Install Puppet Master and Agent on same host/node - Puppet - CentOS/Red Hat

It's now possible to install both Puppet Master and Agent on the same host with different certs for each, to avoid future conflicts when managing master server with puppet. You need to have 2 seperate entries on puppet.conf, one in [master] and one in [agent] so that separate certs are generated.

Before we proceed with the install need to make sure that a CNAME/alias name is setup for the puppetmaster and DNS for puppet agent and both should refer back to the same host.

Puppetmaster CNAME/Alias = puppetmaster.ppt.local

Puppet DNS = puppet.ppt.local

IP Address = 192.168.132.11

When using local DNS i.e. etc/hosts

Edit /etc/hosts to have 2 DNS names for the same host.

# vi /etc/hosts
192.168.132.11 puppet.ppt.local   puppetmaster.ppt.local

When using IDM/FreeIPA Server as DNS

Login to Idm server and add a CNAME entry for the puppetmaster to point to puppet server.

Goto --> Identity --> DNS --> ppt.local --> Add

Record name: puppetmaster

Record Type: CNAME

Hostname: puppet

Click Add

Now make sure both the hosts are resolved. Run the below commands.

# host puppetmaster

Output:

[root@puppet admin]# host puppetmaster
puppetmaster.ppt.local is an alias for puppet.ppt.local.
puppet.ppt.local has address 192.168.132.11
# host puppet

Output:

[root@puppet admin]# host puppet
puppet.ppt.local has address 192.168.132.11

We now see that both can be resolved and point to the same host IP address.

Now as we are ready with the DNS and CNAME for both puppet and puppetmaster, next step would be to start the install of puppet master and agent on the host.

Enable Puppet Repo

# rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm

Install Puppet server. Puppet agent is installed part of it.

# yum install puppet-server

Edit/Add puppet.conf with puppetmaster and puppet agent entry. Also enable autosign in [main] section.

# vi /etc/puppet/puppet.conf
[main]
autosign = true
[master]
certname = puppetmaster.ppt.local
[agent]
server = puppet.ppt.local

Now 1st start puppetmaster so that it can generate a cert for it. Check the logs to confirm it works.

# service puppetmaster start
# chkconfig puppetmaster on

logs - /var/log/messages:

[root@puppet ~]# tail -f /var/log/messages
Dec 30 11:13:31 puppet puppet-master[2985]: puppetmaster.ppt.local has a waiting certificate request
Dec 30 11:13:31 puppet puppet-master[2985]: Signed certificate request for puppetmaster.ppt.local
Dec 30 11:13:31 puppet puppet-master[2985]: Removing file Puppet::SSL::CertificateRequest puppetmaster.ppt.local at '/var/lib/puppet/ssl/ca/requests/puppetmaster.ppt.local.pem'
Dec 30 11:13:31 puppet puppet-master[2985]: Removing file Puppet::SSL::CertificateRequest puppetmaster.ppt.local at '/var/lib/puppet/ssl/certificate_requests/puppetmaster.ppt.local.pem'

2nd start puppet agent so that it can generate a cert for it. Check the logs to confirm it works.

# service puppet start
# chkconfig puppet on

logs - /var/log/messages:

Dec 30 11:17:25 puppet puppet-master[3061]: puppet.ppt.local has a waiting certificate request
Dec 30 11:17:25 puppet puppet-master[3061]: Signed certificate request for puppet.ppt.local
Dec 30 11:17:25 puppet puppet-master[3061]: Removing file Puppet::SSL::CertificateRequest puppet.ppt.local at '/var/lib/puppet/ssl/ca/requests/puppet.ppt.local.pem'

Now check the certs signed and you should see two certs in the list, one each for puppetmaster and puppet.

# puppet cert list --all

Output:

[root@puppet admin]# puppet cert list --all
+ "puppet.ppt.local"       (SHA256) EB:2F:34:A5:AC:F5:38:68:89:3F:69:7F:56:CB:9D:8C:6A:77:23:DE:FE:1A:62:C9:31:69:91:BF:44:B4:39:3A + "puppetmaster.ppt.local" (SHA256) 32:4D:2D:96:8C:1A:FF:CA:70:00:F5:99:58:1C:DF:4C:63:E2:55:B8:9E:8F:3B:BC:73:1F:CA:AC:49:ED:7E:59 (alt names: "DNS:puppet", "DNS:puppet.ppt.local", "DNS:puppetmaster.ppt.local")

You should now have a working puppetmaster and puppet agent on the same host. Any issues, please do let us know via Contact Us/comments.

Infra Related Articles....