Some notes on setting up puppetmaster and agents.
Debian Jessie has version 3.2 of puppet.
apt-get install puppetmaster
this will start the server and open a socket on tcp/8140.
An agent can be installed with the puppet package
apt-get install puppet
The agent configuration in /etc/puppet/puppet.conf is barebone but functional. You do need to add the location of the puppet server.
[main] server = mozpm.jaffanet logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates prerun_command=/etc/puppet/etckeeper-commit-pre postrun_command=/etc/puppet/etckeeper-commit-post [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY
The puppet agent needs a SSL certificate signed by the puppetmaster. The first run of the agent on a barebone install will contact the puppetmaster to obtain this certificate. And it will fail to continue until the puppetmaster validates the registration.
On the agent:
root@pa1:/# puppet agent --test Info: Caching certificate for ca Info: Creating a new SSL certificate request for pa1.jaffanet Info: Certificate Request fingerprint (SHA256): 18:B4:C4:22:48:91:F2:DC:1E:BF:20:4B:D5:4D:65:3E:67:F1:23:33:3F:0D:1E:65:92:73:53:03:FA:F4:A8:3D Exiting; no certificate found and waitforcert is disabled
The certificate will be waiting for approval on the puppetmaster:
root@mozpm:/# puppet cert list "pa1.jaffanet" (SHA256) 18:B4:C4:22:48:91:F2:DC:1E:BF:20:4B:D5:4D:65:3E:67:F1:23:33:3F:0D:1E:65:92:73:53:03:FA:F4:A8:3D
root@mozpm:/# puppet cert sign pa1.jaffanet Notice: Signed certificate request for pa1.jaffanet Notice: Removing file Puppet::SSL::CertificateRequest pa1.jaffanet at '/var/lib/puppet/ssl/ca/requests/pa1.jaffanet.pem'
The resulting certificate is stored in /var/lib/puppet/ssl.
Now we can rerun puppet agent again:
root@pa1:/# puppet agent --no-daemonize --onetime --verbose Info: Caching certificate for pa1.jaffanet Info: Caching certificate_revocation_list for ca Info: Retrieving plugin Could not retrieve selinux: Invalid argument - /proc/self/attr/current Could not retrieve selinux: Invalid argument - /proc/self/attr/current Could not retrieve selinux: Invalid argument - /proc/self/attr/current Could not retrieve selinux: Invalid argument - /proc/self/attr/current Could not retrieve selinux: Invalid argument - /proc/self/attr/current Could not retrieve selinux: Invalid argument - /proc/self/attr/current Could not retrieve selinux: Invalid argument - /proc/self/attr/current Info: Caching catalog for pa1.jaffanet Info: Applying configuration version '1376941222' Info: Creating state file /var/lib/puppet/state/state.yaml Notice: Finished catalog run in 0.03 seconds