Checklist to install puppet 4 server and initially attach clients:


  1. Install the latest puppetlabs collection repo:

    yum -y install \
  2. Install the puppet server:

    yum install puppetserver
  3. Update firewall as needed:

    # iptables -I INPUT 5 -p tcp --dport 8140 -j ACCEPT
    # show input
    Chain INPUT (policy ACCEPT)
    num  target     prot opt source               destination
    1    ACCEPT     all  --             state RELATED,ESTABLISHED
    2    ACCEPT     icmp --  
    3    ACCEPT     all  --  
    4    ACCEPT     tcp  --             state NEW tcp dpt:22
    5    ACCEPT     tcp  --             tcp dpt:8140
    6    REJECT     all  --             reject-with icmp-host-prohibited
  4. Configure the puppet server:

    • Config files:
      • Primary config file at /etc/puppetlabs/puppetserver/conf.d
      • Historic config file at /etc/puppetlabs/puppet/puppet.conf
    • Any config options available in the conf.d files will be ignored in puppet.conf. Another warning: a setting left undefined in config files will revert to default value rather than using the values from puppet.conf. Long story short: don’t use puppet.conf for puppet server. puppet commands, though, will use this file so keep the parameters in sync. Options to keep in sync:
puppet.server puppet.conf Default
master-conf-dir confdir /etc/puppetlabs/puppet
master-code-dir codedir /etc/puppetlabs/code
master-var-dir vardir /opt/puppetlabs/server/data/puppetserver
master-run-dir rundir /var/run/puppetlabs/puppetserver
master-log-dir logdir /var/log/puppetlabs/puppetserver
  • Update puppet.conf to put volatile files under /var in puppet.conf and puppetserver.conf. Update ownership and perms:

    # /etc/puppetlabs/puppet/puppet.conf
    [agent]  # req for puppet agent runs
      vardir = /var/opt/puppetlabs/puppetserver
      ssldir = $vardir/ssl
      vardir = /var/opt/puppetlabs/puppetserver
      ssldir = $vardir/ssl
      vardir = /var/opt/puppetlabs/puppetserver
      ssldir = $vardir/ssl
    # /etc/puppetlabs/puppetserver/conf.d/puppetserver.conf
    # (optional) path to puppet conf dir; if not specified, will use
    # /etc/puppetlabs/puppet
    master-var-dir: /var/opt/puppetlabs/puppetserver
    # mkdir -p -m 755 /var/opt/puppetlabs/puppetserver && \
        chown puppet:puppet /var/opt/puppetlabs/puppetserver
  • Update memory usage in /etc/sysconfig/puppetserver. In test system, decrease to 512m. In production env, increase... How much? when? how to tell?

  • Update TLS cert info, if desired in /etc/puppetlabs/puppetserver/conf.d/webserver.conf. Book suggests not doing this as CA info is still in puppet.conf

ssl-cert     = /var/opt/puppetlabs/puppetserver/ssl/certs/
ssl-key      = /var/opt/puppetlabs/puppetserver/ssl/private_keys/
ssl-ca-cert  = /var/opt/puppetlabs/puppetserver/ssl/certs/ca.pem
ssl-crl-cert = /var/opt/puppetlabs/puppetserver/ssl/certs/crl.pem

*   Update logging if so desired.  Option to send logs to syslog.
*   Update authorization as needed.  Book quite literally says::

        If you are new to puppet, skip ahead to running puppet server
        and come back later.
  1. Update hiera.yaml to reflect hiearchy of your choice and to change the datadir so that all environments share data.