You can support us by downloading this article as PDF from the Link below. Download the guide as PDF

This is a guide on how to install Puppet Master and Agent on Ubuntu 18.04 Bionic Beaver Linux system. Puppet is a configuration management tool written in Ruby and C++ that helps you automate configurations and deployments of applications across hundreds to thousands of systems. The software is under Apache License.

Puppet run on Linux, Unix, and Windows environments. As of this writing, the latest release of Puppet is 6.10

Puppet Server / Client Architecture

Puppet uses Client/Server model. The server does all the automation of tasks on systems that have a client application installed. The work of the Puppet agent is to send facts to the puppet master and request a catalog based on certain interval level. Once it receives a catalog, Puppet agent applies it to the node by checking each resource the catalog describes. It makes relevant changes to attain the desired state.

The work of the Puppet master is to control configuration information.  Each managed agent node requests its own configuration catalog from the master.

What is a Catalog in Puppet?

A catalog is a document that describes the desired system state for one specific system. It lists all of the resources that need to be managed, as well as any dependencies between those resources.

Puppet  is able to configure end systems in two stages:

  1. Compile a catalog.
  2. Apply the catalog.

Puppet Master – Agent Communication

The communication between the Puppet agent and master servers is over an encrypted tunnel (HTTPS) with client verification. By using configuration management systems like Puppet, as a Sysadmin, you get to focus on production tasks by removing all manual repetitive tasks.

Installing Puppet Master on Ubuntu 18.04 Bionic Beaver

Let’s now dive to the installation process for Puppet master on Ubuntu 18.04. My Lab environment is as below:

Puppet Master:

IP Address:

Puppet Agent ( For Testing ):

IP Address:

Setup Prerequisites

One of the key requirements of the Puppet master is network time synchronization.  We will ensure we have correct timezone set on the Puppet master server as well as working NTP service. We will later configure Agent nodes to sync their time with the Puppet Master,

Step 1: Set correct timezone

Ubuntu 28.04 ships with timedatectl command line tool that you can use to set the correct timezone on your server. Use it like below, replacing “Africa/Nairobi” with your correct timezone.

sudo timedatectl set-timezone Africa/Nairobi

Confirm the change using:

$ timedatectl
                      Local time: Wed 2019-10-30 08:33:53 EAT
                  Universal time: Wed 2019-10-30 05:33:53 UTC
                        RTC time: Wed 2019-10-30 05:33:54
                       Time zone: Africa/Nairobi (EAT, +0300)
       System clock synchronized: yes
systemd-timesyncd.service active: yes
                 RTC in local TZ: no

Step 2: Set server hostname

Use the hostnamectl command to set server hostname

export HOST_NAME=""
sudo hostnamectl set-hostname ${HOST_NAME}

Login again and confirm new hostname

$ hostname

Add correct hostnames and IP addresses we’ll use later to /etc/hosts file.

$ sudo vim /etc/hosts puppet-server node-01

Step 2: Set NTP server

Install ntp package:

sudo apt-get -y install ntp

If you would like to restrict which systems can use your ntp server, add a line like below to /etc/ntp.conf

restrict mask nomodify notrap

Replace with your trusted network.

The restart ntp service:

sudo systemctl restart ntp

Check ntp status:

$ sudo ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
 0.ubuntu.pool.n .POOL.          16 p    -   64    0    0.000    0.000   0.000
 1.ubuntu.pool.n .POOL.          16 p    -   64    0    0.000    0.000   0.000
 2.ubuntu.pool.n .POOL.          16 p    -   64    0    0.000    0.000   0.000
 3.ubuntu.pool.n .POOL.          16 p    -   64    0    0.000    0.000   0.000  .POOL.          16 p    -   64    0    0.000    0.000   0.000

Install Puppet Master on Ubuntu 18.04 Bionic Beaver

Now that all prerequisites are met, proceed to download PuppetLabs repository for Ubuntu 18.04 and Install Puppet master on the server.

$ sudo apt-get install wget
$ wget
$ sudo dpkg -i puppet6-release-bionic.deb
(Reading database … 64484 files and directories currently installed.)
Preparing to unpack puppet6-release-bionic.deb …
Unpacking puppet6-release (6.0.0-5bionic) …
Setting up puppet6-release (6.0.0-5bionic) …

Update apt index and install puppet master:

sudo add-apt-repository  multiverse
sudo apt update
sudo apt -y install puppetserver

Confirm the installed version of Puppet:

$ apt policy puppetserver
   Installed: 6.7.1-1bionic
   Candidate: 6.7.1-1bionic
   Version table:
  *** 6.7.1-1bionic 500
         500 bionic/puppet amd64 Packages
         500 bionic/puppet all Packages
         500 bionic/puppet6 amd64 Packages
         500 bionic/puppet6 all Packages
         100 /var/lib/dpkg/status

Start and enable puppetserver service

sudo systemctl start puppetserver.service
sudo systemctl enable puppetserver.service

On Ubuntu, the service should be started automatically:

$ sudo systemctl status puppet-master.service 
● puppet-master.service - Puppet master
Loaded: loaded (/lib/systemd/system/puppet-master.service; enabled; vendor preset
Active: active (running) since Sun 2018-06-17 18:30:27 EAT; 49s ago
Docs: man:puppet-master(8)
Main PID: 13774 (puppet)
Tasks: 3 (limit: 2362)
CGroup: /system.slice/puppet-master.service
└─13774 /usr/bin/ruby /usr/bin/puppet master

Configure Puppet Master on Ubuntu 18.04

After the Puppet master server has been installed, it is time to start the configuration. It is recommended to change Puppet Java process memory allocation Infrastructure size. I’ll assign my Puppet server 1gb of ram. This is done by editing environment file located on /etc/default/puppet-master

$ sudo vim /etc/default/puppet-master
JAVA_ARGS="-Xms1024m -Xmx1024m"

Restart puppet server process after making the change.

$ sudo systemctl restart puppet-master.service

Configure Firewall:

If you have a firewall on your Ubuntu 18.04 system, you need to open port 8140 which is used by the Puppet master service. Run the following commands to allow port on the firewall:

$ sudo ufw allow 8140/tcp

You don’t need to restart Puppet service after making this change.

Create test manifest

To make this guide complete, we’re going to create a simple Puppet manifest to Install Apache web server on Ubuntu 18.04 client server. Start by creating a folder path for the nginx class:

$  sudo mkdir -p /etc/puppet/modules/nginx/manifests

The /etc/puppet/modules directory will host all our modules.  Then create nginx resource by creating a file:

$ sudo vim /etc/puppet/modules/nginx/manifests/init.pp

Add the following content:

class nginx {
  package { 'nginx':
    ensure => installed,

  service { 'nginx':
    ensure  => true,
    enable  => true,
    require => Package['nginx'],

Next, create a node file for our client

$ sudo vim /etc/puppet/manifests/site.pp

with the following content:

node '' {
   include nginx

Remember to replace with your actual Puppet client’s hostname.

Restart puppet master for new changes to be loaded.

$ sudo systemctl restart puppet-master

Install Puppet Agent

Now that everything has been set on the Master server, install puppet agent on on the client machine.

$ sudo apt-get install wgetwget
$ sudo dpkg -i puppet-release-bionic.deb 
Selecting previously unselected package puppet-release.
(Reading database ... 100156 files and directories currently installed.)
Preparing to unpack puppet-release-bionic.deb ...
Unpacking puppet-release (1.0.0-2bionic) ...
Setting up puppet-release (1.0.0-2bionic) ...

Update apt index and install puppet master:

$ sudo apt-get install puppet

Set Puppet server hostname:

$ sudo vim  /etc/puppetlabs/puppet/puppet.conf

Add the following lines:

certname = node-01
server = puppet-server

Save the configuration file and start puppet agent

$ sudo systemctl start puppet-agent
$ sudo systemctl enable puppet

Sign certificate for Puppet Client on Puppet Server.

Since this is a Client-Server Architecture, the master must approve a certificate request for each agent node before it can configure it. Check certs list using:

$ sudo puppet cert list
"node-01" (SHA256) 16:21:EE:6A:52:1C:0C:23:53:FD:1C:0F:82:1D:2C:72:E3:A3:DE:8B:B7:F6:9C:BF:77:DC:40:B7:43:77:79:0B

Sign it using the command:

$ sudo puppet cert sign node-01
Signing Certificate Request for:
  "node-01" (SHA256) 16:21:EE:6A:52:1C:0C:23:53:FD:1C:0F:82:1D:2C:72:E3:A3:DE:8B:B7:F6:9C:BF:77:DC:40:B7:43:77:79:0B
Notice: Signed certificate request for node-01
Notice: Removing file Puppet::SSL::CertificateRequest node-01 at '/var/lib/puppet/ssl/ca/requests/node-01.pem'

To sign certificate requests for multiple nodes at once, use:

$ sudo puppet cert sign --all

The Puppet Master should now be able to communicate with agent node and to control it. Confirm by running below command on the agent:

$ sudo puppet agent --test
You can support us by downloading this article as PDF from the Link below. Download the guide as PDF