User Tools

Site Tools



Puppet Demonstration Steps

Step 1: Add the Puppet Repository
Step 2: Install Puppet
Step 3: Configure the Puppet Master
Step 4: Configure a Puppet agent
Step 5: Apply Puppet Code


  1. Master/Agent requires at least two servers, masterless requires only one
  2. Master/Agent require DNS to be configured for SSL certificate signing purposes

Installing Open Source Puppet

Add the Puppet Repository

dpkg -i puppetlabs-release-wheezy.deb
apt-get update

Install Puppet on the Puppet Master Server

apt-get install puppetmaster-passenger

Install the Puppet Agent

apt-get install puppet

Configuring the Puppet Master

Add the following to /etc/puppet/puppet.conf under [main] on the Puppet Master:

dns_alt_names = pupmaster.pcdomain.pvt,pupmaster

Since this will be the only Master in the deployment, it will become the CA. First stop Apache:

service apache2 stop

Next, run the following command to kick off the SSL cert generation:

puppet master --verbose --no-daemonize

Type ctrl-C to kill the process once it says:

Notice: Starting Puppet master version <VERSION>

Add some Puppet Master specific settings under [master]:

always_cache_features = true
environment_timeout = unlimited
environmentpath = $confdir/environments
basemodulepath = /etc/puppet/modules
ca = true

Comment the following setting as it is now deprecated:

#templatedir = $confdir/templates

Start the Apache service

service apache2 start

Set up your production environment

To see the location where your modules will be stored run the following command:

puppet config print manifest --section master --environment production

This should output the following directory:


This directory does not currently exist so you must create it:

mkdir -p /etc/puppet/environments/production/manifests

Classify a node

Create the main manifest located in /etc/puppet/environments/production/manifests/site.pp for simple node classification:

node 'pupagent.pcdomain.pvt' {
  include roles::home::server

Create a module


A role is simply a module that includes other modules. More specifically, a role includes profile modules.

To create the roles::home::server module you must create a file called server.pp located in /etc/puppet/environments/production/modules/roles/manifests/server.pp:

To simplify things, let's symlink /etc/puppet/modules inside of our production environment:

ln -s /etc/puppet/modules /etc/puppet/environments/production/modules

Next, create the roles module directory structure:

mkdir -p /etc/puppet/environments/production/modules/roles/manifests/home

Edit the server.pp file and have it include the profiles::home::mysql module which will be created later and will use the Puppetlabs mysql module to install and configure mysql:

vi /etc/puppet/environments/production/modules/roles/manifests/home/server.pp
class roles::home::server {
  include profiles::home::mysql

Note: A bug you might encounter will cause the following error message during a puppet run:

Could not evaluate: Could not retrieve information from environment production source(s) puppet://pupmaster.pcdomain.pvt/pluginfacts

To work around the bug simply create a folder named “facts.d” in the roles module directory:

mkdir /etc/puppet/environments/production/modules/roles/facts.d


Roles include profiles so we need to create the profiles module directory structure:

mkdir -p /etc/puppet/environments/production/modules/profiles/manifests/home

Edit the mysql.pp file and have it call the mysql::server class:

vi /etc/puppet/environments/production/modules/profiles/manifests/home/mysql.pp
class profiles::home::mysql {
  class { '::mysql::server':
    root_password           => 'strongpassword',
    remove_default_accounts => true,

Note: Ensure the class is prefixed with the double colons or else the profile will try to load itself instead of the actual mysql module!

Install the puppetlabs-mysql module

This command will install the puppetlabs-mysql module into /etc/puppet/modules, which is symlinked inside our production environment:

puppet module install puppetlabs-mysql

Configuring a Puppet Agent

Edit /etc/puppet/puppet.conf and configure the agent:

server = pupmaster.pcdomain.pvt
archive_files = true
archive_file_server = pupmaster.pcdomain.pvt
report = true
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
graph = true
pluginsync = true
environment = production

Also remove the [master] section from all agents.

Run the agent to generate an SSL key and CSR request for the Master:

puppet agent -t

Login to the Master and sign the certificate:

puppet cert sign pupagent.pcdomain.pvt

Which should give you the following output:

Notice: Signed certificate request for pupagent.pcdomain.pvt
Notice: Removing file Puppet::SSL::CertificateRequest pupagent.pcdomain.pvt at '/var/lib/puppet/ssl/ca/requests/pupagent.pcdomain.pvt.pem'

Login to the agent and run Puppet again which should kickoff the initial Puppet run:

puppet agent -t

Enable the agent service to have Puppet run automatically every 30 minutes by default:

update-rc.d puppet enable

Additional Resources

Puppet Learning VM:

Presentation Downloaded from the following location:

wiki/qclug_presentations/puppet.txt · Last modified: 2015/11/11 22:07 by Root