puppet-master-server, centos 7

Create puppet master server

Puppet is a configuration automation platform that simplifies various system administrator tasks. Puppet uses a client/server model where the managed servers, called Puppet agents, talk to and pull down configuration profiles from the Puppet master.

Install and Configure Puppet

Puppet is written in its own custom language, meant to be accessible to system administrators. A module, located on the Puppet master, describes the desired system. The Puppet software then translates the module into code and alters the agent servers as needed when the puppet agent command is run on an agent node or automatically at designated intervals.

Puppet can be used to manage multiple servers across various infrastructures, from a group of personal servers up to an enterprise level operation. It is intended to run on Linux and other Unix-like operating systems, but has also been ported to Windows.


Master /Agent:

In this architecture, managed nodes run the puppet agent software, as a background service. On another hand, one or more servers run the master application, i,e. puppet server.
Puppet agent periodically sends facts to the puppet master and request a catalog. The master compiles and returns that particular node’s catalog, using the sources of information it has access to.

The Stand-Alone Architecture:

In this architecture, each managed nodes has its copy of the configuration info and compiles its own catalog. It runs the puppet apply application, as a cron job.


Here, we will configure a puppet in master/agent architecture and will use two CentOS 7.

Puppet Master:

Operating system : CentOS 7
IP Address       :
HostName         : puppetmaster

Puppet Client:

Operating system : CentOS 7
IP Address       :
HostName         : puppetclient
Install NTP:

Timings of the master and client nodes should be accurately in sync with upstream time servers because Puppet master server master will be acting as the certificate authority.

(If the time is wrong, it might mistakenly issue agent certificates from the distant past or future date, which other nodes will treat as expired.)

Install the NTP package and perform the time sync with upstream NTP servers.

# yum -y install ntp
# systemctl start ntpd 
# systemctl enable ntpd

Ensure that all the nodes are in same time zone using date command. If there are any discrepancies, change it accordingly. List the available time zones.

# timedatectl list-timezones

Set the time zone using the following command.

# timedatectl set-timezone Europe/Amsterdam

Puppet architecture uses the hostname to communicate with the managed nodes, so make sure nodes can resolve the hostname each other, either setup file or DNS server. My /etc/hosts looks like the following: puppetmaster puppetclient 
Puppet Repository:

To install the puppet master/agent, we would require to add a puppet repository on the all the nodes. Note: Setup repository on both master and agent nodes.
Get the PupperLabs repository rpm and install it.

# rpm -Uvh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
Install Puppet Server:

Puppet Server is the server software that runs on the puppet master node. Puppet master pushes the configurations to managed nodes (puppet-agent).

Install the Puppet server using below command.

# yum install -y puppetserver

Puppet server is now installed but do not start the puppet server service yet.

Configure puppet master server:

Memory Allocation (Optional):
By default, Puppet Server JVM is configured to use 2GB of memory. You can change it, depends on how much memory available on your master node; ensure that it is enough for managing all the nodes connected to it.

To change the value of memory allocation, edit the below file.

# vi /etc/sysconfig/puppetserver

Change the value shown like below.

JAVA_ARGS="-Xms2g -Xmx2g

For 512MB, use below settings.

JAVA_ARGS="-Xms512m -Xmx512m"
Start Puppet Server:

Puppet master does not require any configuration; you can simply start the puppetserver service. It will use the default settings.

The default Puppet master hostname is a puppet, so you need to use server = puppet in the puppet-agent configuration file.

If you want to change puppet master hostname, follow the below procedure.

Advanced Configurations (optional):

Here, I’m going to modify the Puppet master settings for our requirement.

# vi /etc/puppetlabs/puppet/puppet.conf

Place the below lines. Modify it according to your environment.

certname = puppetmaster
server = puppetmaster
environment = production
runinterval = 600 (10 min, normal 1h)

Start and enable the Puppet Server.

# systemctl start puppetserver
# systemctl enable puppetserver

The Puppet master listens on port 8140, so configure the firewall in such way that managed nodes can connect to the master.

# firewall-cmd --permanent --zone=public --add-port=8140/tcp
# firewall-cmd --reload
Check puppet log:

Check te puppet log if the server is accepting requests.

# tailf /var/log/puppetlabs/puppetserver/puppetserver.log
INFO  [async-dispatch-2] [p.s.m.master-service] Puppet Server has successfully started and is now ready to handle requests
Puppet client server

In my next blog I will setup a puppet client environment, so it can communicate with the puppet master server.