will be installed: augeas-lenses debconf-utils facter fonts-lato hiera javascript-common libaugeas0 libboost-filesystem1.65.1 libboost-locale1.65.1 libboost-log1.65.1 libboost-program-options1.65.1 libboost-regex1.65.1 libboost-system1.65.1 libboost-thread1.65.1 libcpp-hocon0.1.6 libfacter3.10.0 libjs-jquery libleatherman-data libleatherman1.4.0 libruby2.5 libyaml-cpp0.5v5 puppet puppet-master puppetmaster rake ruby ruby-augeas ruby-deep-merge ruby-did-you-mean ruby-json ruby-minitest ruby-net-telnet ruby-power-assert ruby-selinux ruby-shadow ruby-test-unit ruby2.5 rubygems-integration unzip zip 0 upgraded, 40 newly installed, 0 to remove and 0 not upgraded. Need to get 10.9 MB of archives. After this operation, 50.0 MB of additional disk space will be used. Do you want to continue? [Y/n] Y ... (lots of output) ... Setting up puppet (5.4.0-2ubuntu3) ... Setting up puppet-master (5.4.0-2ubuntu3) ... Created symlink /etc/systemd/system/puppetmaster.service → /lib/systemd/system/puppet-master.service. Created symlink /etc/systemd/system/multi-user.target.wants/puppet-master.service → /lib/systemd/system/puppet-master.service. Setting up puppetmaster (5.4.0-2ubuntu3) ... Processing triggers for libc-bin (2.27-3ubuntu1) ... Processing triggers for ureadahead (0.100.0-21) ... Processing triggers for systemd (237-3ubuntu10.21) ... root@host [~]

Note

Remember, the master puppet server will require an ample amount of RAM to run smoothly so, be sure to take that into account when creating your server.

Puppet Client Install

Puppet Client Dependencies

If you are installing the Puppet client using one of the official packages in your distributions repo, your system’s package manager should ensure that the proper dependencies have been met and are installed.

On the client server (or servers), enter the following command:

root@host [~] apt install puppet Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: augeas-lenses debconf-utils facter fonts-lato hiera javascript-common libaugeas0 libboost-filesystem1.65.1 libboost-locale1.65.1 libboost-log1.65.1 libboost-program-options1.65.1 libboost-regex1.65.1 libboost-system1.65.1 libboost-thread1.65.1 libcpp-hocon0.1.6 libfacter3.10.0 libjs-jquery libleatherman-data libleatherman1.4.0 libruby2.5 libyaml-cpp0.5v5 rake ruby ruby-augeas ruby-deep-merge ruby-did-you-mean ruby-json ruby-minitest ruby-net-telnet ruby-power-assert ruby-selinux ruby-shadow ruby-test-unit ruby2.5 rubygems-integration unzip zip Suggested packages: augeas-doc mcollective-common puppet-common apache2 | lighttpd | httpd augeas-tools ruby-rrd ruby-hocon ri ruby-dev bundler The following NEW packages will be installed: augeas-lenses debconf-utils facter fonts-lato hiera javascript-common libaugeas0 libboost-filesystem1.65.1 libboost-locale1.65.1 libboost-log1.65.1 libboost-program-options1.65.1 libboost-regex1.65.1 libboost-system1.65.1 libboost-thread1.65.1 libcpp-hocon0.1.6 libfacter3.10.0 libjs-jquery libleatherman-data libleatherman1.4.0 libruby2.5 libyaml-cpp0.5v5 puppet rake ruby ruby-augeas ruby-deep-merge ruby-did-you-mean ruby-json ruby-minitest ruby-net-telnet ruby-power-assert ruby-selinux ruby-shadow ruby-test-unit ruby2.5 rubygems-integration unzip zip 0 upgraded, 38 newly installed, 0 to remove and 13 not upgraded. Need to get 10.9 MB of archives. After this operation, 49.9 MB of additional disk space will be used. Do you want to continue? [Y/n] y Type in "y" to continue Get:1 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 fonts-lato all 2.0-2 [2698 kB] Get:2 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 augeas-lenses all 1.10.1-2 [300 kB] Get:3 http://us.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 debconf-utils all 1.5.66ubuntu1 [56.6 kB] ... Lots of Scrolling checks and installs ... Setting up ruby-selinux (2.7-2build2) ... Setting up ruby-deep-merge (1.1.1-1) ... Setting up hiera (3.2.0-2) ... Setting up puppet (5.4.0-2ubuntu3) ... Processing triggers for libc-bin (2.27-3ubuntu1) ... Processing triggers for ureadahead (0.100.0-21) ... Processing triggers for systemd (237-3ubuntu10.21) ... root@host [~]

Puppet Configuration

Because Puppet contains more than 200 configuration settings, you may want to review the specific config reference located at puppet.com to ensure you are using the settings that are unique to your server/client setup. These settings provide a more comprehensive array of available options in modifying your server to suit your specific needs. These settings are located within the puppet.conf file. For most servers, you will only need to adjust about 20 settings or so in the file depending on how you want to configure your server.

To set the needed values in the puppet.conf file, you can use the command in the CLI below to modify those settings:

root@host [~] puppet config set <SETTING NAME> <VALUE> --section <CONFIG SECTION>

Configuration Sections

The “–section” preference specifies which section of puppet.conf to change. This is optional and will default to the main section. Official sections are:

main (default) — used by all the commands and/or services
master — is used by the Puppet master service itself and, the puppet cert command
agent — is used by Puppet’s agent service
user — is used by the puppet “apply“ command and, most other commands

A working example of this command would look something like this:

root@host [~] puppet config set reports puppetdb --section master root@host [~] puppet config set ordering manifest

Here are some of the most commonly used settings in the puppet.conf configuration file:

dns_alt_names – This is a list of hostnames a server can use as the Puppet master server.
environment_timeout – This setting determines the length of time the puppet master server should cache information it pulls from a client environment. The default setting here is usually 0 and should not be modified unless there is a specific reason to change it. If a need is recognized, it should be set to unlimited. If this setting is enabled, it will override the environment_timeout setting in the puppet.conf
environmentpath – This is a global setting that defines the environment paths where Puppet locates specific directories.
basemodulepath – The basemodulepath lists directories which contain global Puppet modules that can be accessed by default.
reports – The reports setting defines which handler reports will be used:
- HTTPS – This processor will send reports via HTTP or HTTPS as a ‘POST’ request to the address noted in the ‘reporturl’ option.
- Log – This processor will send a report to the servers local default log destination which is usually /var/log/syslog.
- Store – This processor will send a dump of the YAML file to a local directory (that is usually defined in the ‘reportdir’ setting in the puppet.conf)

In Conclusion

Overall, Puppet is an excellent configuration tool that can be utilized in automating the upkeep of your infrastructure in a stable, secure, and reliable fashion. It is a proven, duplicable system to ensure your server is kept up-to-date while using fewer of your teams’ precious resources.

If you have installed Puppet and want to learn more, the following links will allow you to practice your skills!

Learn Puppet
The Puppet Learning VM interactive tutorial
The Tools for Learning Puppet: Command Line, Vim & Git

If you have further thoughts or questions about this tool and how Puppet can be beneficial in your current environment, simply reach out to one of our Solutions experts or one of our Support technicians and open a chat with us, give us a call at 800.580.4985 or, open a ticket with us at support@liquidweb.com, and we will try to provide answers to all of your thoughts and questions to ensure you are pointed in the right direction!

Thank you for hosting at Liquidweb!

About the Author: David Singer

I am a g33k, Linux blogger, developer, student, and former Tech Writer for Liquidweb.com. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....