Your browser doesn't support the features required by impress.js, so you are presented with a simplified version of this presentation.

For the best experience please use the latest Chrome, Safari or Firefox browser.

CIS 527

Lecture 9 - Puppet Enterprise

Learning Puppet

Much of this lecture's content is adapted from the Learning Puppet series on http://docs.puppetlabs.com/learning/

Single Puppet

Image Credit: Puppet Labs

Agent/Master Mode

Image Credit: Puppet Labs

Today's Plan

  1. Set up the Puppet Learning VM
  2. Duplicate the VM for an Agent and Server configuration
  3. Reconfigure one VM as an Agent
  4. Get the two VMs to communicate
  5. Install a module on the server and apply it on the client

1. Set up the Puppet Learning VM

  1. It is on the Transient drive in the installers folder
  2. Copy it to your folder on the transient drive or a local drive
  3. Unzip the file (this may take a bit)

2. Duplicate VM

  1. Make sure your VM is off
  2. Copy the file on disk
  3. Open it in VMWare
  4. Make sure both are set to NAT networking
  5. Start both VMs

3. Reconfigure VM

wget http://docs.puppetlabs.com/learning/
            files/learningpuppet.tar.gz
tar -xzf learningpuppet.tar.gz
mv learningpuppet /etc/puppetlabs/puppet/modules/
puppet apply -e "class {'learningpuppet::makeagent':}"

4. Communication

  1. Ping by IP address
    • facter ipaddress_eth0
  2. Reach the puppet master by name
    <ip_address> learn.localdomain learn
puppet.localdomain puppet
  3. Firewalls are off
  4. Synchronized clocks
    • date -u

Puppet Agent

Puppet agent command runs in 2 modes:


You can stop it by running 

/etc/init.d/pe-puppet stop

First Try

Let's try it by running:

puppet agent --test

First Try

Let's try it by running:

puppet agent --test

[root@agent1 ~]# puppet agent --test
info: Creating a new SSL key for agent1.localdomain
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
info: Creating a new SSL certificate request for agent1.localdomain
info: Certificate Request fingerprint (md5): FD:E7:41:C9:2C:B7:5C:27:11:0C:8F:9C:1D:F6:F9:46
Exiting; no certificate found and waitforcert is disabled

What Happened?

Signing SSL Certificates

On the Master VM:

puppet cert list

Signing SSL Certificates

On the Master VM:

puppet cert list
agent1.localdomain (FD:E7:41:C9:2C:B7:5C:27:11:0C:8F:9C:1D:F6:F9:46)

Signing SSL Certificates

On the Master VM:

puppet cert list  
agent1.localdomain (FD:E7:41:C9:2C:B7:5C:27:11:0C:8F:9C:1D:F6:F9:46)

puppet cert sign agent1.localdomain

Signing SSL Certificates

On the Master VM:

puppet cert list 
agent1.localdomain (FD:E7:41:C9:2C:B7:5C:27:11:0C:8F:9C:1D:F6:F9:46)

puppet cert sign agent1.localdomain 
notice: Signed certificate request for agent1.localdomain
notice: Removing file Puppet::SSL::CertificateRequest ...

Try Again

puppet agent --test

[root@agent1 ~]# puppet agent --test
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for agent1.localdomain
info: Retrieving plugin
info: Caching certificate_revocation_list for ca
info: Loading facts in facter_dot_d
info: Caching catalog for agent1.localdomain
info: Applying configuration version '1326210629'
notice: Finished catalog run in 0.11 seconds

Configuring the site.pp file

Apply on Agent

puppet agent --test

[root@agent1 ~]# puppet agent --test
info: Retrieving plugin
info: Loading facts in facter_dot_d
notice: /Stage[main]/Ntp/Package[ntp]/ensure: created
+# Managed by puppet class { "ntp": servers => [ ... ] }
info: ntp.conf: Scheduling refresh of Service[ntp]
notice: /Stage[main]/Ntp/Service[ntp]: Triggered 'refresh' from 1 events
notice: Finished catalog run in 32.74 seconds

What's Next?

Assignments