Puppet requires an agent to be able to enforce configurations. This tutorial will explain you how to install and configure the puppet agent on a system. The only way to mass deploy the Puppet agent is through an orchestration tool (such as Ansible).
The Puppet agent can be installed and maintained using the same repository as the Puppet server: the Puppet Labs repository. Perform the following steps:
- Download the Puppet Labs repository installer via the following command:
~]# curl -Lo /tmp/puppetlabs-release-el-7.noarch.rpm https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
- Install the Puppet Labs repository by executing the following command:
~]# yum install -y /tmp/puppetlabs-release-el-7.noarch.rpm
- Use the following command to download the EPEL repository installer:
~]# curl -Lo /tmp/epel-release-latest-7.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
- Now, install the
rpmEPEL repository (with
yum) through the following command line:
~]# yum install -y /tmp/epel-release-latest-7.noarch.rpm
- Install the Puppet agent; you can run the following command:
~]# yum install -y puppet
- Next, configure the agent so that it will connect to your Puppet Master.
- Add your Puppet Master to the
/etc/puppet/puppet.conf, as follows:
server = rhel7.critter.be
- Start the Puppet agent by executing the following command:
~]# systemctl start puppet
- Then, enable the Puppet agent by running the following:
~]# systemctl enable puppet
- Finally, sign the new node’s certificate on Puppet Master, as follows:
~]# puppet cert sign rhel7-client.critter.be
Instead of signing every single certificate individually, you can sign the certificate for all systems that have been registered with Puppet Master by executing the following:
~]# puppet cert sign –all
If you start looking for puppet unit files in
/lib/systemd/system, you’ll also find a
puppetagent.service unit file. The
puppetagent.service unit file is actually a soft link to the
puppet.service unit file.
If you don’t want to set the server property in the
/etc/puppet/puppet.conf file, you can do this by defining a
puppet DNS entry that points to Puppet Master in all the DNS domain zones.
The Puppet agent is known to consume memory. In order to mitigate this, the Puppet agent can be run as a cron job. This would release some memory, but you would lose the flexibility of pushing new configurations from Master.
This will create a cron job that launches the Puppet agent once every
30 minutes, as follows:
~]# puppet resource cron puppet-agent ensure=present user=root minute=30 command='/usr/bin/puppet agent --onetime --no-daemonize --splay'
The Puppet agent can also be configured to run in the
Masterless mode. This means that you will take care of distributing your puppet modules and classes yourself instead of Puppet taking care of this. This implies that you will synchronize all modules and classes, even those that are not used by the system, which can be a security risk.