Sapnesh Naik
Software Developer, Technical Writer
sapnesh@kerneldev.com
Blog Post

Set up Puppet Master and Agent on AWS EC2 [Part 2]

April 16, 2019

In the first part of this tutorial, we saw how to set up AWS EC2 instances so that they can communicate with each other. Now let’s see how we can finally set up Puppet Master and Agent on AWS EC2.

Install Puppet and Puppetmaster:

Make sure you are logged in as root while performing all of the below steps

sudo -i
  1. On Master Node: In this step, we are going to install puppetmaster, and upon installation, the puppetmaster service is automatically started, and a certificate for the master is generated and signed. Note that puppetmaster package also installs the puppet agent on the master node (which is useful in case of a single node puppet installation), but as we are trying to set up a multi-node puppet installation we ignore the puppet agent that comes along with puppetmaster.

    1. Install puppetmaster package:
    apt install puppetmaster -y
    1. Check if puppetmaster is installed properly:
    puppet --version
    1. Check if puppetmaster service is running and active:
    service puppetmaster status

    The output should look something like this:

    Puppetmaster Service Status on Puppet Master and Agent on Aws Ec2

  2. On Agent Nodes:

    1. Install the puppet package:
    apt install puppet -y
    1. Check if puppet is installed properly:
    puppet --version
    1. Edit /etc/puppet/puppet.conf and add server = puppet-master.test.org to the \[main\] section.
    vim /etc/puppet/puppet.conf

    The file should look something like this:

    /etc/puppet/puppet.conf file

Authorize Agent Nodes:

  1. On Both Agent Nodes:

    1. Start puppet agent: This step initiates the puppet agent and generates a certificate for the master to sign. The certificate is sent to the puppet master over SSL, so the transaction remains secure.
    puppet agent --no-daemonize --onetime --verbsoe

    The output looks like this:

    Puppet Agent Start

  2. On Master Node:

    1. List all certificate requests that have been made to the puppet master.
    puppet cert list -all

    The output should display the list of agent requests:

    List of Agents

    1. Now sign both agent’s certificates one by one.
    puppet cert sign puppet-agent-1.test.org
    puppet cert sign puppet-agent-2.test.org
  3. On Both Agent Nodes:

    1. Enable the puppet agent and set the server.
    puppet agent --enable
    puppet agent --server puppet-master.test.org

Create Manifests File and Add Software Configuration:

What Is a Manifests File?

  • The puppet manifests file is the actual file that contains the configuration details for the agents. This file is centrally stored at the Puppet Master.
  • The Agents can “pull” new configurations or changes to existing configurations from Puppet Master. Note that Puppet (and Chef) use “PULL” type implementation whereas automation tools like Ansible and SaltStack use “PUSH” type implementations.

We will be defining a simple configuration that defines installation of mysql-server on Agent nodes.

  • Create environments/production/manifests directory.

    mkdir -p /etc/puppet/code/environments/production/manifests/
  • cd into it and create a site.pp file (site.pp is the default manifest file)

    cd /etc/puppet/code/environments/production/manifests/
    vim site.pp
  • Define the configuration for mysql-server:

    node 'puppet-agent-1.test.org', 'puppet-agent-2.test.org' {
        package {
            'mysql-server':
                name => 'mysql-server',
                ensure => installed,
           }
    }
    • node ‘node_name’ specifies the target agent nodes to which the configuration applies to.
    • package defines a software package to be installed and also it’s attributes.
  • Validate the site.pp and check for any syntax errors.

    puppet parser validate site.pp

    The command should run successfully without any errors.

Run Puppet Agent and Apply the Configuration:

  • On Both Agent Nodes:

    • Check if mysql is installed:
    mysql

    The output should be something like:

    -bash: /usr/bin/mysql: No such file or directory

    This is expected as we have not yet applied the configuration on agent nodes.

    • Fetch and apply configuration from Master:
    puppet agent --test

    The output should show that the configuration was applied and mysql-server package was installed.

    puppet agent --test | Puppet Master and Agent on AWS EC2

    • You can confirm that mysql-server was installed by running the command mysql:
    mysql

    Now it should take you into the mysql terminal!.

Automate the Fetch and Apply Process:

It is tedious to run puppet agent --test on all your agent nodes and defeats the purpose of using a configuration management tool like Puppet in the first place. So let’s fix this by making our puppet agents periodically pull the newer configurations and updates.

  • Edit /etc/puppet/puppet.conf and add runinterval = 2m to the [main] section. This makes the agents fetch the changes every two minutes.

    vim /etc/puppet/puppet.conf

    Add Runinterval to Puppet.Conf

That’s it! the agents should now be able to fetch and apply the changes automatically.

While this tutorial shows you how to install and configure Puppet Master and Agent on AWS EC2, it does not give in-depth information on how Puppet works behind the scenes. If you are interested in learning Puppet, check out this excellent YouTube video on Puppet by edureka.

Thank you for following along in this tutorial series. Please ask any questions or doubts you might have in the comment section below.