This is a guide on How to install Puppet master and agent on Ubuntu 18.04 Bionic Beaver.  Puppet is a configuration management tool written in Ruby and C++ that helps you automate configurations and deployments of applications across hundreds to thousands of systems. The software is under Apache License.

Puppets run on Linux, Unix, and Windows environments. As of this writing, the latest release of Puppet is 5.5.0.

Puppet Server / Client Architecture

Puppet uses Client/Server model. The server does all the automation of tasks on systems that have a client application installed. The work of the Puppet agent is to send facts to the puppet master and request a catalog based on certain interval level. Once it receives a catalog, Puppet agent applies it to the node by checking each resource the catalog describes. It makes relevant changes to attain the desired state.

The work of the Puppet master is to control configuration information.  Each managed agent node requests its own configuration catalog from the master.

What is a Catalog in Puppet?

A catalog is a document that describes the desired system state for one specific system. It lists all of the resources that need to be managed, as well as any dependencies between those resources.

Puppet  is able to configure end systems in two stages:

  1. Compile a catalog.
  2. Apply the catalog.

Puppet Master – Agent Communication

The communication between the Puppet agent and master servers is over an encrypted tunnel (HTTPS) with client verification. By using configuration management systems like Puppet, as a Sysadmin, you get to focus on production tasks by removing all manual repetitive tasks.

Installing Puppet Master on Ubuntu 18.04 Bionic Beaver

Let’s now dive to the installation process for Puppet master on Ubuntu 18.04. My Lab environment is as below:

Puppet Master:

IP Address:

Puppet Agent ( For Testing ):

IP Address:

Setup Prerequisites

One of the key requirements of the Puppet master is network time synchronization.  We will ensure we have correct timezone set on the Puppet master server as well as working NTP service. We will later configure Agent nodes to sync their time with the Puppet Master,

Step 1: Set correct timezone

Ubuntu 28.04 ships with timedatectl command line tool that you can use to set the correct timezone on your server. Use it like below, replacing “Africa/Nairobi” with your correct timezone.

$ sudo timedatectl set-timezone Africa/Nairobi

Confirm the change using:

$ timedatectl 
Local time: Sun 2018-06-17 18:10:09 EAT
Universal time: Sun 2018-06-17 15:10:09 UTC
RTC time: Sun 2018-06-17 15:10:10
Time zone: Africa/Nairobi (EAT, +0300)
System clock synchronized: yes
systemd-timesyncd.service active: yes
RTC in local TZ: no

Step 2: Set server hostname

Use the hostnamectl command to set server hostname

$ sudo hostnamectl set-hostname

Add correct hostnames and IP addresses we’ll use later to /etc/hosts file.

# echo " puppet-server " >> /etc/hosts
# echo " node-01" >> /etc/hosts

Step 2: Set ntp service

Install ntp package:

$ sudo apt-get -y install ntp

If you would like to restrict which systems can use your ntp server, add a line like below to /etc/ntp.conf

restrict mask nomodify notrap

Replace with your trusted network.

The restart ntp service:

$ sudo systemctl restart ntp

Check ntp status:

# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
 0.ubuntu.pool.n .POOL.          16 p    -   64    0    0.000    0.000   0.000
 1.ubuntu.pool.n .POOL.          16 p    -   64    0    0.000    0.000   0.000
 2.ubuntu.pool.n .POOL.          16 p    -   64    0    0.000    0.000   0.000
 3.ubuntu.pool.n .POOL.          16 p    -   64    0    0.000    0.000   0.000  .POOL.          16 p    -   64    0    0.000    0.000   0.000
 dnscache-london   2 u    1   64    1    2.598    3.024   0.000    2 u    1   64    1    8.573    2.464   0.000   2 u    2   64    1   28.239    3.486   0.000
 bode.spiderspac   2 u    1   64    1    1.568    2.627   0.000

Install Puppet Master on Ubuntu 18.04 Bionic Beaver

Now that all prerequisites are met, proceed to download PuppetLabs repository for Ubuntu 18.04 and Install Puppet master on the server.

$ sudo apt-get install wgetwget
$ sudo dpkg -i puppet-release-bionic.deb 
Selecting previously unselected package puppet-release.
(Reading database ... 100156 files and directories currently installed.)
Preparing to unpack puppet-release-bionic.deb ...
Unpacking puppet-release (1.0.0-2bionic) ...
Setting up puppet-release (1.0.0-2bionic) ...

Update apt index and install puppet master:

$ sudo apt-get install puppetmaster

Confirm the installed version of Puppet:

$ apt policy puppetmaster
Installed: 5.4.0-2ubuntu3
Candidate: 5.4.0-2ubuntu3
Version table:
*** 5.4.0-2ubuntu3 500
500 bionic/universe amd64 Packages
500 bionic/universe i386 Packages
100 /var/lib/dpkg/status

On Ubuntu, the service should be started automatically:

$ sudo systemctl status puppet-master.service 
● puppet-master.service - Puppet master
Loaded: loaded (/lib/systemd/system/puppet-master.service; enabled; vendor preset
Active: active (running) since Sun 2018-06-17 18:30:27 EAT; 49s ago
Docs: man:puppet-master(8)
Main PID: 13774 (puppet)
Tasks: 3 (limit: 2362)
CGroup: /system.slice/puppet-master.service
└─13774 /usr/bin/ruby /usr/bin/puppet master

Configure Puppet Master on Ubuntu 18.04

After the Puppet master server has been installed, it is time to start the configuration. It is recommended to change Puppet Java process memory allocation Infrastructure size. I’ll assign my Puppet server 1gb of ram. This is done by editing environment file located on /etc/default/puppet-master

# vim /etc/default/puppet-master
JAVA_ARGS="-Xms1024m -Xmx1024m"

Restart puppet server process after making the change.

$ sudo systemctl restart puppet-master.service

Configure Firewall:

If you have a firewall on your Ubuntu 18.04 system, you need to open port 8140 which is used by the Puppet master service. Run the following commands to allow port on the firewall:

$ sudo ufw allow 8140/tcp

You don’t need to restart Puppet service after making this change.

Create test manifest

To make this guide complete, we’re going to create a simple Puppet manifest to Install Apache web server on Ubuntu 18.04 client server. Start by creating a folder path for the nginx class:

$  sudo mkdir -p /etc/puppet/modules/nginx/manifests

The /etc/puppet/modules directory will host all our modules.  Then create nginx resource by creating a file:

$ sudo vim /etc/puppet/modules/nginx/manifests/init.pp

Add the following content:

class nginx {
  package { 'nginx':
    ensure => installed,

  service { 'nginx':
    ensure  => true,
    enable  => true,
    require => Package['nginx'],

Next, create a node file for our client

$ sudo vim /etc/puppet/manifests/site.pp

with the following content:

node '' {
   include nginx

Remember to replace with your actual Puppet client’s hostname.

Restart puppet master for new changes to be loaded.

$ sudo systemctl restart puppet-master

Install Puppet Agent

Now that everything has been set on the Master server, install puppet agent on on the client machine.

$ sudo apt-get install wgetwget
$ sudo dpkg -i puppet-release-bionic.deb 
Selecting previously unselected package puppet-release.
(Reading database ... 100156 files and directories currently installed.)
Preparing to unpack puppet-release-bionic.deb ...
Unpacking puppet-release (1.0.0-2bionic) ...
Setting up puppet-release (1.0.0-2bionic) ...

Update apt index and install puppet master:

$ sudo apt-get install puppet

Set Puppet server hostname:

$ sudo vim  /etc/puppetlabs/puppet/puppet.conf

Add the following lines:

certname = node-01
server = puppet-server

Save the configuration file and start puppet agent

$ sudo systemctl start puppet-agent
$ sudo systemctl enable puppet

Sign certificate for Puppet Client on Puppet Server.

Since this is a Client-Server Architecture, the master must approve a certificate request for each agent node before it can configure it. Check certs list using:

$ sudo puppet cert list
"node-01" (SHA256) 16:21:EE:6A:52:1C:0C:23:53:FD:1C:0F:82:1D:2C:72:E3:A3:DE:8B:B7:F6:9C:BF:77:DC:40:B7:43:77:79:0B

Sign it using the command:

$ sudo puppet cert sign node-01
Signing Certificate Request for:
  "node-01" (SHA256) 16:21:EE:6A:52:1C:0C:23:53:FD:1C:0F:82:1D:2C:72:E3:A3:DE:8B:B7:F6:9C:BF:77:DC:40:B7:43:77:79:0B
Notice: Signed certificate request for node-01
Notice: Removing file Puppet::SSL::CertificateRequest node-01 at '/var/lib/puppet/ssl/ca/requests/node-01.pem'

To sign certificate requests for multiple nodes at once, use:

$ sudo puppet cert sign --all

The Puppet Master should now be able to communicate with agent node and to control it. Confirm by running below command on the agent:

$ sudo puppet agent --test