How Do You Deploy Puppet Agent to a RedHat Linux Instance in AWS?

Problem scenario
You installed Puppet Master on an AWS instance of RedHat Enterprise Linux.  (See this link if you want to install Puppet Master.) You now want another AWS instance of RHEL 7.x to be configured as a Puppet Agent node. You want to run a manifest to make sure that this new Puppet Agent node (i.e., server) is working with your Puppet Master server.  What do you do to install Puppet Agent 5.x on a RedHat Linux server and configure it to work with Puppet Master?

Solution
This solution is for RHEL 7.3 instances in AWS.  You could easily adapt this solution to other RedHat servers in different environments.  It explains how to deploy Puppet and apply a manifest (in combination with these directions) from scratch.

Prerequisite
Using AWS change the Security Group so that the inbound rules will allow connections from the Puppet Agent server.  One way of doing this is to find the internal IP addresses of the Puppet Agent server.  This command should help you if run on a Linux server in AWS:

ip addr show | grep inet | grep -v 127.0.0.1 | grep -v inet6 | cut -c 10-24 | awk -F "/" '/1/ {print $1}'

Configure the relevant AWS Security Group allow an inbound connection from the IP address in the result above.  

Here is a detailed explanation of how to create an inbound connection:
Go to Security Groups.  Find the relevant security group and click the Inbound tab.  Then click "Edit."  Click "Add Rule."  Then choose for "Type" in the dropdown menu "Custom TCP Rule."  For "Port Range" choose 8140.  For the "Source" drop down option, choose "Custom."  Enter the internal IP address of the Puppet agent like this:

x.x.x.x/32

Substitute x.x.x.x with the internal IP address (as found with the above "ip addr show" command).

Procedures
1.  On the Puppet Master server run these three commands:

sudo puppet master restart
hostname -f
ip addr show | grep inet | grep -v 127.0.0.1 | grep -v inet6 | cut -c 10-24 | awk -F "/" '/1/ {print $1}'

# Remember the IP address from the last command above.  Disregard any trailing backslash "/" or numbers thereafter.

2.  On the Puppet Agent server, modify the /etc/hosts file.  It should have this stanza where x.x.x.x is the internal IP address from the Puppet Master server (the result of the last command ran in step #2):

x.x.x.x puppet

3.  On the Puppet Agent node, run these two commands:

sudo rpm -ivh https://yum.puppetlabs.com/puppet5/puppet5-release-el-7.noarch.rpm
sudo yum -y install puppet

4.  On the Puppet Agent node update this file: /etc/puppetlabs/puppet/puppet.conf
The last line of the [main] section of this puppet.conf file should have this stanza (where FQDNofPuppetMasterserver with the result of the "hostname -f" command ran on the Puppet Master server (in step #2)):

server=FQDNofPuppetMasterserver

5.  Run these two commands on the Puppet agent node:

sudo ln -s /opt/puppetlabs/bin/puppet /usr/bin/puppet
sudo puppet agent

6.  Go to the Puppet Master server.  Run this command:  sudo puppet cert list --all

7.  Assuming the above had some output such as puppet.agent.continualintegration.com, from the Puppet  Master server run this command (but substitute puppet.agent.continualintegration.com with the FQDN that resulted from the command in step #7):

sudo puppet cert sign puppet.agent.continualintegration.com

Alternative step #8: Assuming that step #7 showed no other servers that you do not want signed, run this command:

sudo puppet cert sign --all

8.  Test it.

a) On the Puppet Master server go to /etc/puppetlabs/code/environments/production/manifests/.  Create site.pp with the following content (replace the FQDN):

  exec { 'somethingneat':
        command => '/bin/date > /tmp/continual.txt'
       }

b)  On the Puppet Agent node, run this:

sudo puppet agent -t -d

c)  Check the /tmp/ directory for the file named "continual.txt."

Leave a comment

Your email address will not be published. Required fields are marked *