Christian WellsPuppet is a powerful configuration management and automation tool that allows DevOps teams to efficiently deploy servers and applications. With Puppet, all configuration information is stored on a central “Puppet Server,” and “Agent” nodes pull this configuration to ensure consistent and automated system management. In this guide, we will walk you through the process of installing and configuring the Puppet server and agent on Debian 11 Bullseye.
Prerequisites
Before we begin, make sure you have the following:
- Two Debian 11 servers: one for the Puppet server and another for the Puppet agent.
- Root access or a user with root/sudo privileges on both servers.
Setting Up FQDN
To ensure proper communication between the Puppet server and agent, we need to set up the Fully Qualified Domain Name (FQDN) for each server.
Step 1: Set up FQDN on the Puppet Server
On the Puppet server, run the following command to set up the FQDN:
sudo hostnamectl set-hostname puppet-server.localdomain.lan
Step 2: Set up FQDN on the Puppet Agent
On the Puppet agent server, run the following command to set up the FQDN:
sudo hostnamectl set-hostname agent.localdomain.lan
Step 3: Edit the /etc/hosts File
Next, edit the /etc/hosts file on both servers using a text editor like vim or nano:
sudo vim /etc/hosts
Add the following lines to the file, replacing the IP addresses and hostnames with the actual values for your servers:
192.168.5.100 puppet-server.localdomain.lan 192.168.5.150 agent.localdomain.lan
Save the file and exit the editor.
Step 4: Verify Connectivity
To ensure that the servers can communicate with each other using the configured FQDNs, run the following ping commands on both servers:
ping puppet-server.localdomain.lan -c 3 ping agent.localdomain.lan -c 3
If the configuration is correct, you should see successful ping responses.
Adding Puppet Repository
Before we can install Puppet, we need to add the Puppet repository to both the Puppet server and agent servers.
Step 1: Download the Puppet Repository Package
Download the Puppet repository package for Debian 11 Bullseye using the wget command:
wget https://apt.puppet.com/puppet7-release-bullseye.deb
Step 2: Install the Puppet Repository Package
Install the downloaded package using the dpkg command:
sudo dpkg -i puppet7-release-bullseye.deb
Step 3: Update the Package Index
Update the package index to ensure that the Puppet packages are available for installation:
sudo apt update
Installing Puppet Server
Now that we have added the Puppet repository, we can proceed with the installation of the Puppet server on the Puppet server machine.
Step 1: Install Puppet Server
Install the Puppet server package using the following command:
sudo apt install puppetserver
During the installation, you will be prompted to confirm the installation. Type ‘Y’ and press Enter to proceed.
Step 2: Configure Puppet Server
After the installation is complete, we need to configure the Puppet server.
Configure Environment Variables
Puppet stores its binary files in the /opt/puppetlabs/bin directory. To ensure that the Puppet server’s binaries are easily accessible, we need to set up the environment variables.
Run the following command to apply the new $PATH environment variable for Puppet Server:
source /etc/profile.d/puppet-agent.sh echo "export PATH=$PATH:/opt/puppetlabs/bin/" | tee -a ~/.bashrc source ~/.bashrc
To verify that the environment variable is set correctly, run the following command:
echo $PATH
You should see /opt/puppetlabs/bin in the list of directories.
Configure Puppet Server Memory Allocation
Next, we need to configure the memory allocation for the Puppet server. This configuration depends on the available system memory.
Open the Puppet server configuration file using a text editor:
sudo vim /etc/default/puppetserver
Find the line starting with JAVA_ARGS and modify it to allocate the desired amount of memory. For example, if you have 2GB of memory and want to allocate 1GB to the Puppet server, use the following configuration:
JAVA_ARGS="-Xms1g -Xmx1g"
Save the file and exit the editor.
Restart Puppet Server
After making the configuration changes, reload the systemd manager to apply the new Puppet service file:
sudo systemctl daemon-reload
Start and enable the Puppet server service:
sudo systemctl enable --now puppetserver
To verify the status of the Puppet server service, run the following command:
sudo systemctl status puppetserver
If everything is configured correctly, you should see that the service is active and running.
Step 3: Configure Firewall
If you are using a UFW firewall on your system, you need to open port 8140, which is used by the Puppet server. Run the following commands to allow incoming connections from the local subnet to the Puppet server on port 8140:
sudo ufw allow from 192.168.5.0/24 to any proto tcp port 8140 sudo ufw status
Make sure that the UFW firewall rule for port 8140 is added and enabled.
Congratulations! You have successfully installed and configured the Puppet server on your Debian 11 Bullseye machine. In the next section, we will proceed with the installation and configuration of the Puppet agent.
Installing and Configuring Puppet Agent
Now that the Puppet server is up and running, we can install and configure the Puppet agent on the Puppet agent machine.
Step 1: Install Puppet Agent
On the Puppet agent machine, install the Puppet agent package using the following command:
sudo apt install puppet-agent
Step 2: Configure Puppet Agent
After the installation is complete, we need to configure the Puppet agent.
Set Puppet Server FQDN
Set the Puppet server domain name in the Puppet agent configuration:
sudo puppet configset server puppet-server.localdomain.lan --section agent
Set Certificate Authority Server
Set the Puppet server domain name as the certificate authority server in the Puppet agent configuration:
sudo puppet configset ca_server puppet-server.localdomain.lan --section agent
Step 3: Restart Puppet Agent
Restart the Puppet agent service to apply the new configuration:
sudo systemctl restart puppet
To verify the status of the Puppet agent service, run the following command:
sudo systemctl status puppet
If everything is configured correctly, you should see that the service is active and running.
Step 4: Register Puppet Agent to Puppet Server
Next, we need to register the Puppet agent to the Puppet server.
Verify Connectivity
Ensure that the Puppet server FQDN is reachable from the Puppet agent machine by running the following command:
ping puppet-server.localdomain.lan -c 3
Configure Puppet Agent
Configure the Puppet agent by running the following commands on the Puppet agent machine:
sudo puppet configset server puppet-server.localdomain.lan --section agent sudo puppet configset ca_server puppet-server.localdomain.lan --section agent
Restart Puppet Agent
Restart the Puppet agent service to apply the new configuration:
sudo systemctl restart puppet
Step 5: Certificate Signing
Move to the Puppet server terminal and run the following command to check the certificate signing requests:
sudo puppetserver ca list --all
Verify the certificate signing for the Puppet agent:
sudo puppetserver ca sign --certname agent.localdomain.lan
Move back to the Puppet agent terminal, and you should see a message indicating that the certificate signing request has been successfully completed.
Step 6: Verify Puppet Certificates
To verify the list of certificates on the Puppet server, run the following command:
sudo puppetserver ca list-all
You should see two different certificates: one for the Puppet server and another for the Puppet agent.
Step 7: Verify Puppet Agent Initialization
Back on the Puppet agent machine, check the Puppet agent initialization by running the following command:
sudo puppet agent --test
If everything is configured correctly, you should see a message indicating that the SSL initialization has been completed.
Congratulations! You have successfully installed and configured the Puppet agent on your Debian 11 Bullseye machine. In the next section, we will create our first Puppet manifest.
Creating the First Puppet Manifest
Now that the Puppet server and agent are set up and communicating, we can create our first Puppet manifest. In this example, we will create a manifest for installing the LEMP stack (Nginx, MariaDB, and PHP-FPM).
Step 1: Create the Manifest Layout
Change your current working directory to the Puppet server’s manifest directory:
cd /etc/puppetlabs/code/environments/production/
Create a new layout directory for the LEMP stack under the modules directory:
mkdir -p modules/lemp/{manifests,files}
Move to the modules/lemp directory and create a new Puppet manifest file named init.pp using a text editor:
cd modules/lemp vim manifests/init.pp
Step 2: Write the Puppet Manifest
In the init.pp file, define the Puppet manifest for installing the LEMP stack. The manifest should ensure that each component of the stack (Nginx, MariaDB, and PHP-FPM) is installed and running, and create a custom index.html file.
class lemp {
Package { ensure => 'installed' }
$lemppackages = [
'nginx',
'mariadb-server',
'php-fpm'
]
package { $lemppackages: }
Service { ensure => 'running', enable => 'true' }
$lempsvc = [
'nginx',
'mariadb',
'php7.4-fpm'
]
service { $lempsvc: }
file {
'/var/www/html/index.html':
ensure => file,
content => "<h1><center>Welcome to Nginx - Managed by Puppet</center></h1>",
mode => '0644',
}
}
Save the file and exit the editor.
Step 3: Verify the Puppet Manifest
To validate the Puppet manifest syntax, run the following command:
sudo puppet parser validate /etc/puppetlabs/code/environments/production/modules/lemp/manifests/init.pp
If there are no syntax errors, you should see no output.
Step 4: Create the Site Manifest
Next, create the site manifest file that will apply the Puppet manifest to the Puppet agent. In the same directory, create a file named site.pp:
vim manifests/site.pp
In the site.pp file, define the target host, which is the Puppet agent, and include the lemp manifest:
node 'agent.localdomain.lan' { include lemp }
Save the file and exit the editor.
Step 5: Verify the Site Manifest
To validate the site manifest syntax, run the following command:
sudo puppet parser validate /etc/puppetlabs/code/environments/production/manifests/site.pp
If there are no syntax errors, you should see no output.
Verifying and Applying Puppet Manifests
At this point, we have created the Puppet manifests for installing the LEMP stack. The Puppet agent will automatically sync all the manifests to the Puppet server and apply the new configuration. However, you can also manually apply the Puppet manifests from the Puppet agent machine.
Step 1: Apply Puppet Manifests
Move back to the Puppet agent terminal and run the following command to apply the Puppet manifests manually:
sudo puppet agent -t
This command will run the Puppet manifest on the Puppet agent machine and install the LEMP stack using the lemp manifest.
Step 2: Verify LEMP Stack Services
To verify the status of each component of the LEMP stack, run the following commands:
sudo systemctl status nginx sudo systemctl status mariadb sudo systemctl status php7.4-fpm
You should see that each service is active and running.
Step 3: View the Custom Index Page
Open your web browser and enter the IP address of your Puppet agent in the address bar. You should see the custom index.html page that was created by the Puppet manifest.
Congratulations! You have successfully deployed the LEMP stack to the Puppet agent using Puppet manifests.
Conclusion
In this guide, we have covered the installation and configuration of the Puppet server and agent on Debian 11 Bullseye. We have also created our first Puppet manifest for deploying the LEMP stack. Puppet provides a powerful and efficient way to manage and automate server configurations, making it an essential tool for DevOps teams.
If you want to take your server management to the next level, consider Shape.host’s Cloud VPS services. Shape.host offers scalable and secure cloud hosting solutions, empowering businesses with reliable and efficient cloud infrastructure. Visit Shape.host to learn more about their services and how they can help you streamline your server management processes.
