How to Configure Puppet Agents
Example 2-1 Configuring a Puppet Agent
Do not edit the /etc/puppetlabs/puppet/puppet.conf
Puppet configuration file manually. Such changes are not saved. SMF property values generate this Puppet configuration file. This configuration file is updated when you update the associated SMF property values, as shown in the following example. For descriptions of the properties shown here and other configuration values that you can set, see Short list of important settings and Configuration Reference.
While the puppet:agent
service is disabled, set the ca_server
and server
properties. The server
property value is the host name of the server. Typically, the ca_server
value is also the host name of the server.
In this example, the host name of the Puppet Server is pupsvr
and the fully qualified domain name of the Puppet Agent is agent.example.com
.
# svccfg -s puppet:agent svc:/application/puppet:agent> setprop config/ca_server = host: pupsvr svc:/application/puppet:agent> setprop config/server = host: pupsvr svc:/application/puppet:agent> setprop config/runinterval = astring: 1d svc:/application/puppet:agent> refresh svc:/application/puppet:agent> exit
Verify that the property values are correct:
# svcprop -p config puppet:agent
When you refresh the puppet:agent
service instance and that instance comes online, any changes that you make by setting SMF property values are reflected in the puppet.conf
file.
Test the connection on the agent.example.com
agent:
$ puppet agent --test
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for agent.example.com
Info: Certificate Request fingerprint (SHA256): E0:1D:0F:18:72:B7:CE:A7:83:E4:48:D5:F8:93:36:15:55:
0A:B9:C8:E5:B1:CE:D9:3E:0A:68:01:BE:F7:76:47
Exiting; no certificate found and waitforcert is disabled
Identify outstanding authentication requests on the server:
$ puppetserver ca list
"agent.example.com" (SHA256) E0:1D:0F:18:72:B7:CE:A7:83:E4:48:D5:F8:93:36:15:55:
0A:B9:C8:E5:B1:CE:D9:3E:0A:68:01:BE:F7:76:47
Sign the outstanding request:
$ puppetserver ca sign agent.example.com
Notice: Signed certificate request for agent.example.com
Notice: Removing file Puppet:SSL:CertificateRequest agent at '/etc/puppetlabs/puppet/ssl/ca/requests/solaris.pem'
Retest the connection on the agent:
$ puppet agent --test
Info: Caching certificate for agent.example.com
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for agent.example.com
Info: Retrieving plugin
Info: Caching catalog for agent.example.com
Info: Applying configuration version '1400782295'
Notice: Finished catalog run in 0.18 seconds
Enable the puppet:agent
service:
$ svcadm enable puppet:agent $ svcs puppet:agent STATE STIME FMRI online 18:20:32 svc:/application/puppet:agent
View the following abridged example configuration file:
$ cat /etc/puppetlabs/puppet/puppet.conf
# WARNING: THIS FILE GENERATED FROM SMF DATA.
# DO NOT EDIT THIS FILE. EDITS WILL BE LOST.
#
# See puppet.conf(5) and http://docs.puppetlabs.com/guides/configuring.html
# for details.
[agent]
ca_server = pupsvr
logdest = /var/log/puppetlabs/puppet/puppet-agent.log
runinterval = 1d
server = pupsvr
Next Steps
After you install Puppet and perform all of the necessary configuration and validation tasks, you are ready to use Puppet to manage system configurations.
For more information about using Pupput in Oracle Solaris, see: