Configure Puppetmaster and PuppetDB on separate nodes/hosts using PostgreSQL

This article covers the setup and configuration of PuppetDB and Puppetmaster on separate nodes/hosts. I have used PostgreSQL as PuppetDB backend instead of HSQLDB as it's much easier to query and troubleshoot any issues you comes across especially when using Puppet exported resources. Follow this easy-to-follow guide and you should be up and running with a basic config of Puppetmaster and PuppetDB in no time.

Assumptions:

  • Good working knowledge and understanding of Puppet and PuppetDB.

  • Make sure the Firewall/iptables are configured to allow the required ports between Puppetmaster, PuppetDB and PostgreSQL.

    • Ports: 8180, 8140, 5432 & 443

Current Scenario:

1) Puppetmaster on one host (** puppetDB-terminus is needed on both master and DB servers in multiple node config)

Host details:

  • Hostname: puppet.off.local

  • IP: 192.168.132.5

2) PuppetDB, PuppetDB-Terminus and PostgreSQL on other host

Host details:

  • Hostname: puppetdb.off.local

  • IP: 192.168.132.6

Puppetmaster Install and Configuration

Server: puppet.off.local

First start off with enabling the Repo for Puppetlabs.

# rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm 

Then install Puppet on the host via yum incl. **PuppetDB-Terminus

# yum -y install puppet-server puppetdb-terminus

And then edit puppet.conf and add these lines in [main] and [master] section (create [master] if there isn't one)

# vi /etc/puppet/puppet.conf

[main]
server = puppet.off.local dns_alt_names = puppet,puppet.off.local autosign = true pluginsync = true

[master] storeconfigs = true storeconfigs_backend = puppetdb reports = store,puppetdb

Create/Edit puppetdb config. This is so that Puppetmaster can send reports to PuppetDB Server.

# vi /etc/puppet/puppetdb.conf

[main]
server = puppetdb.off.local
port = 8081
soft_write_failure = false

# vi /etc/puppet/routes.yaml

master:
facts:
terminus: puppetdb
cache: yaml

For a test just create a simple site.pp for basic packages install.

# vi /etc/puppet/manifests/site.pp

node 'puppet.off.local' {
       Package { ensure => installed }
       package { 'telnet': }
       package { 'openssh-clients': }
       package { 'tcpdump': }
 }
node 'puppetdb.off.local' {
       Package { ensure => installed }
       package { 'telnet': }
       package { 'openssh-clients': }
       package { 'tcpdump': }
 }

Then start up Puppetmaster service and enable it at runtime

# service puppetmaster start

# chkconfig puppetmaster on
# service puppetmaster stop (this is required for the puppetdb ssl-setup)

PuppetDB Install and Configuration

Server: puppetdb.off.local

PostgreSQL Setup

Start with downloading PostgreSQL and setting it up.

Enable the PostgreSQL repo and install it on the host.

# rpm -Uvh http://yum.postgresql.org/9.5/redhat/rhel-6-x86_64/pgdg-centos95-9.5-2.noarch.rpm
# yum -y install postgresql95 postgresql95-server postgresql95-contrib

Now initialize the db

# service postgresql-9.5 initdb

Edit authorization settings in pg_hba.conf

# vi /var/lib/pgsql/9.5/data/pg_hba.conf

Replace "ident"

host    all             all             127.0.0.1/32            ident
host    all             all             ::1/128                    ident

With "md5"

host    all             all             127.0.0.1/32            md5
host    all             all             ::1/128                    md5

Now start the PostgreSQL service and enable it at Runtime

# service postgresql-9.5 start
# chkconfig postgresql-9.5 on

Next create user and database for Puppetdb. It will prompt you create a password for the db at the same time.

# su - postgres
-bash-4.1$ createuser -DRSP puppetdb
-bash-4.1$ createdb -O puppetdb puppetdb

Once the above is completed you can now test the access to the database.

-bash-4.1$ psql -h 127.0.0.1 -p 5432 -U puppetdb -W puppetdb

Output:

[root@puppet-server ~]# psql -h 127.0.0.1 -p 5432 -U puppetdb -W puppetdb
Password for user puppetdb:
psql (9.5.0)
Type "help" for help.

puppetdb=>

If all went good up-till here then the next step is to install and setup Puppetdb and puppetdb-terminus.

Install and configure Puppetdb and Puppetdb-terminus

First start off with enabling the Repo for Puppetlabs.

# rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm

Then install puppetdb and puppetdb-terminus

# yum -y install puppetdb puppetdb-terminus

Now configure "database.ini" with PostgreSQL as the backend

# vi /etc/puppetdb/conf.d/database.ini

[database]
classname = org.postgresql.Driver
subprotocol = postgresql
subname = //127.0.0.1:5432/puppetdb
username = puppetdb
password = dbpasswordhere
log-slow-statements = 10

Add/Edit the [jetty] section of jetty.ini config with PuppetDB Server IP

# vi /etc/puppetdb/conf.d/jetty.ini

[jetty]
host = 192.168.132.6

Add this in the [main] section of puppet.conf

# vi /etc/puppet/puppet.conf

[main]
        server = puppet.off.local

Edit/Hash out the [command processing] section of config.ini

# vi /etc/puppetdb/conf.d/config.ini

    store-usage = 2048
    temp-usage = 2048

Now secure puppetdb with ssl. You need to stop Puppetmaster service if its running BUT if you haven't run the Puppetmaster service till now, you have to run it once to generate the certificates.

Puppetmaster never run (or) 1st time.

# service puppetmaster start (on Puppetmaster host)
# service puppet start (on PuppetDB host)
# service puppetmaster stop (on Puppetmaster host)

IF Puppetmaster has been running for a while then stop the service before running ssl-setup

# service puppetmaster stop (on Puppetmaster host)
# puppetdb ssl-setup (on PuppetDB host)

NOTE: If it gives an error about connection refused (2), remove the puppetdb ssl directory.

# rm -rf /etc/puppetdb/ssl (on PuppetDB host)

Now restart puppetmaster, puppetdb and puppet.

# service puppetdb restart (on PuppetDB host) 
# service puppetmaster restart (on Puppetmaster host)
# service puppet restart (on Puppetmaster & PuppetDB host)

Enable them at Runtime.

# chkconfig puppetdb on
# chkocnfig puppet on
# chkconfig postgresql-9.5 on

And now run a puppet agent test on both hosts.

# puppet agent -t

Output:

[root@puppet ~]# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppet-server.off.local
Info: Applying configuration version '1455104511'
Notice: /Stage[main]/Main/Node[puppet-server.off.local]/Package[openssh-clients]/ensure: created
Notice: /Stage[main]/Main/Node[puppet-server.off.local]/Package[tcpdump]/ensure: created
Notice: /Stage[main]/Main/Node[puppet-server.off.local]/Package[telnet]/ensure: created
Notice: Finished catalog run in 11.76 seconds

That's should be it with the setup. If you hit any issues please let us know via Contact Us and will try our best to help you out.

Most Read Articles

Add/Detect a new disk in ...

Written By Farooq Mohammed Ahmed on Sunday, 11 January 2015 19:22
Add/Detect a new disk in ...

Replace SSL Certificates ...

Written By Farooq Mohammed Ahmed on Friday, 16 December 2016 08:05
Replace SSL Certificates ...

Using awk in Alias Comman...

Written By Farooq Mohammed Ahmed on Friday, 19 February 2016 14:22
Using awk in Alias Comman...

Script to Monitor Nagios ...

Written By Farooq Mohammed Ahmed on Monday, 18 July 2016 22:48
Script to Monitor Nagios ...

Generate/Create a SHA2/SH...

Written By Farooq Mohammed Ahmed on Tuesday, 25 October 2016 13:56
Generate/Create a SHA2/SH...