Make sure that you have populated hostname properly on the puppet master server. You can do it with the hostnamectl command.
The hostname assumed by default is “puppet” for your puppet master, but you can give it anyname and reachable over your network to other servers with the mapped FQDN.
Its good practice to setup the /etc/hosts with an alias name called puppet if you are just starting for first time.
Installing the puppet yum repository sources to download the puppet packages.
[root@puppetmaster ~]# sudo rpm -Uvh https://yum.puppet.com/puppet5-release-el-7.noarch.rpm Retrieving https://yum.puppet.com/puppet5-release-el-7.noarch.rpm warning: /var/tmp/rpm-tmp.ibJsVY: Header V4 RSA/SHA256 Signature, key ID ef8d349f: NOKEY Preparing... ################################# [100%] Updating / installing... 1:puppet5-release-5.0.0-12.el7 ################################# [100%]
Installing the Puppet Master service from the yum repository.
[root@puppetmaster ~]# yum install puppetserver Verify which packages are installed on your machine
[root@puppetmaster ~]# rpm -qa | grep -i puppet puppetserver-5.3.13-1.el7.noarch puppet5-release-5.0.0-12.el7.noarch puppet-agent-5.5.20-1.el7.x86_64
Ensure that you give the following entries updated in the file /etc/puppetlabs/puppet/puppet.conf under the section
[master] certname = puppetmaster.linuxcent.com server = puppetmaster.linuxcent.com
Enabling the puppetserver Daemon and starting puppetserver
[root@puppetmaster ~]# systemctl enable puppetserver [root@puppetmaster ~]# systemctl start puppetserver
The puppet server process starts on the port 8140.
[root@puppetmaster ~]# netstat -ntlp | grep 8140 tcp6 0 0 :::8140 :::* LISTEN 21084/java
Settingup the puppet client.
Installing the yum repository to download the puppet installation packages.
[vamshi@node01 ~]$ sudo rpm -Uvh https://yum.puppet.com/puppet5-release-el-7.noarch.rpm
Installing the puppet agent.
[vamshi@node01 ~]$ sudo yum install puppet-agent
Once we have the puppet agent installed, we need to update the puppet client configuration with the puppetmaster FQDN by updating in the file /etc/puppetlabs/puppet/puppet.conf under the [master] section
[master] certname = puppetmaster.linuxcent.com server = puppetmaster.linuxcent.com
Running the puppet agent to setup communication with the puppet master
[vamshi@node01 ~]$ sudo puppet agent --test Info: Using configured environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Retrieving locales Info: Caching catalog for node01.linuxcent.com Info: Applying configuration version '1592492078' Info: Creating state file /opt/puppetlabs/puppet/cache/state/state.yaml Notice: Applied catalog in 0.02 seconds
With this we have successfully raised the signing request to the master
Listing the puppet agent details on the puppet master.
[root@puppetmaster ~]# puppet cert list --all "node01.linuxcent.com" (SHA256) 88:08:8A:CF:E3:5B:57:1C:AA:1C:A3:E5:36:47:60:0A:55:6F:C2:CC:9C:09:E1:E7:85:63:2D:29:36:3F:BF:34
[root@puppetmaster ~]# puppet cert sign node01.linuxcent.com Signing Certificate Request for: "node01.linuxcent.com" (SHA256) 88:08:8A:CF:E3:5B:57:1C:AA:1C:A3:E5:36:47:60:0A:55:6F:C2:CC:9C:09:E1:E7:85:63:2D:29:36:3F:BF:34 Notice: Signed certificate request for node01.linuxcent.com Notice: Removing file Puppet::SSL::CertificateRequest node01.linuxcent.com at '/etc/puppetlabs/puppet/ssl/ca/requests/node01.linuxcent.com.pem' Now that we have successfully signed the puppet agent request, we are able to see the + sign on the left side of the agent host name as demonstrated in the following output.
[root@puppetmaster ~]# puppet cert list --all + "node01.linuxcent.com" (SHA256) 15:07:C2:C1:51:BA:C1:9C:76:06:59:24:D1:12:DC:E2:EE:C1:47:35:DD:BD:E8:79:1E:A5:9E:1D:83:EF:D1:61
The respective ssl signed requests will be saved under the location /etc/puppetlabs/puppet/ssl/ca/signed
[root@node01 signed]# ls node01.linuxcent.com.pem puppet.linuxcent.com.pem
To clean up and agent certificates
puppet cert clean node01.linuxcent.com
Which will remove the agent entries from the puppetmaster records and a new certificate request is required to be added to this puppetmaster.
The autosign.conf can also be used if you are going to manage a huge farm of puppet clients, and the manual signing of clients becomes are tedious task, We can setup the whiledcard like *.linuxcent.com to auto approve the signing requests originating from the client hosts present in the network domain of linuxcent.com.