Tutorial

How To Install Puppet on a DigitalOcean VPS

Published on July 16, 2013
Default avatar

By Pablo Carranza

How To Install Puppet on a DigitalOcean VPS

Introduction

If you manage more than one cloud server, your life can be made much easier by employing a configuration-management tool like Puppet or Chef which can be used to provision, configure and manage your VPS and the applications they host. Using Puppet, or Chef, you can easily automate repetitive tasks, quickly deploy critical applications, and proactively manage change: from scaling 2, 5 or 10s of servers to 1000s, on-premise or in the cloud. Puppet is available as both open source and commercial software. While Puppet Enterprise is the commercially supported, packaged release of Puppet, you can manage up to 10 nodes free.

Benefits

Puppet is a cross-platform framework enabling system administrators to perform common tasks. It is a model-driven solution that requires little coding knowledge to use. While Chef calls its models recipes, Puppet refers to them as manifests. A group of manifests is called a module. There are modules to configure packages like Apache, Nginx, and MySQL. You can also use manifests and modules to alter file permissions, users and groups, and more. As one can see, these models, or manifests and modules, can carry out a variety of tasks; making Puppet helpful not only during the initial installation of a VPS, but also throughout the VPS's entire life cycle; and useful in both large and small deployments. In addition, Puppet has an amazing and active community whose members share modules and other useful information in two main repositories (referenced below).

At first glance, a system administrator might dismiss the idea of a configuration-management tool. Some believe that the same results can be achieved with machine images, i.e. snapshots, and shell scripts. As one author so eloquently put it: This is equivalent to a lumberjack who has just heard about chainsaws, but doesn't see why anyone would ever want more than an ax. What many system admins fail to recognize, is the value of the limited time on their hands. One of the strengths that a configuration-management tool brings to the table is automating repetitive tasks, freeing up system admins so they can focus on more important matters.

Planning

Puppet allows for centralized management by employing a client-server, or agent-master, model. The central, or administrative, server is commonly referred to as the Puppet master which services Puppet clients. While only one cloud server is needed to function as the Puppet master, you can have a nearly infinite number of Puppet client, or agent, nodes. However, it is possible to deploy Puppet in such a way where each individual VPS acts as both the Puppet master and client. You must decide on a deployment type before installing:

Agent/master a/k/a client/server

Agent nodes, or Puppet clients, pull their configurations from a Puppet master server. Admins must manage node certificates, but will only have to maintain manifests and modules on the Puppet master server, and can more easily take advantage of features like reporting and external data sources.

You must decide in advance which VPS will be the master and install puppetmaster on it before installing puppet on any agents or clients. The master should be a dedicated machine with a fast processor, lots of RAM, and a fast disk.

Standalone

Every node compiles its own configuration from manifests. Admins must regularly sync Puppet manifests and modules to every node.

Prerequisites

By default, Puppet clients look for the Puppet master server by contacting the host with the name puppet, via DNS.

  • Identify, or create, a server to act as the Puppet master and make a note of its IP address;
  • Identify, or create, the server(s) that will act as the Puppet client(s);
  • Set each server's hostname and fully qualified domain name (FQDN);
  • Deploy the NTP daemon on each of your servers. See How To Set Up Time Synchronization on Ubuntu 12.04;
  • Create a DNS A record or a CNAME for the hostname puppet within your domain, pointing to the node that will serve as the Puppet master, i.e. puppet.yourdomain.tld.

If you do not wish to use DNS, you should execute the following command: sudo vim /etc/hosts; then tap the "i" key on your keyboard, and add:

127.0.0.1localhost.localdomainlocalhostpuppet
127.0.1.1ny.yourdomain.tldny
1.2.3.4ny.yourdomain.tldnypuppet

To save your changes, tap the "Esc" key on your keyboard, followed by the following keystrokes: ":" then "w" then "q" then "enter" (all without quotes). See Installing and Using the Vim Text Editor on a DigitalOcean Cloud Server. On each Puppet client, add an entry in the client's /etc/hosts file for the Puppet master (below, we assume that one of your Puppet clients is sf.yourdomain.tld at IP address: 1.2.3.5):

127.0.0.1localhost.localdomainlocalhost
127.0.1.1sf.yourdomain.tldsf
1.2.3.5sf.yourdomain.tldsf
1.2.3.4ny.yourdomain.tldnypuppet

Avoiding Firewall Issues

CentOS ships with extremely restrictive iptables rules, which may need to be modified. If you previously deployed an iptables firewall on your cloud server (or have some servers in a NAT environment), ensure that your master server is allowing, or able to connect to, TCP connections on ports 3000, 8139 & 8140. See How to Setup a Firewall with UFW on an Ubuntu and Debian Cloud Server

Update Your Packages

Once the cloud servers are built and the appropriate ports have been opened in the firewall, update all your packages:

sudo apt-get update && sudo apt-get -y upgrade && sudo apt-get -y dist-upgrade && sudo apt-get -y autoremove && sudo reboot

Install puppetmaster on Central Server

You have several options for installing puppetmaster. You can either use the package available in your operating system's repository or you can use Puppet Labs' apt repository. Because some OS repositories are slow to update their packages, it is recommended to install puppetmaster from the Puppet Labs repository, so that you do not end up with out-dated releases. To enable the Puppet Labs repository:

  1. Download the "puppetlabs-release" package for your OS version. You can see a full list of these packages on the front page of http://apt.puppetlabs.com/. They are all named puppetlabs-release-[CODE NAME].deb;
  2. Install the package by running dpkg -i .

For example, to install puppetmaster on your central, or administrative, VPS running Ubuntu 12.04 LTS (nicknamed Precise Pangolin), from the Puppet Labs repo, execute the following commands in a terminal:

sudo wget http://apt.puppetlabs.com/puppetlabs-release-precise.deb
sudo dpkg -i puppetlabs-release-precise.deb
sudo apt-get update && sudo apt-get -y install puppetmaster

Installation instructions for other Linux distros, OS X, Windows, the BSDs or Solaris are available, here: Installing Puppet

Configuring puppetmaster on Central Server

Next, execute the following command:

sudo touch /etc/puppet/manifests/site.pp

Puppet's behavior can be customized with a rather large collection of settings. Most of these can be safely ignored, but you'll almost definitely have to modify some of them.

Puppet's main configuration file is found at /etc/puppet/puppet.conf and is ordered with the following headers, or blocks: [main], [agent] and [master]. Settings for agent nodes, or Puppet clients, should go in the [agent] or [main] blocks of puppet.conf. Along the same lines, settings for the Puppet master server should go in the [master] or [main] blocks of puppet.conf.

NOTE: Puppet masters are usually also agent nodes, or Puppet clients, themselves. Settings in [main] will be available to both services and settings in the [master] and [agent] blocks will override the settings in [main].

Standalone Nodes

Settings for standalone Puppet nodes should go in the [main] block of puppet.conf. Puppet's default settings are generally appropriate for standalone nodes. No additional configuration is necessary unless you intend to use centralized reporting or an external node classifier.

Avoiding DNS Pitfalls

At this point, we need to provide puppetmaster its fully qualified domain name (FQDN), so that it can properly format SSL certficates. First, you need to assess your current environment:

  • Does the node that's going to function as the Puppet master have only one (1) hostname--that is, NO aliases?

If (i) the answer is "yes" to that question AND (ii) you created a DNS A record for your Puppet master, execute the following commands and edits:

sudo service puppetmaster stop
sudo rm -rf /var/lib/puppet/ssl
sudo vim /etc/puppet/puppet.conf

Then, add the following line, under the [main] header/block:

server = puppet.yourdomain.tld

If you created a DNS CNAME for your Puppet master AND/OR your master server has hostname aliases, then execute the following steps:

sudo service puppetmaster stop
sudo rm -rf /var/lib/puppet/ssl
sudo vim /etc/puppet/puppet.conf

Under the [master] header/block, add a comma-separated list of all of your master server's aliasas, e.g.:

dns_alt_names = puppet, [alias1], [alias2], puppet.yourdomain.tld

Now, execute:

sudo service puppetmaster start

Install puppetmaster's Dependencies

Before moving on to installing puppet on agent/client nodes, update all your packages on the master server one last time:

sudo apt-get update && sudo apt-get -y upgrade && sudo apt-get -y dist-upgrade &&  sudo apt-get -y autoremove && sudo reboot

Install puppet on Client Server(s)

Again, we're going to install puppet from the Puppet Labs repository. On client nodes running Ubuntu 12.04 LTS, execute:

sudo wget http://apt.puppetlabs.com/puppetlabs-release-precise.deb
sudo dpkg -i puppetlabs-release-precise.deb
sudo apt-get update && sudo apt-get -y install puppet

Click here, for: Instructions on enabling Puppet Labs' repos for other Linux distros

REMEMBER: One of Puppet's best features is that it is cross-platform; thus, your clients are NOT required to run the same OS as the Puppet master. From a practical perspective, this flexibility is amazing because it will allow a developer to quickly and efficiently spin up new DigitalOcean droplets of varying OSes, to test and debug their apps. When the staging server is no longer needed, it can be destroyed (to save on monthly costs) with confidence, because Puppet, coupled with DigitalOcean's API and snapshot support, can deploy a new droplet (literally) within seconds the next time a staging environment is needed.

Configure puppet on Client Server(s)

Once puppet is installed, we need to configure the Puppet client so that it can connect to the Puppet master. We do this with the following command and edits:

sudo vim /etc/puppet/puppet.conf

and add the following:

[agent]
server = puppet.yourdomain.tld
report = true
pluginsync = true
certname = [hostname of Puppet client].yourdomain.tld

Now, we need to configure the Puppet client to start automatically, with the following command:

sudo vim /etc/default/puppet

and edit the line that begins with START, so that it reads:

START=yes

Then, start the service:

sudo service puppet start

Repeat these steps for every Puppet client.

Configure Secure Communications

Every time you deploy a new Puppet client, log in to the Puppet master and execute the following command to view a list of SSL certificates waiting to be signed:

sudo puppet cert --list

Then, on the Puppet master, sign the client certificate in queue by executing the following command:

sudo puppet cert --sign [hostname of Puppet client]

Congratulations! The new Puppet client will now be able to successfully connect to, and securely communicate with, the Puppet master.

Manifests & modules

Now that your Puppet master is talking to your Puppet client(s), let's test your setup by using a module to install MySQL on your Puppet client(s); by executing the following commands on the Puppet master:

sudo apt-get -y install git
sudo git clone https://github.com/puppetlabs/puppetlabs-mysql mysql
sudo vim /etc/puppet/manifests/site.pp

Copy & paste the following into site.pp

node [hostname of Puppet client] {
class { 'mysql': }
class { 'mysql::server':
   config_hash => { 'root_password' => '[desired password]' }
}
}

On the Puppet client, execute the following command:

sudo puppet agent --test

The Puppet client will read the directives in the file site.pp on the Puppet master and install MySQL.

Learn to Use Puppet

You can learn, and practice using, Puppet in a safe and convenient virtual environment, by downloading the Learning Puppet VM (free) for VMware or VirtualBox. Although the VM and examples use Puppet Enterprise, the lessons also apply to the open source release of Puppet. Any new Puppet user should start at the Learning Puppet - Index.

Install Optional Software

You can extend and improve Puppet with other software:

  • Puppet Dashboard is an open-source report analyzer, node classifier, and web GUI for Puppet;
  • The stdlib module adds extra functions, an easier way to write custom facts, and more;
  • User-submitted manifests & modules that solve common problems are available at the Puppet Forge & on GitHub.

Additional Resources

As always, if you need help with the basic setup & configuration of Puppet, look to the DigitalOcean Community for assistance by posing your question(s), below.

Article Submitted by: Pablo Carranza

Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.

Learn more about us


About the authors
Default avatar
Pablo Carranza

author

Still looking for an answer?

Ask a questionSearch for more help

Was this helpful?
 
4 Comments


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Thanks for the great article, I found it easy to setup Puppet with your guide. Nevertheless I ran into some errors when I configured the puppet host and when I created the site.pp for the node:

  1. Remove/comment the line $tempdir in /etc/puppet/puppet.conf/ otherwise you’ll get an error message everytime you ran a puppet cmd on puppet master. It has been deprecated but can’t be removed in a patch because it’d break previous versions see [0]
  2. The syntax to configure mysql module has changed, see [1]. You have to use “::mysql::server” otherwise you’ll get an error when running puppet agent. Also “hash_config” doesn’t exist anymore, use “root_password” instead as puppet creates the has itself.

[0]https://tickets.puppetlabs.com/browse/PUP-2566 [1]https://forge.puppetlabs.com/puppetlabs/mysql

Cheers!

Kamal Nasser
DigitalOcean Employee
DigitalOcean Employee badge
January 22, 2014

@Iko: I’ll correct it. Thanks!

See “How to Setup a Firewall with UFW on an Ubuntu Cloud Server” Link, has been eaten by Sammy~

Good blog on puppet configurations for system admins

http://puppet-cmt.blogspot.com/

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Join the Tech Talk
Success! Thank you! Please check your email for further details.

Please complete your information!

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel