Configure Puppetmaster and PuppetDB on separate nodes/hosts using PostgreSQL

This article covers the setup and configuration of PuppetDB and Puppetmaster on separate nodes/hosts. I have used PostgreSQL as PuppetDB backend instead of HSQLDB as it's much easier to query and troubleshoot any issues you comes across especially when using Puppet exported resources. Follow this easy-to-follow guide and you should be up and running with a basic config of Puppetmaster and PuppetDB in no time.


  • Good working knowledge and understanding of Puppet and PuppetDB.

  • Make sure the Firewall/iptables are configured to allow the required ports between Puppetmaster, PuppetDB and PostgreSQL.

    • Ports: 8180, 8140, 5432 & 443

Current Scenario:

1) Puppetmaster on one host (** puppetDB-terminus is needed on both master and DB servers in multiple node config)

Host details:

  • Hostname:

  • IP:

2) PuppetDB, PuppetDB-Terminus and PostgreSQL on other host

Host details:

  • Hostname:

  • IP:

Puppetmaster Install and Configuration


First start off with enabling the Repo for Puppetlabs.

# rpm -ivh 

Then install Puppet on the host via yum incl. **PuppetDB-Terminus

# yum -y install puppet-server puppetdb-terminus

And then edit puppet.conf and add these lines in [main] and [master] section (create [master] if there isn't one)

# vi /etc/puppet/puppet.conf

server = dns_alt_names = puppet, autosign = true pluginsync = true

[master] storeconfigs = true storeconfigs_backend = puppetdb reports = store,puppetdb

Create/Edit puppetdb config. This is so that Puppetmaster can send reports to PuppetDB Server.

# vi /etc/puppet/puppetdb.conf

server =
port = 8081
soft_write_failure = false

# vi /etc/puppet/routes.yaml

terminus: puppetdb
cache: yaml

For a test just create a simple site.pp for basic packages install.

# vi /etc/puppet/manifests/site.pp

node '' {
       Package { ensure => installed }
       package { 'telnet': }
       package { 'openssh-clients': }
       package { 'tcpdump': }
node '' {
       Package { ensure => installed }
       package { 'telnet': }
       package { 'openssh-clients': }
       package { 'tcpdump': }

Then start up Puppetmaster service and enable it at runtime

# service puppetmaster start

# chkconfig puppetmaster on
# service puppetmaster stop (this is required for the puppetdb ssl-setup)

PuppetDB Install and Configuration


PostgreSQL Setup

Start with downloading PostgreSQL and setting it up.

Enable the PostgreSQL repo and install it on the host.

# rpm -Uvh
# yum -y install postgresql95 postgresql95-server postgresql95-contrib

Now initialize the db

# service postgresql-9.5 initdb

Edit authorization settings in pg_hba.conf

# vi /var/lib/pgsql/9.5/data/pg_hba.conf

Replace "ident"

host    all             all               ident
host    all             all             ::1/128                    ident

With "md5"

host    all             all               md5
host    all             all             ::1/128                    md5

Now start the PostgreSQL service and enable it at Runtime

# service postgresql-9.5 start
# chkconfig postgresql-9.5 on

Next create user and database for Puppetdb. It will prompt you create a password for the db at the same time.

# su - postgres
-bash-4.1$ createuser -DRSP puppetdb
-bash-4.1$ createdb -O puppetdb puppetdb

Once the above is completed you can now test the access to the database.

-bash-4.1$ psql -h -p 5432 -U puppetdb -W puppetdb


[root@puppet-server ~]# psql -h -p 5432 -U puppetdb -W puppetdb
Password for user puppetdb:
psql (9.5.0)
Type "help" for help.


If all went good up-till here then the next step is to install and setup Puppetdb and puppetdb-terminus.

Install and configure Puppetdb and Puppetdb-terminus

First start off with enabling the Repo for Puppetlabs.

# rpm -ivh

Then install puppetdb and puppetdb-terminus

# yum -y install puppetdb puppetdb-terminus

Now configure "database.ini" with PostgreSQL as the backend

# vi /etc/puppetdb/conf.d/database.ini

classname = org.postgresql.Driver
subprotocol = postgresql
subname = //
username = puppetdb
password = dbpasswordhere
log-slow-statements = 10

Add/Edit the [jetty] section of jetty.ini config with PuppetDB Server IP

# vi /etc/puppetdb/conf.d/jetty.ini

host =

Add this in the [main] section of puppet.conf

# vi /etc/puppet/puppet.conf

        server =

Edit/Hash out the [command processing] section of config.ini

# vi /etc/puppetdb/conf.d/config.ini

    store-usage = 2048
    temp-usage = 2048

Now secure puppetdb with ssl. You need to stop Puppetmaster service if its running BUT if you haven't run the Puppetmaster service till now, you have to run it once to generate the certificates.

Puppetmaster never run (or) 1st time.

# service puppetmaster start (on Puppetmaster host)
# service puppet start (on PuppetDB host)
# service puppetmaster stop (on Puppetmaster host)

IF Puppetmaster has been running for a while then stop the service before running ssl-setup

# service puppetmaster stop (on Puppetmaster host)
# puppetdb ssl-setup (on PuppetDB host)

NOTE: If it gives an error about connection refused (2), remove the puppetdb ssl directory.

# rm -rf /etc/puppetdb/ssl (on PuppetDB host)

Now restart puppetmaster, puppetdb and puppet.

# service puppetdb restart (on PuppetDB host) 
# service puppetmaster restart (on Puppetmaster host)
# service puppet restart (on Puppetmaster & PuppetDB host)

Enable them at Runtime.

# chkconfig puppetdb on
# chkocnfig puppet on
# chkconfig postgresql-9.5 on

And now run a puppet agent test on both hosts.

# puppet agent -t


[root@puppet ~]# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for
Info: Applying configuration version '1455104511'
Notice: /Stage[main]/Main/Node[]/Package[openssh-clients]/ensure: created
Notice: /Stage[main]/Main/Node[]/Package[tcpdump]/ensure: created
Notice: /Stage[main]/Main/Node[]/Package[telnet]/ensure: created
Notice: Finished catalog run in 11.76 seconds

That's should be it with the setup. If you hit any issues please let us know via Contact Us and will try our best to help you out.

Infra Related Articles....

It's now possible to install both Puppet Master and Agent on the same host with different certs for each, to...
This article shows you how to Automate iptables for the whole infrastructure (linux/unix) and maintain the state during the lifecycle...
When adding multiple users in IDM/freeIPA its a pain inputting each user and its time consuming. This script/one liner allows...
This article covers the setup and configuration of PuppetDB and Puppetmaster on separate nodes/hosts. I have used PostgreSQL as PuppetDB...
The process of upgrading Red Hat Satellite 5.6 to 5.7 is fairly simple if you follow the steps properly and...
Joomla! Україна