How To's Tutorials

How To Install & configure Puppet Server on Centos 6.X / RHEL 6.X

Overview :


Puppet is an open-source & enterprise software for configuration management in UNIX like  operating system.  Puppet is a  IT automation software used to push configuration to its clients (puppet agents) using code. Puppet code can do a variety of tasks from installing new software, to check file permissions, or updating user accounts & lots of other tasks.


In this tutorial we will install & Configure Puppet Server on Centos 6.X / RHEL 6.X.


Step:1 Set up Puppet Labs Repository


# rpm -ivh


Step:2 Install the Puppet Master Packages using yum


[root@puppet ~]# yum install -y puppet-server


Step:3 Now Start the Puppet-Server & Set puppet Server to run on startup


[root@puppet ~]# /etc/init.d/puppetmaster start
[root@puppet ~]# puppet resource service puppetmaster ensure=running enable=true


Step:4 As We are Going to control puppet service via apache

So install all the required packages using yum command as shown below :


[root@puppet ~]# yum install -y httpd httpd-devel mod_ssl ruby-devel rubygems gcc-c++ curl-devel zlib-devel make automake
[root@puppet ~]# gem install rack passenger
[root@puppet ~]# passenger-install-apache2-module


Step:5 Create directory structure for Puppet Master Rack Application


# mkdir -p /usr/share/puppet/rack/puppetmasterd
# mkdir /usr/share/puppet/rack/puppetmasterd/public  /usr/share/puppet/rack/puppetmasterd/tmp
# cp /usr/share/puppet/ext/rack/files/  /usr/share/puppet/rack/puppetmasterd/
# chown puppet /usr/share/puppet/rack/puppetmasterd/


Step:6 Configure Apache & Puppet Server

Create virtual Host file for puppet


# vim /etc/httpd/conf.d/puppetmaster.conf


LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.26/buildout/apache2/
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.26
PassengerDefaultRuby /usr/bin/ruby
# And the passenger performance tuning settings:
PassengerHighPerformance On
#PassengerUseGlobalQueue On
# Set this to about 1.5 times the number of CPU cores in your master:
PassengerMaxPoolSize 6
# Recycle master processes after they service 1000 requests
PassengerMaxRequests 1000
# Stop processes if they sit idle for 10 minutes
PassengerPoolIdleTime 600
Listen 8140
<VirtualHost *:8140>
    SSLEngine On
    # Only allow high security cryptography. Alter if needed for compatibility.
    SSLProtocol             All -SSLv2
    SSLCipherSuite          HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
    SSLCertificateFile      /var/lib/puppet/ssl/certs/
    SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/
    SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
    SSLCACertificateFile    /var/lib/puppet/ssl/ca/ca_crt.pem
    SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
    SSLVerifyClient         optional
    SSLVerifyDepth        1
    #SSLOptions            +StdEnvVars +ExportCertData
    SSLOptions              +StdEnvVars

    # These request headers are used to pass the client certificate
    # authentication information on to the puppet master process
    RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

    # RackAutoDetect On
    DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
    <Directory /usr/share/puppet/rack/puppetmasterd/>
    Options None
    AllowOverride None
    Order Allow,Deny
    Allow from All


Step:7 Stop Webrick & start the apache service


# /etc/init.d/puppetmaster stop
# /etc/init.d/httpd start
# chkconfig puppetmaster off ; chkconfig httpd on



Upto Now Server Side installation and configuration Part is Completed , Now add the puppet client and push configuration to it

On the client Side(CentOS / RHEL ) follow the below Steps :


Step:8 Add puppet labs repository


# rpm -ivh


Step:9 Install the puppet package & edit hosts file


# yum install -y puppet –enablerepo=puppetlabs*


# vi /etc/hosts    <puppet-Client-Hostname>    <Puppet-Server-HostName>


Step:10  Edit /etc/puppet/puppet.conf  file & start the puppet service


# In the [agent] section

server =
report = true
pluginsync = true


# service puppet start ; chkconfig puppet on


Now run the below command on the puppet client , to retrieve local's machine configuration from the remote puppet server & apply it. In order to successfully communicate with the puppet server, the client must have a certificate signed by a ceritifcate authority that Server trust, by default puppet server runs the certificate authority itself.


# puppet agent -td


Step:11 On the Server side sign the certificate of puppet clients


Check to see if  new node attempts to join the puppet master using below command on puppet master


# puppet cert list


Sign the Certs using below Command from Puppet Master


# puppet cert sign --all


comments powered by Disqus