Puppet in AWS: Set up Puppet and install web Apache server

Puppet is a tool that helps us manage and automate configuration of servers. For deploying puppet we require puppet server and agents installed in nodes in our environment.

Step 0: Create 2 EC2 instances with ubuntu OS with security group allowing 22, 80, 8140 ports

First of all, as we are working with aws we will be needing at least two servers. In this case we will be using EC2 instances.

Step1: Setup puppetserver in the master node

SSH into the designated master server and install puppetserver. For this purpose we will first enable yum platform repository so that components needed for installation are available in our instances.

Next, set hostname for the primaryserver

sudo hostname puppetmaster.test.org
hostname -f

Then, edit hosts file and add in IP and hostname of slave node which in our case we will be using private IP of the other instance.

sudo vi /etc/hosts
<agent-ip> puppetagent.test.org

Now install puppetserver in master node.

sudo apt-get update
wget https://apt.puppet.com/puppet7-release-focal.deb
sudo dpkg -i puppet7-release-focal.deb
sudo apt-get update
sudo apt-get install puppetserver

To be able to start puppetserver the memory allocation for JVM needs to be decreased from 2GB to around 400MB.

sudo nano /etc/default/puppetserver

Modify this if you’d like to change the memory allocation, enable JMX, etc

JAVA_ARGS="-Xms400m -Xmx400m - Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"

sudo systemctl start puppetserver

#list certificates

sudo ls -l /etc/puppetlabs/puppet/ssl/certs/

#edit

sudo nano /etc/puppetlabs/puppet/puppet.conf

# and add

[main]
server = puppetmaster.test.org

Step 2: Setup puppet-agent in the slave node

SSH into the designated slave node and follow the following steps.

sudo hostname puppetagent.test.org
hostname -f
sudo vi /etc/hosts
#add
<master-ip> puppetmaster.test.org

sudo apt-get update
wget https://apt.puppet.com/puppet7-release-focal.deb
sudo dpkg -i puppet7-release-focal.deb
sudo apt-get update
sudo apt-get install puppet-agent
sudo /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true
source /etc/profile.d/puppet-agent.sh
export PATH=/opt/puppetlabs/bin:$PATH

#to check path:

echo $PATH

Edit the following file

sudo nano /etc/puppetlabs/puppet/puppet.conf

To add,

[main]
server = puppetmaster.test.org

Step3: Generate a certificate from the agent

sudo ls -l /etc/puppetlabs/puppet/ssl/certs/

sudo /opt/puppetlabs/bin/puppet agent --test --waitforcert 60

Step4: Sign the slave-generated certificate from the master node

sudo /opt/puppetlabs/bin/puppetserver ca sign --certname puppetagent.test.org

Thus on slave node:

on master: to see certs:

sudo /opt/puppetlabs/bin/puppetserver ca list --all

Step 5: Create a manifest for installing and running Apache web server

sudo nano /etc/puppetlabs/code/environments/production/manifests/site.pp

The manifest:

# execute 'apt-get update'
exec { 'apt-update': # exec resource named 'apt-update'
command => '/usr/bin/apt-get update' # command this resource will run
}
# install apache2 package
package { 'apache2':
require => Exec['apt-update'], # require 'apt-update' before installing
ensure => installed,
}
# ensure apache2 service is running
service { 'apache2':
ensure => running,
}

Step 6: Initiate from the slave server to run manifest

sudo /opt/puppetlabs/bin/puppet agent --test

Finally OUTPUT

Copy the public IP address of slave node and paste it into the browser.

It did not work.

I had forgotten to enable inbound HTTP traffic in slave instance.

Now the OUTPUT

Author: Sanjeeb Nepal

https://www.linkedin.com/in/sanjeebnepal/