How Do You Deploy Puppet Agent to an Ubuntu 16 Linux Server in AWS?

Updated on 4/15/18

Problem scenario

You installed Puppet Master on an AWS instance of Linux.  (See this link if you want to install Puppet Master on Ubuntu.  If you want to install Puppet Master on a Red Hat Enterprise Linux server, see this link). You now want an AWS instance of Ubuntu to be configured as a Puppet Agent node with open source Puppet version 5. You want to run a manifest to make sure that this new Puppet Agent node (i.e., server) is working with your Puppet Master server.  What do you do to install Puppet Agent on an Ubuntu server and configure it to work with Puppet Master?

Solution
This solution is for Ubuntu 16 Linux instances in AWS.  You could easily adapt this solution to other Ubuntu servers in different environments.  It explains how to deploy Puppet and apply a manifest (in combination with these directions) from scratch.  These directions have been tested to work with a Puppet Master server on either an AWS RHEL server or an AWS Ubuntu Linux server.

Prerequisite
Using AWS change the Security Group so that the inbound rules will allow connections from the Puppet Agent server.  One way of doing this is to find the internal IP addresses of the Puppet Agent server.  This Linux command should help you if ran on an Ubuntu Linux server in AWS:

ip addr show | grep inet | grep -v 127.0.0.1 | grep -v inet6 | cut -c 10-24 | awk -F "/" '/1/ {print $1}'

Using the AWS console configure the relevant AWS Security Group to allow an inbound connection from the IP address in the result above.  Disregard a trailing backslash and any CIDR or numbers to the right of the backslash (e.g., ignore any trailing "/xx").

Here is a detailed explanation of how to create an inbound connection in an AWS security group:

Go to Security Groups.  Find the relevant security group and click the "Inbound" tab.  Then click "Edit."  Click "Add Rule."  Then choose for "Type" in the dropdown menu "Custom TCP Rule."  For "Port Range" choose 8140.  For the "Source" drop down option, choose "Custom."  Enter the internal IP address of the Puppet agent like this:

x.x.x.x/32

Substitute x.x.x.x with the internal IP address (as found with the above "ip addr show" command).

Procedures
1.  On the Puppet Master server, run these four commands:

sudo puppet master
sudo puppet resource service puppet ensure=running enable=true
hostname -f
ip addr show | grep inet | grep -v 127.0.0.1 # remember the IP address result from this command

2.  On the Puppet Agent server, modify the /etc/hosts file.  It should have this stanza where x.x.x.x is the internal IP address from the Puppet Master server (the result of the last command ran in step #2) and "FQDNofPuppetMaster" is the FQDN of the Puppet Master server:

x.x.x.x puppet FQDNofPuppetMaster

3.  On the Puppet Agent node, create a file name puppetagent.sh in /tmp/.  Have the content of this file be the following:

#!/bin/bash
# Written by continualintegration.com
# This script will install Puppet agent on Debian 9 or Ubuntu 16.x
# This script will not work on Ubuntu 17.x

distro=$(cat /etc/*-release | grep NAME)

debflag=$(echo $distro | grep -i "ubuntu")
if [ -z "$debflag" ]
then   # If it is not Ubuntu, test if it is Debian.
  debflag=$(echo $distro | grep -i "debian")
  echo "determining Linux distribution..."
else
   echo "You have Ubuntu Linux!"
   curl -O https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb
   dpkg -i puppetlabs-release-pc1-xenial.deb
   apt -y update
   apt-get -y install puppet-agent
fi

if [ -z "$debflag" ]
then
  echo "You could do not have Debian Linux."
else
   echo "You are using Debian Linux."
 #  Commented out lines are provided as a reference in case you need a higher version.
 #  curl http://http.us.debian.org/debian/pool/main/p/puppet/puppet_5.4.0-2_all.deb > /tmp/puppet_5.4.0-2_all.deb
 #  dpkg -i /tmp/puppet_5.4.0-2_all.deb
 #  apt -y update
 #  apt-get -y install ruby-shadow ruby-deep-merge ruby init-system-helpers ruby-augeas puppet
   apt-get -y install puppet
fi

systemctl start puppet
systemctl enable puppet
ln -s /opt/puppetlabs/puppet/bin/puppet /usr/bin/puppet
puppet agent -t -d
#cd /tmp
#wget https://apt.puppetlabs.com/puppet5-release-xenial.deb
#dpkg -i puppet5-release-xenial.deb

4.  On the Puppet Agent node become root or assume sudoers privileges.  Run this command:

sudo bash /tmp/puppetagent.sh

5.  On the Puppet Agent node update this file: /etc/puppetlabs/puppet/puppet.conf
If you cannot find it there, use this command: sudo find / -name puppet.conf
The last line of the [main] section of this puppet.conf file should have this stanza (where FQDNofPuppetMasterserver with the result of the "hostname -f" command ran on the Puppet Master server (in step #1)):

server=FQDNofPuppetMasterserver

6.  Go to the Puppet Master server.  Run this command:  sudo puppet cert list

7.  Assuming the above had some output such as puppet.agent.continualintegration.com, run this command (but substitute puppet.agent.continualintegration.com with the FQDN that resulted from the command in step #6):

sudo puppet cert sign puppet.agent.continualintegration.com

Alternative step #7: Assuming that step #6 showed no other servers that you do not want signed, run this command:

sudo puppet cert sign --all

8.  Test it.  If you are using Puppet 5, see if you have /etc/puppetlabs/.  If the puppetlabs subdirectory was not created, your installation failed.  The "puppet" and "puppet master" commands may work however.  The command puppet -V will tell you what version you are using.  But the installation may be defective if you have not /etc/puppet/ or /etc/puppetlabs/ directory path.

a) On the Puppet Master server go to /etc/puppetlabs/manifests/.  (The directory path used to be /etc/puppet/manifests.)  Create site.pp with the following content:

  exec { 'somethingneat':
        command => '/bin/date > /tmp/continual.txt'
       }

b)  On the Puppet Agent node, run this:  sudo puppet agent -t -d

c)  Check the /tmp/ directory for the file named "continual.txt."

Leave a comment

Your email address will not be published. Required fields are marked *