In this lab you will walk through the process of setting up the Puppet primary server component in the Puppet architecture. You will install the Puppet server, PuppetDB and PostgreSQL components on the same virtual machine that acts as the server node.
Lab 2.1: Install Puppet Server
Lab 2.3: Install and Configure PuppetDB
Lab 2.4: Configure Puppet Server to PuppetDB connection
Lab 2.5: Validat the Puppet Server installation
This lab walks through installing the Puppet Server package on the server node.
- Download the Puppet repository package.
wget https://apt.puppet.com/puppet7-release-focal.deb- Install the Puppet repository on the system.
sudo dpkg -i puppet7-release-focal.deb- Trigger an apt update to enable the Puppet repository.
sudo apt-get update -y- Install the puppetserver package on the system.
sudo apt-get install -y puppetserver- Start the puppetserver service.
sudo systemctl start puppetserver- Enable the puppetserver service to start on boot.
sudo systemctl enable puppetserverThis lab walks through installing and configuring the PostgreSQL database used by PuppetDB.
- Install the PostgreSQL package.
sudo apt install -y postgresql postgresql-contrib- Create the PuppetDB database, users and privileges.
⚠️ The passwords for the puppetdb and puppetdb_read user accounts should be set to a more secure password for production deployments
sudo su postgres <<EOF
createdb -E UTF8 -O postgres puppetdb;
psql -c "CREATE USER puppetdb WITH PASSWORD 'password123';"
psql -c "CREATE USER puppetdb_read WITH PASSWORD 'password123';"
psql puppetdb -c 'revoke create on schema public from public'
psql puppetdb -c 'grant create on schema public to puppetdb'
psql puppetdb -c 'alter default privileges for user puppetdb in schema public grant select on tables to puppetdb_read'
psql puppetdb -c 'alter default privileges for user puppetdb in schema public grant usage on sequences to puppetdb_read'
psql puppetdb -c 'alter default privileges for user puppetdb in schema public grant execute on functions to puppetdb_read'
psql puppetdb -c 'create extension pg_trgm'
EOFThis lab walks through installing PuppetDB and connecting it to the PostgreSQL database.
- Install PuppetDB using the
puppet resourcecommand.
sudo /opt/puppetlabs/bin/puppet resource package puppetdb ensure=latest- Configure the PuppetDB database connection details.
cat << EOF > /etc/puppetlabs/puppetdb/conf.d/database.ini
[database]
# The database address, i.e. //HOST:PORT/DATABASE_NAME
subname = //localhost:5432/puppetdb
# Connect as a specific user
username = puppetdb
# Use a specific password
password = password123
# How often (in minutes) to compact the database
# gc-interval = 60
EOF- Start the PuppetDB service and enable it to start on boot using the
puppet resourcecommand.
sudo /opt/puppetlabs/bin/puppet resource service puppetdb ensure=running enable=trueThis lab walks through configuring the Puppet server integration with PuppetDB.
- Install additional ruby plugins
sudo /opt/puppetlabs/bin/puppet resource package puppetdb-termini ensure=latest- Edit the puppetdb.conf configuration file
cat << EOF > /etc/puppetlabs/puppet/puppetdb.conf
[main]
server_urls = https://puppet:8081
EOF- Update the puppet.conf configuration file
cat << EOF >> /etc/puppetlabs/puppet/puppet.conf
reports = puppetdb
storeconfigs_backend = puppetdb
storeconfigs = true
EOF- Update the routes.yaml configuration file
cat << EOF > /etc/puppetlabs/puppet/routes.yaml
---
primary server:
facts:
terminus: puppetdb
cache: yaml
EOF- Update the file permissions on all files in the Puppet configuration directory.
sudo chown -R puppet:puppet /etc/puppetlabs/puppet- Restart the Puppet Server service.
sudo systemctl restart puppetserverThis lab walks through validating the installation of the Puppet Server.
- Verify the status of the puppetserver service.
systemctl status puppetserverThe service should have a state of loaded and active similar to the output displayed below.
● puppetserver.service - puppetserver Service
Loaded: loaded (/lib/systemd/system/puppetserver.service; enabled; vendor preset: enable>
Active: active (running) since Sat 2022-04-09 14:01:04 UTC; 1min 12s ago
Process: 19544 ExecStart=/opt/puppetlabs/server/apps/puppetserver/bin/puppetserver start >
Main PID: 19589 (java)
Tasks: 46 (limit: 4915)
Memory: 995.6M
CGroup: /system.slice/puppetserver.service
└─19589 /usr/bin/java -Xms2g -Xmx2g -Djruby.logger.class=com.puppetlabs.jruby_ut>
Apr 09 14:00:51 puppet systemd[1]: Starting puppetserver Service...
Apr 09 14:01:04 puppet systemd[1]: Started puppetserver Service.- Verify the status of the puppetdb service.
systemctl status puppetdbThe service should have a state of loaded and active similar to the output displayed below.
● puppetdb.service - puppetdb Service
Loaded: loaded (/lib/systemd/system/puppetdb.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2022-04-09 14:00:03 UTC; 4min 57s ago
Main PID: 19154 (java)
Tasks: 51 (limit: 4915)
Memory: 308.6M
CGroup: /system.slice/puppetdb.service
└─19154 /usr/bin/java -Xmx192m -Djdk.tls.ephemeralDHKeySize=2048 -XX:OnOutOfMemo>
Apr 09 13:59:56 puppet systemd[1]: Starting puppetdb Service...
Apr 09 14:00:03 puppet systemd[1]: Started puppetdb Service.- Verify the status of the postgres database service.
systemctl status postgresql@12-mainThe service should have a state of loaded and active similar to the output displayed below.
● [email protected] - PostgreSQL Cluster 12-main
Loaded: loaded (/lib/systemd/system/[email protected]; enabled-runtime; vendor preset: enabled)
Active: active (running) since Sat 2022-04-09 13:57:50 UTC; 12min ago
Main PID: 17267 (postgres)
Tasks: 57 (limit: 4617)
Memory: 151.5M
CGroup: /system.slice/system-postgresql.slice/[email protected]
├─17267 /usr/lib/postgresql/12/bin/postgres -D /var/lib/postgresql/12/main -c config_file=/e>
├─17269 postgres: 12/main: checkpointer
├─17270 postgres: 12/main: background writer
├─17271 postgres: 12/main: walwriter
├─17272 postgres: 12/main: autovacuum launcher
├─17273 postgres: 12/main: stats collector- Verify that the services are listening for network connections
ss -tuplnThe Puppet services should be listening on the appropriate ports similar to the output displayed below.
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=593,fd=12))
udp UNCONN 0 0 10.0.2.15%eth0:68 0.0.0.0:* users:(("systemd-network",pid=1312,fd=21))
udp UNCONN 0 0 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=592,fd=5),("systemd",pid=1,fd=70))
udp UNCONN 0 0 [::]:111 [::]:* users:(("rpcbind",pid=592,fd=7),("systemd",pid=1,fd=72))
tcp LISTEN 0 4096 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=592,fd=4),("systemd",pid=1,fd=68))
tcp LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=593,fd=13))
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=885,fd=3))
tcp LISTEN 0 244 127.0.0.1:5432 0.0.0.0:* users:(("postgres",pid=17267,fd=4))
tcp LISTEN 0 4096 [::]:111 [::]:* users:(("rpcbind",pid=592,fd=6),("systemd",pid=1,fd=71))
tcp LISTEN 0 50 [::ffff:127.0.0.1]:8080 *:* users:(("java",pid=19154,fd=28))
tcp LISTEN 0 50 *:8081 *:* users:(("java",pid=19154,fd=34))
tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=885,fd=4))
tcp LISTEN 0 244 [::1]:5432 [::]:* users:(("postgres",pid=17267,fd=3))
tcp LISTEN 0 50 *:8140 *:* users:(("java",pid=19589,fd=39))- Verify that things are working by triggering a Puppet agent run on the primary puppet server.
/opt/puppetlabs/bin/puppet agent -tIn this lab, you have:
- Installed and configured Puppet Server
- Installed and configured the PostgreSQL database for PuppetDB
- Installed and configured PuppetDB
- Configured the PuppetDB integration for Puppet Server
- Validate the Puppet Server installation