What is Puppet?
Puppet is IT automation software that helps system administrators manage IT infrastructure. It automates tasks such as provisioning, configuration, patch management and compliance. Repetitive tasks are easily automated, deployment of critical applications occurs rapidly, and required system changes are proactively managed. Puppet scales to meet the needs of the environment, whether it is a simple deployment or a complex infrastructure, and works on-premise or in the cloud.
Puppet is now available as part of Oracle Solaris 11.2!
Use ntpdate or ntpd -q to set the date
Puppet can error out with some very strange messages if the clocks on both the master and agent aren't synchronized. You can use ntpdate or ntpd -q to set the date just once if you'd like to manage the NTP service with Puppet, or you can configure NTP.
Install the required packages on both systems
# pkg install puppet
This will install the puppet, facter and ruby-19 packages.
Configure the Puppet SMF instances
master # svccfg -s puppet:master setprop config/server = master.fqdn.company.com
master # svccfg -s puppet:master refresh
master # svcadm enable puppet:master
agent # svccfg -s puppet:agent setprop config/server = master.fqdn.company.com
agent # svccfg -s puppet:agent refresh
Test the connection to the master and configure authentication
Before enabling the puppet:agent service, you'll want to test the connection first in order to set up authentication
agent # puppet agent --test --server master.fqdn.company.com
Info: Creating a new SSL key for agent.fqdn.company.com
Info: Caching certificate for ca
Info: Creating a new SSL certificate request for agent.fqdn.company.com
Info: Certificate Request fingerprint (SHA256):
C9:63:22:6A:9F:88:D6:18:7F:F3:F4:FA:89:E4:86:A1:C7:BE:94:CF:F1:D5:59:B9:DD:21:8D:C1:C9:B0:F4:18
**Exiting; no certificate found and waitforcert is disabled**
Now that the agent has created a new SSL key, authorization needs approval on the master.
Sign the SSL certificate on the master
master # puppet cert list
"agent.fqdn.company.com" (SHA256)
C9:63:22:6A:9F:88:D6:18:7F:F3:F4:FA:89:E4:86:A1:C7:BE:94:CF:F1:D5:59:B9:DD:21:8D:C1:C9:B0:F4:18
master # puppet cert sign agent.fqdn.company.com
Notice: Signed certificate request for agent.fqdn.company.com
Notice: Removing file Puppet::SSL::CertificateRequest agent.fqdn.company.com at
'/etc/puppet/ssl/ca/requests/agent.fqdn.company.com.pem'
Retest the agent to ensure it can connect
agent # puppet agent --test --server master.fqdn.company.com
Info: Caching certificate for agent.fqdn.company.com
Info: Caching certificate_revocation_list for ca
Info: Retrieving plugin
Info: Caching catalog for agent.fqdn.company.com
Info: Applying configuration version '1371232699'
Notice: Finished catalog run in 0.65 seconds
Enable the agent service
agent # svcadm enable puppet:agent
Additional configuration of /etc/puppet/puppet.conf on both master and agent (optional)
Further customizations can be made in /etc/puppet/puppet.conf. See Puppet's Configurables page for more details.
NOTE: Puppet's configuration is completely done via SMF stencils. /etc/puppet/puppet.conf should not be directly edited as any edits will be lost when the Puppet SMF service (re)starts. Setting a new value should be done via svccfg(1M):
# svccfg -s puppet:agent setprop config/<option> = <value>
# svccfg -s puppet:agent refresh
(substitute :master as needed)