element14 Community
element14 Community
    Register Log In
  • Site
  • Search
  • Log In Register
  • About Us
  • Community Hub
    Community Hub
    • What's New on element14
    • Feedback and Support
    • Benefits of Membership
    • Personal Blogs
    • Members Area
    • Achievement Levels
  • Learn
    Learn
    • Ask an Expert
    • eBooks
    • element14 presents
    • Learning Center
    • Tech Spotlight
    • STEM Academy
    • Webinars, Training and Events
    • Learning Groups
  • Technologies
    Technologies
    • 3D Printing
    • FPGA
    • Industrial Automation
    • Internet of Things
    • Power & Energy
    • Sensors
    • Technology Groups
  • Challenges & Projects
    Challenges & Projects
    • Design Challenges
    • element14 presents Projects
    • Project14
    • Arduino Projects
    • Raspberry Pi Projects
    • Project Groups
  • Products
    Products
    • Arduino
    • Avnet Boards Community
    • Dev Tools
    • Manufacturers
    • Multicomp Pro
    • Product Groups
    • Raspberry Pi
    • RoadTests & Reviews
  • Store
    Store
    • Visit Your Store
    • Choose another store...
      • Europe
      •  Austria (German)
      •  Belgium (Dutch, French)
      •  Bulgaria (Bulgarian)
      •  Czech Republic (Czech)
      •  Denmark (Danish)
      •  Estonia (Estonian)
      •  Finland (Finnish)
      •  France (French)
      •  Germany (German)
      •  Hungary (Hungarian)
      •  Ireland
      •  Israel
      •  Italy (Italian)
      •  Latvia (Latvian)
      •  
      •  Lithuania (Lithuanian)
      •  Netherlands (Dutch)
      •  Norway (Norwegian)
      •  Poland (Polish)
      •  Portugal (Portuguese)
      •  Romania (Romanian)
      •  Russia (Russian)
      •  Slovakia (Slovak)
      •  Slovenia (Slovenian)
      •  Spain (Spanish)
      •  Sweden (Swedish)
      •  Switzerland(German, French)
      •  Turkey (Turkish)
      •  United Kingdom
      • Asia Pacific
      •  Australia
      •  China
      •  Hong Kong
      •  India
      •  Korea (Korean)
      •  Malaysia
      •  New Zealand
      •  Philippines
      •  Singapore
      •  Taiwan
      •  Thailand (Thai)
      • Americas
      •  Brazil (Portuguese)
      •  Canada
      •  Mexico (Spanish)
      •  United States
      Can't find the country/region you're looking for? Visit our export site or find a local distributor.
  • Translate
  • Profile
  • Settings
Pi IoT
  • Challenges & Projects
  • Design Challenges
  • Pi IoT
  • More
  • Cancel
Pi IoT
Blog [Pi IoT] Alarm Clock #03: Puppet
  • Blog
  • Forum
  • Documents
  • Polls
  • Files
  • Events
  • Mentions
  • Sub-Groups
  • Tags
  • More
  • Cancel
  • New
  • Share
  • More
  • Cancel
Group Actions
  • Group RSS
  • More
  • Cancel
Engagement
  • Author Author: fvan
  • Date Created: 2 Jun 2016 5:43 PM Date Created
  • Views 1550 views
  • Likes 3 likes
  • Comments 8 comments
  • fvan_piiot
  • piiot
  • puppet
  • feature_tutorial
Related
Recommended

[Pi IoT] Alarm Clock #03: Puppet

fvan
fvan
2 Jun 2016

  • Preparation
  • Puppet Master
    • Installation & Configuration
    • Manifests & Modules
  • Puppet Agent
    • Installation
    • Puppet Run
  • Conclusion

 

Puppet is an open-source configuration management tool that helps automate the deployment and management of files and applications on target hosts. A puppet master contains the definition of the desired configurations in files called manifests or modules. Agents can query the master in order to know which configuration changes to apply.

puppet labs logo from Puppet Keynote by Luke Kaniesimage

 

 

In this post, I will cover the installation of the puppet master and puppet agent, along with a simple example manifest. I intend to fully puppetize my project, delivering a set of manifests and modules, making it possible to recreate it from scratch, with minimal effort.

 

Let's get puppetizing!

 

Preparation

 

For this guide, I am using a Raspberry Pi 3 running the latest version of Raspbian Jessie.

 

After connecting via SSH (via ethernet or wifi), the file system was expanded using "raspi-config":

image

 

Using the same application, the hostname was changed to "puppet":

imageimage

 

Finally, the software has been fully updated:

 

pi@puppet:~ $ sudo apt-get update && sudo apt-get upgrade -y

 

With that taken care of, we can proceed to the actual installation.

 

Puppet Master

 

The puppet master holds the definition of every node by means of reusable modules. A node is then defined by a specific combination of modules, in order to obtain a specific role.

 

Lifecycle of a Puppet Run from Puppet Keynote by Luke Kaniesimage

 

 

 

Installation & Configuration

 

Installing puppet master is straightforward and can be done using the following command:

 

pi@puppet:~ $ sudo apt-get install puppetmaster-passenger

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
apache2 apache2-bin apache2-data apache2-utils augeas-lenses facter hiera libapache2-mod-passenger libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libaugeas0 libev4 libjsoncpp0 liblua5.1-0 libpci3 pciutils puppet-common puppetmaster-common
ruby-activemodel ruby-activerecord ruby-activerecord-deprecated-finders ruby-activesupport ruby-arel ruby-atomic ruby-augeas ruby-blankslate ruby-builder ruby-hiera ruby-i18n ruby-json ruby-minitest ruby-passenger ruby-rack ruby-rgen ruby-safe-yaml ruby-selinux
ruby-shadow ruby-thread-safe ruby-tzinfo ssl-cert virt-what
Suggested packages:
apache2-doc apache2-suexec-pristine apache2-suexec-custom augeas-doc mcollective-common augeas-tools ruby-rrd librrd-ruby puppet-el ruby-ldap ruby-stomp stompserver vim-puppet ruby-builder-doc rails ruby-passenger-doc openssl-blacklist
The following NEW packages will be installed:
apache2 apache2-bin apache2-data apache2-utils augeas-lenses facter hiera libapache2-mod-passenger libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libaugeas0 libev4 libjsoncpp0 liblua5.1-0 libpci3 pciutils puppet-common puppetmaster-common
puppetmaster-passenger ruby-activemodel ruby-activerecord ruby-activerecord-deprecated-finders ruby-activesupport ruby-arel ruby-atomic ruby-augeas ruby-blankslate ruby-builder ruby-hiera ruby-i18n ruby-json ruby-minitest ruby-passenger ruby-rack ruby-rgen
ruby-safe-yaml ruby-selinux ruby-shadow ruby-thread-safe ruby-tzinfo ssl-cert virt-what
0 upgraded, 44 newly installed, 0 to remove and 0 not upgraded.
Need to get 5,905 kB of archives.
After this operation, 23.8 MB of additional disk space will be used.
Do you want to continue? [Y/n]

 

It will install the necessary dependencies.

 

Once installed, you should be able to query puppet to verify the installed certificates:

 

pi@puppet:~ $ sudo puppet cert --list --all

+ "puppet.home" (SHA256) 03:2D:C0:4A:33:FC:C7:A0:3B:45:A0:41:DC:B6:B4:97:3B:B3:32:39:67:3B:F5:69:17:C4:B9:46:50:EE:D7:99 (alt names: "DNS:puppet", "DNS:puppet.home")

 

When new agents will attempt to perform a puppet run, a certificate will be generated on the master. Only when it is signed by the master, will the agent be able to successfully perform the puppet run.

 

To start or stop the puppet master, simply call the apache2 service:

 

pi@puppet:~ $ sudo service apache2 status|start|stop|restart

 

Manifests & Modules

 

In puppet, manifests describe the configuration actions to be performed. This can be as simple as ensuring a certain file with specific content is present (or absent), but also more advanced like automatically installing and configuring a certain application.

 

To test the installation of the puppet master, a simple manifest can be used.

 

pi@puppet:~ $ sudo nano /etc/puppet/manifests/site.pp

file { '/tmp/testfile':
ensure => present,
mode => '0444',
content => 'test content',
}

 

This manifest will ensure the file "testfile" is present in the "/tmp" folder, with read permission containing the text "test content". If the file doesn't exist, or the permissions or content are not as expected, puppet will correct it accordingly.

 

This example showcases a standalone manifest. Manifests can be combined with files and templates into a module. The purpose of a module is to complete a set of related actions, such as installing an application and configuring it for example.

 

Let's install the agent and test out this simple manifest.

 

Puppet Agent

 

Puppet agent's role is to retrieve the local machine's configuration by contacting the puppet master, retrieve the configuration and apply it.

 

For this purpose, I used a second Raspberry Pi. I used the same preparation steps, except I gave it a different hostname: "piiot1".

 

Installation

 

Installing and activating the agent is as easy as installing the master:

 

pi@piiot1:~ $ sudo apt-get install puppet

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libxfce4ui-1-0 xfce-keyboard-shortcuts
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
  augeas-lenses facter hiera javascript-common libaugeas0 libjs-jquery libpci3 libruby2.0 libruby2.1 libyaml-0-2 pciutils puppet-common ruby ruby-augeas ruby-hiera ruby-json ruby-rgen ruby-safe-yaml ruby-selinux ruby-shadow ruby2.0 ruby2.1 rubygems-integration
  virt-what
Suggested packages:
  augeas-doc mcollective-common apache2 lighttpd httpd augeas-tools puppet-el vim-puppet etckeeper ruby-rrd librrd-ruby ri ruby-dev bundler
The following NEW packages will be installed:
  augeas-lenses facter hiera javascript-common libaugeas0 libjs-jquery libpci3 libruby2.0 libruby2.1 libyaml-0-2 pciutils puppet puppet-common ruby ruby-augeas ruby-hiera ruby-json ruby-rgen ruby-safe-yaml ruby-selinux ruby-shadow ruby2.0 ruby2.1 rubygems-integration
  virt-what
0 upgraded, 25 newly installed, 0 to remove and 10 not upgraded.
Need to get 8,866 kB/8,876 kB of archives.
After this operation, 36.1 MB of additional disk space will be used.
Do you want to continue? [Y/n]

 

Once the agent is installed, an initial "puppet run" is required to generate the certificate on the master:

 

pi@piiot1:~ $ sudo puppet agent -t

Info: Creating a new SSL key for piiot1.home
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for piiot1.home
Info: Certificate Request fingerprint (SHA256): D2:C5:40:64:A0:B9:C2:90:A0:19:EE:BF:24:3F:87:95:3E:33:38:26:48:07:1B:6B:A7:BD:10:73:D3:F7:75:F7
Exiting; no certificate found and waitforcert is disabled

 

On the puppet master, it is possible to list the certificates. The certificate for node "piiot1" is not signed yet, preventing the actual execution of the manifest.

 

pi@puppet:~ $ sudo puppet cert --list --all

"piiot1.home" (SHA256) D2:C5:40:64:A0:B9:C2:90:A0:19:EE:BF:24:3F:87:95:3E:33:38:26:48:07:1B:6B:A7:BD:10:73:D3:F7:75:F7
+ "puppet.home" (SHA256) 03:2D:C0:4A:33:FC:C7:A0:3B:45:A0:41:DC:B6:B4:97:3B:B3:32:39:67:3B:F5:69:17:C4:B9:46:50:EE:D7:99 (alt names: "DNS:puppet", "DNS:puppet.home")

 

On the same master, the certificate can be signed, as the node is known to be part of our setup.

 

pi@puppet:~ $ sudo puppet cert sign piiot1.home

Notice: Signed certificate request for piiot1.home
Notice: Removing file Puppet::SSL::CertificateRequest piiot1.home at '/var/lib/puppet/ssl/ca/requests/piiot1.home.pem'

 

A "+" sign is added in front of the certificate, indicating it is signed.

 

pi@puppet:~ $ sudo puppet cert --list --all

+ "piiot1.home" (SHA256) 23:44:D3:B6:70:68:77:F9:9E:A7:EB:72:09:E9:F1:67:FA:24:53:47:99:BB:D9:2F:74:A1:CC:3E:50:76:55:01
+ "puppet.home" (SHA256) 03:2D:C0:4A:33:FC:C7:A0:3B:45:A0:41:DC:B6:B4:97:3B:B3:32:39:67:3B:F5:69:17:C4:B9:46:50:EE:D7:99 (alt names: "DNS:puppet", "DNS:puppet.home")

 

With the certificate signed, it is now possible to perform a puppet run and execute the actions defined in the manifest.

 

Puppet Run

 

Repeating the same command to perform the puppet run, now results in the execution of the manifest defined on the master:

 

pi@piiot1:~ $ sudo puppet agent -t

Info: Caching certificate for piiot1.home
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for piiot1.home
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for piiot1.home
Info: Applying configuration version '1464532909'
Notice: /Stage[main]/Main/File[/tmp/testfile]/ensure: created
Notice: Finished catalog run in 0.10 seconds

 

The test file has been created, has the required permissions and content:

 

pi@piiot1:~ $ ls -l /tmp/testfile

-r--r--r-- 1 root root 12 May 29 16:41 /tmp/testfile

 

pi@piiot1:~ $ cat /tmp/testfile

test content

 

Conclusion

 

Success! Puppet master and agent have successfully been deployed. We can now continue by defining more elaborate manifests and modules which will help us simplify future deployments.

 

It may be hard to grasp or see the advantages of setting up puppet based on this example, but instead of deploying a simple file, imagine this "puppet run" installing and configuring a set applications. Sounds rather neat, right? That's what you can expect for next post!

 

 


image

 


Navigate to the next or previous post using the arrows.

image
  • Sign in to reply

Top Comments

  • Jan Cumps
    Jan Cumps over 9 years ago in reply to fvan +4
    Frederick Vandenbosch wrote: ... The arrows were just a spur of the moment kind of thing. Hope it's useful ... A great idea. I always have to update the table of contents of all existing posts in a series…
  • fvan
    fvan over 9 years ago in reply to mcb1 +3
    Thanks Mark! If thought if they use puppet at work, it must be useful and if I should really get blocked, I could always ask someone for advice The arrows were just a spur of the moment kind of thing.…
  • rhe123
    rhe123 over 9 years ago +1
    Nice write up Frederick! I'm considering using a tool like Puppet for a while now, and since the amount of Raspberry Pi's is growing, this might be a good moment to start. So, I might follow you in this…
  • Jan Cumps
    Jan Cumps over 9 years ago in reply to fvan

    Frederick Vandenbosch wrote:

    ...

     

    The arrows were just a spur of the moment kind of thing. Hope it's useful ...

    A great idea. I always have to update the table of contents of all existing posts in a series when I add a blog.

    And these buttons are a navigating mechanism that we're used to see on the web. image

    • Cancel
    • Vote Up +4 Vote Down
    • Sign in to reply
    • More
    • Cancel
  • fvan
    fvan over 9 years ago in reply to mcb1

    Thanks Mark!

     

    If thought if they use puppet at work, it must be useful and if I should really get blocked, I could always ask someone for advice image

     

    The arrows were just a spur of the moment kind of thing. Hope it's useful ...

    • Cancel
    • Vote Up +3 Vote Down
    • Sign in to reply
    • More
    • Cancel
  • mcb1
    mcb1 over 9 years ago

    Well done.

    I was wondering how you got wind of these things ... but you've answered it.

     

    I like the navigation arrows and the content links ... almost seems like a normal web page image

     

     

    Mark

    • Cancel
    • Vote Up +1 Vote Down
    • Sign in to reply
    • More
    • Cancel
  • fvan
    fvan over 9 years ago in reply to Workshopshed

    I would think so. As long as the client can contact the master, I don't see why this would be an issue.

    • Cancel
    • Vote Up +1 Vote Down
    • Sign in to reply
    • More
    • Cancel
  • Workshopshed
    Workshopshed over 9 years ago

    Sounds like a good way to keep lots of boards synced up. Could it be used with the Puppet Master at the end of a VPN?

    • Cancel
    • Vote Up 0 Vote Down
    • Sign in to reply
    • More
    • Cancel
>
element14 Community

element14 is the first online community specifically for engineers. Connect with your peers and get expert answers to your questions.

  • Members
  • Learn
  • Technologies
  • Challenges & Projects
  • Products
  • Store
  • About Us
  • Feedback & Support
  • FAQs
  • Terms of Use
  • Privacy Policy
  • Legal and Copyright Notices
  • Sitemap
  • Cookies

An Avnet Company © 2025 Premier Farnell Limited. All Rights Reserved.

Premier Farnell Ltd, registered in England and Wales (no 00876412), registered office: Farnell House, Forge Lane, Leeds LS12 2NE.

ICP 备案号 10220084.

Follow element14

  • X
  • Facebook
  • linkedin
  • YouTube