Puppet Nodes to Foreman – CentOS 7 / Ubuntu 14.04
Puppet is an open-source configuration management tool. It runs on many Unix-like systems as well as on Microsoft Windows, and includes its own declarative language to describe system configuration.

Puppet is produced by Puppet Labs, founded by Luke Kanies in 2005. It is written in Ruby and released as free software under the GNU General Public License (GPL) until version 2.7.0 and the Apache License 2.0 after that.

Foreman (also known as The Foreman) is an open source complete life cycle systems management tool for provisioning, configuring and monitoring of physical and virtual servers. Foreman has deep integration to configuration management software, with Puppet, Chef, Salt and other solutions through plugins, which allows you to automate repetitive tasks, deploy applications and manage change to deployed servers.

Foreman provides provisioning on bare-metal (through managed DHCP, DNS, TFTP, and PXE-based unattended installations), virtualization and cloud. Foreman provides comprehensive, auditable interaction facilities including a web frontend, a command line interface, and a robust REST API.


Make sure your system (both puppet server and client) is able to resolve the hostname each other, either use /etc/hosts file or DNS server.
vi /etc/hosts     server.hackthesec.local     server    # Foreman     centos.hackthesec.local     centos    # CentOS 7 Agent      ubuntu.hackthesec.local     ubuntu    # Ubuntu 14.04 Agent
Let's install the Puppet agents on both CentOS and Ubuntu machine.
Install Puppet Agent on CentOS 7:
Install Puppetlabs repository in order to get a puppet agent packages from official source.
rpm -ivh

yum -y install puppet
Install Puppet Agent on Ubuntu 14.04:
To install Puppet agent, we have to configure Puppetlabs repository on Ubuntu 14.04.
sudo dpkg -i puppetlabs-release-trusty.deb

sudo apt-get update

sudo apt-get install puppet
Configure puppet agent on CentOS 7 / Ubuntu 14.04:
Once the installation is done, we will need to update the "/etc/puppet/puppet.conf" file.

There are two section on the agent node's puppet config file, a [main] and [master] section. Add the following settings to your [main] settings.
vi /etc/puppet/puppet.conf
Comment or Delete "templatedir=$confdir/templates" line and enter your details Foreman (Puppet Master) in "server = hostname" line
### Add Below Lines ###
server = server.hackthesec.local
report = true
pluginsync = true
Edit /etc/default/puppet to enable puppet service.
vi /etc/default/puppet
Setting this to "yes" allows the puppet agent service to run.
Run following command to enable and run puppet agent service.
puppet resource service puppet ensure=running enable=true
Sign Puppet Agent certificate:
Now, you will have to sign the certificates of puppet agents in order to work with Foreman, you can do this either by using command line or Foreman web console. Command Line: In Foreman (Puppet Master) server, issue the following command to list down the unsigned certificates.
[root@hackthesec server ~]# puppet cert list
"ubuntu.hackthesec.local" (SHA256) 35:D1:B5:67:52:1C:1C:BH:6H:DD:3C:2E:B0:28:D7:15:52:95:32:95:1F:37:29:2G:5F:D7:4C:F5:DB:94:A1:B2
In the above output, "ubuntu.hackthesec.local" is the puppet agent. To sign the certificate, use following command.
[root@hackthesec server ~]# puppet cert sign ubuntu.hackthesec.local
Notice: Signed certificate request for ubuntu.hackthesec.local
Notice: Removing file Puppet::SSL::CertificateRequest ubuntu.hackthesec.local at '/var/lib/puppet/ssl/ca/requests/ubuntu.hackthesec.local.pem'
Console Mode:
Open up your Foreman web console, go to Infrastructure –> Smart proxies. Click Certificates button.
As you see below, agent certificate (ubuntu.hackthesec.local) is pending to be signed. To sign, click Sign button.
After that your agent (ubuntu.hackthesec.local) is signed successfully.
To verify the node go to Hosts –> All Hosts. Verify that the new node (ubuntu.hackthesec.local) has been added to Foreman.
In case if you want to remove the puppet agent from the Puppet master, run.
[root@hackthesec server ~]# puppet cert clean ubuntu.hackthesec.local
Notice: Revoked certificate with serial 3
Notice: Removing file Puppet::SSL::Certificate ubuntu.hackthesec.local at '/var/lib/puppet/ssl/ca/signed/ubuntu.hackthesec.local.pem'
Notice: Removing file Puppet::SSL::Certificate ubuntu.hackthesec.local at '/var/lib/puppet/ssl/certs/ubuntu.hackthesec.local.pem'
In case, if you want to re-register the puppet agent that you just deleted in previous step. Follow the below procedure.

Stop the puppet service.
service puppet stop
Delete the puppet agent ssl directory.
rm -rf /var/lib/puppet/ssl/certs
Start the puppet service.
service puppet start
Now, you can go and run the "puppet cert list" command on Foreman (puppet master) server to see the signing request, approve it incase you required.

About Author:

I am a Linux Administrator and Security Expert with this site i can help lot's of people about linux knowladge and as per security expert i also intersted about hacking related news.TwitterFacebook

Newer Post
Older Post


Post a Comment