Create Two EC2 Instances - Amazon Linux - T2.medium (Master) & T2.micro (Slave) - SG: All Traffic

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 9

Create two EC2 instances – Amazon Linux - t2.medium(master) & t2.

micro(slave) - sg: All traffic

Push – command is fired from master to the agents

Pull – command is fired from agent to master, i.e., initiation is done in master
Puppet can be installed in two modes:

1. Standalone mode
2. Master-slave architecture mode

OS requirement for master – only Linux & for agent – any OS

Connect to the instances using Putty and run the following commands on both

sudo -i
nano /etc/hosts
172.31.9.248 puppetmaster.example.com puppet
172.31.24.238 puppetagent.example.com

172.31.9.248 – private ip of master


172.31.24.238 – private ip of slave

nano /etc/hostname
hostnamectl set-hostname puppetmaster.example.com (on master)
hostname
hostname
uname –a
systemctl status firewalld
hostnamectl set-hostname puppetagent.example.com (on slave)
nano /etc/hostname (notice the hostname has changed)
sudo reboot
ping puppetagent.example.com (on master)
ping puppetmaster.example.com (on slave)

Puppet follows master-slave architecture, hence puppet server will be installed on master & puppet
agent will be installed on slave

On both master & slave run the following:

sudo -i
sudo rpm -Uvh https://yum.puppet.com/puppet6-release-el-7.noarch.rpm (install Puppet package
repositories using rpm, this installs a package which lets the Operating System know where to
download the Puppet server from)
yum repolist (to fetch repository)
yum list | grep -i puppet
On master:

yum install puppetserver.noarch –y


rpm -qa | grep -i puppet (check whether the package is installed properly)
systemctl status puppetserver
systemctl start puppetserver
yum update –y
systemctl start puppetserver
systemctl status puppetserver

ip addr (copy the private ip address and ping it but you don’t get any response)
ICMP protocol should be enabled in security group of the master & client instances for pinging each
other.

Now ping again & it’s successful now (from both master & agent)

In case you select master to e t2.micro, execute the following steps on master:

cd /etc/sysconfig/
nano puppetserver
systemctl start puppetserver
systemctl status puppetserver

On slave:

yum install puppet-agent.x86_64 -y


ls -ltr /etc/puppetlabs/puppet/puppet.conf
nano /etc/puppetlabs/puppet/puppet.conf
On master:

/opt/puppetlabs/bin/puppetserver ca list
ln –s /opt/puppetlabs/bin/puppet /usr/bin/puppet (to create a soft link)
/opt/puppetlabs/bin/puppetserver ca list –all (certificate of master is displayed, agent’s certificate
will be displayed once agent requests for its certificate & master signs it)

On slave:

systemctl enable --now puppet


systemctl status puppet

On master:

/opt/puppetlabs/bin/puppetserver ca list (shows only agent certificate)

Topic: Install httpd on agent


On master run:

cd /etc/puppetlabs/code/environments/production/modules/
/opt/puppetlabs/bin/puppet resource package sshd
mkdir mypackage/manifests –p
cd mypackage/manifests/
nano init.pp

find / -name manifests


cd /etc/puppetlabs/code/environments/production/manifests
nano site.pp

On slave:

/opt/puppetlabs/bin/puppet agent --test (to request certificate)

On master:

/opt/puppetlabs/bin/puppetserver ca sign --certname puppetagent.example.com (to sign the


certificate generated by agent)

On slave:

/opt/puppetlabs/bin/puppet agent --test

rpm -q httpd (check status of httpd server)

Autosigning process

On master:

cd /etc/puppetlabs/puppet
vi autosign.conf
https://puppet.com/docs/puppet/6.17/lang_visual_index.html#lang_visual_index

https://www.tutorialspoint.com/puppet/puppet_manifest_files.htm
On master:

/opt/puppetlabs/bin/puppetserver ca list --all

Fatal error when running action 'list'


Error: Failed connecting to https://puppet:8140/puppet-ca/v1/certificate_statuses/any_key
Root cause: Failed to open TCP connection to puppet:8140 (Connection refused - connect(2) for
"puppet" port 8140)

find / -name ssl


cd /etc/puppetlabs/puppet
ls
cd ssl/
ls
cd ..
rm -rf ssl/
ls
/opt/puppetlabs/bin/puppetserver ca setup (Generate a root and intermediate signing CA for
Puppet Server)
ls
systemctl restart puppetserver
systemctl status puppetserver

On slave:

cd /etc/puppetlabs/puppet/ssl
ls
cd ..
rm -rf ssl/
ls
systemctl enable --now puppet
ls
systemctl status puppet
rm -rf /etc/puppetlabs/puppet/ssl/
puppet agent --test --verbose
systemctl status puppet
systemctl restart puppet
systemctl status puppet
puppet agent --test --verbose
git –version
puppet agent --test --verbose

You might also like