How Do You Deploy Puppet Agent 3.x to a RedHat Linux Instance in AWS?

Update on 12/4/17
If you want to install Puppet Agent 5.x (a much newer version), see this posting instead.

Problem scenario

You installed Puppet Master on an AWS instance of RedHat Enterprise Linux.  (See this link if you want to install Puppet Master). You now want another AWS instance of RHEL 7.x to be configured as a Puppet Agent node. You want to run a manifest to make sure that this new Puppet Agent node (i.e., server) is working with your Puppet Master server.  What do you do to install Puppet Agent 3.x on a RedHat Linux server and configure it to work with Puppet Master?

This solution is for RHEL 7.3 instances in AWS.  You could easily adapt this solution to other RedHat servers in different environments.  It explains how to deploy Puppet and apply a manifest (in combination with these directions) from scratch.

Using AWS change the Security Group so that the inbound rules will allow connections from the Puppet Agent server.  One way of doing this is to find the internal IP addresses of the Puppet Agent server.  This command should help you if it is run on a Linux server:

ip addr show | grep inet | grep -v | grep -v inet6 | cut -c 10-24 | awk -F "/" '/1/ {print $1}'

Configure the relevant AWS Security Group allow an inbound connection from the IP address in the result above. 

Here is a detailed explanation of how to create an inbound connection:

Go to Security Groups.  Find the relevant security group and click the Inbound tab.  Then click "Edit."  Click "Add Rule."  Then choose for "Type" in the dropdown menu "Custom TCP Rule."  For "Port Range" choose 8140.  For the "Source" drop down option, choose "Custom."  Enter the internal IP address of the Puppet agent like this:


Substitute x.x.x.x with the internal IP address (as found with the above "ip addr show" command).

On the Puppet Master server, do the following two steps:

1.  Mentally decide how much RAM you want Puppet Master application to have.  If you are not sure, try
run this command:  cat /proc/meminfo | grep Mem

2.  Create this file:  /etc/default/puppetserver
In this file put a stanza like one of the following:

JAVA_ARGS="-Xms512m -Xmx512m"

JAVA_ARGS="-Xms1g -Xmx1g"

JAVA_ARGS="-Xms2g -Xmx2g"

3.  As root run these three commands:

puppet master restart
hostname -f
ip addr show | grep inet | grep -v | grep -v inet6 | cut -c 10-24 | awk -F "/" '/1/ {print $1}'

# Remember the IP address from the last command above.  Disregard any trailing backslash "/" or numbers thereafter.

4.  On the Puppet Agent server, modify the /etc/hosts file.  It should have this stanza where x.x.x.x is the internal IP address from the Puppet Master server (the result of the last command ran in step #2):

x.x.x.x puppet

5.  On the Puppet Agent node, run these two commands:

rpm -ivh
yum -y install puppet

6.  On the Puppet Agent node update this file: /etc/puppet/puppet.conf
The last line of the [main] section of this puppet.conf file should have this stanza (where FQDNofPuppetMasterserver with the result of the "hostname -f" command ran on the Puppet Master server (in step #2)):


7.  Run this command on the Puppet agent node:  puppet agent start

8.  Go to the Puppet Master server.  Run this command:  puppet cert list

9.  Assuming the above had some output such as, from the Puppet  Master server run this command (but substitute with the FQDN that resulted from the command in step #7):

puppet cert sign

Alternative step #8: Assuming that step #7 showed no other servers that you do not want signed, run this command:

puppet cert sign --all

10.  Test it.

a) On the Puppet Agent server, run

puppet agent --enable

b) On the Puppet Master server go to /etc/puppet/manifests/.  Create site.pp with the following content (replace the FQDN):

  exec { 'somethingneat':
        command => '/bin/date > /tmp/continual.txt'

c)  On the Puppet Agent node, run this:  puppet agent -t -d

d)  Check the /tmp/ directory for the file named "continual.txt."

Leave a comment

Your email address will not be published. Required fields are marked *