How To Add Puppet Nodes to Foreman – CentOS 7 / Ubuntu 18.04 & Debian 9
Abstract: sudo /opt/puppetlabs/bin/puppet cert sign client.itzgeek.localwe will need to update the /etc/puppetlabs/puppet/puppet.conf file. ### CentOS / RHEL /
This tutorial is the continuation of Foreman installation and configuration series. Here, we will be going through the steps to add Puppet nodes to Foreman.
If you haven’t set up Foreman yet, feel free to follow the steps mentioned in the below links.
READ: How To Install Foreman on CentOS 7 / RHEL 7
READ: How To Install Foreman on Ubuntu 18.04 / Ubuntu 16.04 & Debian 9
This post covers the installation and configuration of Puppet agents on CentOS 7 / Fedora 28 / Ubuntu 18.04 / 16.04 & Debian 9 to work with Foreman (Puppet Master).
Infrastructure Foreman NodeIP Address: 192.168.1.10
FQDN: server.itzgeek.local
IP Address: 192.168.1.20
FQDN: client.itzgeek.local
Make sure both Foreman server and the client can resolve the hostname each other. Either use /etc/hosts file or DNS server for this purpose.
### CentOS / RHEL / Fedora ### vi /etc/hosts ### Ubuntu / Debian ### sudo nano /etc/hosts
Like below.
192.168.1.10 server.itzgeek.local server # Foreman 192.168.1.20 client.itzgeek.local client # Puppet AgentInstall Puppet Agent on Foreman Nodes
Let us first install the Puppetlabs repository to get a puppet agent packages from official source.
### CentOS 7 / RHEL 7 ### rpm -Uvh https://yum.puppet.com/puppet5/puppet5-release-el-7.noarch.rpm ### CentOS 6 / RHEL 6 ### rpm -Uvh https://yum.puppet.com/puppet5/puppet5-release-el-6.noarch.rpm ### Ubuntu 18.04 ### wget https://apt.puppetlabs.com/puppet5-release-bionic.deb sudo dpkg -i puppet5-release-bionic.deb sudo apt update ### Ubuntu 16.04 ### wget https://apt.puppetlabs.com/puppet5-release-xenial.deb sudo dpkg -i puppet5-release-xenial.deb sudo apt update ### Debian 9 ### wget https://apt.puppetlabs.com/puppet5-release-stretch.deb sudo dpkg -i puppet5-release-stretch.deb sudo apt-get update ### Fedora 28 ### rpm -Uvh https://yum.puppet.com/puppet5/puppet5-release-fedora-28.noarch.rpm
Install puppet agent using below command.
### CentOS / RHEL ### yum install -y puppet-agent ### Ubuntu / Debian ### sudo apt-get install -y puppet-agent ### Fedora 28 ### dnf install -y puppet-agentConfigure puppet agents
Once the installation is done, we will need to update the /etc/puppetlabs/puppet/puppet.conf file.
### CentOS / RHEL / Fedora ### vi /etc/puppetlabs/puppet/puppet.conf ### Ubuntu / Debian ### sudo nano /etc/puppetlabs/puppet/puppet.conf
Add the following settings to your [agent] settings. Enter your Foreman (Puppet Master) details in server = <> line.
[agent] server = server.itzgeek.local # Foreman Server certname = client.itzgeek.local # Puppet Agent runinterval = 180 # Interval in seconds environment = production listen = false pluginsync = true report = true
Run the following command to enable and run puppet agent service.
sudo /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true
If required, restart the puppet agent service.
### CentOS / RHEL / Fedora ### service puppet restart ### Ubuntu / Debian ### sudo service puppet restartSign Puppet Agent certificate
Now, you will have to sign the certificate of puppet agents to work with Foreman, and you can do this either by using the command line or Foreman web console.
Command Line In Foreman (Puppet Master) server, issue the following command to list down the unsigned certificates.### CentOS / RHEL ### /opt/puppetlabs/bin/puppet cert list ### Ubuntu / Debian ### sudo /opt/puppetlabs/bin/puppet cert list
Output:
"client.itzgeek.local" (SHA256) 86:09:AA:5A:7B:43:31:20:1F:AE:21:3D:44:CA:9A:BF:57:A9:25:92:0A:AB:C7:CF:C2:AF:84:96:4F:C4:F2:F8
In the above output, client.itzgeek.local is the puppet agent. To sign the certificate, use the following command.
### CentOS / RHEL ### /opt/puppetlabs/bin/puppet cert sign client.itzgeek.local ### Ubuntu / Debian ### sudo /opt/puppetlabs/bin/puppet cert sign client.itzgeek.local
Output:
Signing Certificate Request for: "client.itzgeek.local" (SHA256) 86:09:AA:5A:7B:43:31:20:1F:AE:21:3D:44:CA:9A:BF:57:A9:25:92:0A:AB:C7:CF:C2:AF:84:96:4F:C4:F2:F8 Notice: Signed certificate request for client.itzgeek.local Notice: Removing file Puppet::SSL::CertificateRequest client.itzgeek.local at '/etc/puppetlabs/puppet/ssl/ca/requests/client.itzgeek.local.pem'Console Mode
Open up your Foreman web console and go to Infrastructure >> Smart proxies. Select the Certificates from drop down.
Add Puppet Nodes to Foreman – List Puppet CertificateAs you see below, agent certificate (client.itzgeek.local) is pending to be signed. To sign, click the Sign button.
Add Puppet Nodes to Foreman – Foreman Signs Puppet Agent CertificatesNow, agent (client.itzgeek.local) is signed successfully.
Add Puppet Nodes to Foreman – Puppet Certificates Verify NodeNow, go to Hosts >> All Hosts. Verify that the new node (client.itzgeek.local) has been added to Foreman.
Add Puppet Nodes to Foreman – List of Puppet Nodes in ForemanDetailed Information:
Add Puppet Nodes to Foreman – Detailed Information of Added Puppet NodeThat’s All.