One Puppet master can control many nodes that are running the Puppet agent. Depending on your particular infrastructure, you can also designate more than one Puppet master to control thousands of nodes. The following procedure describes how to configure one master and one agent.
Before You Begin
Prior to performing the following procedure, do the following:
Install the Puppet IPS package on both the master and all of the nodes that will run the Puppet agent. See Installing Puppet.
On the master, configure and enable the Puppet master SMF service instance.
# svccfg -s puppet:master setprop config/server=master.company.com # svcadm enable puppet:master # svcs puppet:master
The output should indicate that the SMF service instance for the master is online. You are now ready to configure the nodes that will run the Puppet agent.
# svccfg -s puppet:agent setprop config/server=master.company.com # svccfg -s puppet:agent refresh
You must refresh the SMF service for the changes to take effect.
# puppet agent --test
Running the puppet agent command with the –-test option on the agent creates a new SSL key and sets up a request for authentication between the agent and the master.
# puppet cert list
The output of this command should show a request being made by the agent.
# puppet cert sign agent
# puppet agent --test
This step ensures that the authentication between the master and the agent has taken place.
# svcadm enable puppet:agent # svcs puppet:agent
The output should indicate that the SMF service instance for the agent is online.
The following example shows how you would configure a Puppet master and agent.
# svcs -a | grep puppet disabled 16:04:54 svc:/application/puppet:agent disabled 16:04:55 svc:/application/puppet:master
# svccfg -s puppet:master setprop config/server=master.company.com root@master:~# svcadm enable puppet:master root@master:~# svcs puppet:master STATE STIME FMRI online 17:38:42 svc:/application/puppet:master
# svccfg -s puppet:agent setprop config/server=master.company.com # svccfg -s puppet:agent refresh
# puppet agent --test Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for agent.company.com Info: Certificate Request fingerprint (SHA256): E0:1D:0F:18:72:B7:CE:A7:83:E4:48 :D5:F8:93:36:15:55:0A:B9:C8:E5:B1:CE:D9:3E:0A:68:01:BE:F7:76:47 Exiting; no certificate found and waitforcert is disabled
# puppet cert list "agent.company.com" (SHA256) E0:1D:0F:18:72:B7:CE:A7:83:E4:48 :D5:F8:93:36:15:55: 0A:B9:C8 :E5:B1:CE:D9:3E:0A:68:01:BE:F7:76:47
# puppet cert sign agent.company.com Notice: Signed certificate request for agent.company.com Notice: Removing file Puppet:SSL:CertificateRequest agent at '/etc/puppet/ssl/ca/requests/solaris.pem'
# puppet agent --test Info: Caching certificate for agent.company.com Info: Caching certificate_revocation_list for ca Info: Caching certificate for agent.company.com Info: Retrieving plugin Info: Caching catalog for agent.company.com Info: Applying configuration version '1400782295' Notice: Finished catalog run in 0.18 seconds
# svcadm enable puppet:agent # svcs puppet:agent STATE STIME FMRI online 18:20:32 svc:/application/puppet:agent
Next Steps
After you have installed Puppet and performed all of the necessary configuration and validation tasks, you are ready to use Puppet to manage system configuration.
For details about declaring resources with Puppet, see Working With Puppet Resources and Resource Types in Oracle Solaris.
For instructions on writing Puppet manifests, see Writing Puppet Manifests, Classes, and Modules in Oracle Solaris.
For examples of various Oracle Solaris system configurations, see Using Puppet to Manage System Configuration in Oracle Solaris.