Unlike Ansible, Puppet requires an agent to be able to enforce configurations. This recipe will teach you how to install and configure the puppet agent on a system. The only way to mass deploy the Puppet agent is through an orchestration tool (such as Ansible).
The Puppet agent can be installed and maintained using the same repository as the Puppet server: the Puppet Labs repository. Perform the following steps:
~]# curl -Lo /tmp/puppetlabs-release-el-7.noarch.rpm https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
~]# yum install -y /tmp/puppetlabs-release-el-7.noarch.rpm
~]# curl -Lo /tmp/epel-release-latest-7.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm
EPEL repository (with yum
) through the following command line:~]# yum install -y /tmp/epel-release-latest-7.noarch.rpm
~]# yum install -y puppet
[main]
section of /etc/puppet/puppet.conf
, as follows:server = rhel7.critter.be
~]# systemctl start puppet
~]# systemctl enable puppet
~]# puppet cert sign rhel7-client.critter.be
Instead of signing every single certificate individually, you can sign the certificate for all systems that have been registered with Puppet Master by executing the following:
~]# puppet cert sign –all
If you start looking for puppet unit files in /lib/systemd/system
, you'll also find a puppetagent.service
unit file. The puppetagent.service
unit file is actually a soft link to the puppet.service
unit file.
If you don't want to set the server property in the /etc/puppet/puppet.conf
file, you can do this by defining a puppet
DNS entry that points to Puppet Master in all the DNS domain zones.
The Puppet agent is known to consume memory. In order to mitigate this, the Puppet agent can be run as a cron job. This would release some memory, but you would lose the flexibility of pushing new configurations from Master.
This will create a cron job that launches the Puppet agent once every 30
minutes, as follows:
~]# puppet resource cron puppet-agent ensure=present user=root minute=30 command='/usr/bin/puppet agent --onetime --no-daemonize --splay'
The Puppet agent can also be configured to run in the Masterless
mode. This means that you will take care of distributing your puppet modules and classes yourself instead of Puppet taking care of this. This implies that you will synchronize all modules and classes, even those that are not used by the system, which can be a security risk.