January 16, 2017

Puppet – How to install and configure Puppet Enterprise

Puppet – How to install and configure Puppet Enterprise

In this blog i'm going to brief about the Puppet Server – Enterprise installation and configuration. We are going to install the puppet server in monolithic mode. In monolithic installation, Puppet Master, Puppet console, Puppet DB will be installing on one node. This is the simple method to evaluate puppet enterprise and you can manage up to 500 puppet agent nodes.

In a monolithic installation all PE components are installed on one node. This installation type is easy to install, upgrade, and troubleshoot, and you can expand this installation type up to 20,000 managed nodes by adding compile masters to it as you scale. A monolithic installation is the recommended install type for most users.

Here, we will configure a puppet in master/agent architecture and will use two CentOS 7.

Puppet Master:

Operating system : CentOS 7
IP Address       :
HostName         : puppetmaster
Install NTP:

Timings of the master and client nodes should be accurately in sync with upstream time servers because Puppet master server master will be acting as the certificate authority.

(If the time is wrong, it might mistakenly issue agent certificates from the distant past or future date, which other nodes will treat as expired.)

Install the NTP package and perform the time sync with upstream NTP servers.

# yum -y install ntp
# systemctl start ntpd 
# systemctl enable ntpd

Ensure that all the nodes are in same time zone using date command.

Set the time zone using the following command.

# timedatectl set-timezone Europe/Amsterdam

Puppet architecture uses the hostname to communicate with the managed nodes, so make sure nodes can resolve the hostname each other, either setup file or DNS server. My /etc/hosts looks like the following: puppetmaster 


Add the following rules to the firewall.

firewall-cmd --permanent --zone=public --add-port=443/tcp
firewall-cmd --permanent --zone=public --add-port=4443/tcp
firewall-cmd --permanent --zone=public --add-port=8140/tcp
firewall-cmd --permanent --zone=public --add-port=8142/tcp
firewall-cmd --permanent --zone=public --add-port=61613/tcp
firewall-cmd --permanent --zone=public --add-port=3000/tcp
firewall-cmd --reload

For the download of the packages I refer to https://docs.puppet.com/pe/2016.5/

First of all make sure you have 2 CPU's and 4GB memory in your server because else the installation will fail.

[root@puppetmaster ~]# tar -xvf puppet-enterprise-2016.4.2-el-7-x86_64.tar.gz 
[root@puppetmaster ~]# cd puppet-enterprise-2016.4.2-el-7-x86_64
[root@puppetmaster puppet-enterprise-2016.4.2-el-7-x86_64]#   ./puppet-enterprise-installer
~/puppet-enterprise-2016.4.2-el-7-x86_64 ~/puppet-enterprise-    2016.4.2-el-7-x86_64
Puppet Enterprise Installer
Puppet Enterprise offers two different methods of installation.

[1] Guided install

Recommended for beginners. This method will install and configure a temporary
webserver to walk you through the various configuration options.

NOTE: This method requires you to be able to access port 3000 on this machine
from your desktop web browser.

[2] Text-mode

Recommended for advanced users. This method will open your $EDITOR (vi)
with a PE config file (pe.conf) for you to edit before you proceed with installation.

The pe.conf file is a HOCON formatted file that declares parameters    and values needed to
install and configure PE.
We recommend that you review it carefully before proceeding.


How to proceed? [1]:

Go to url: and the following screens will apear.

Let everything be default and after the installation check if it is working by typing:

[root@puppetmaster puppet-enterprise-2016.4.2-el-7-x86_64]# puppet agent --test
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for puppetmaster
Info: Applying configuration version '1482499930'
Notice: Applied catalog in 12.22 seconds

In my next blog I'm going to make a signed RPM environment for my custom packages. A signed RPM environment is needed to make sure you are using trusted packages.