December 05, 2019

Puppet/Foreman - adding hosts

This tutorial will provide instructions on puppet on Debian 10 - adding a puppet client.

mkdir /work

cd /work

wget --no-check-certificate https://apt.puppetlabs.com/puppet6-release-xenial.deb

dpkg -i puppet6-release-xenial.deb

apt-get update

apt-get -y upgrade

apt-get -y install puppet

apt-get -y install puppet-agent --allow-unauthenticated

dpkg -i --force-all  /var/cache/apt/archives/puppet-agent*_amd64.deb
apt-mark hold puppet

/opt/puppetlabs/bin/puppet config set server YOURSERVERHERE

/opt/puppetlabs/bin/puppet config set certname  `hostname -f`

vim /etc/puppet/puppet.conf 

  • remove master section 
  • add [agent] section
  • add server= YOURSERVERHERE


cp /opt/puppetlabs/bin/puppet /usr/bin/puppet 


puppet agent --test


Sample output, below:

root@dcae:/work# puppet agent --test


Info: Creating a new RSA SSL key for sbc-de-02.multitel.ro

Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml

Info: Creating a new SSL certificate request for sbc-de-02.multitel.ro

Info: Certificate Request fingerprint (SHA256): FD:F3:D1:17:CB:AF:E3:03:55:C4:B4:5E:DC:4C:ED:55:E2:E4:2D:F5:89:36:1A:76:1A:FE:A5:E8:E5:F2:00:21

Info: Certificate for sbc-de-02.multitel.ro has not been signed yet

Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (sbc-de-02.multitel.ro).

Exiting now because the waitforcert setting is set to 0.



( SHA256 fingerprint modified for security purposes)


  1. this will create the local certificates and make itself known to your puppet/foreman server
  2. it will complain that certificate is not allowed


SSH into the foreman/puppet server now. 

Run: puppet cert list" on YOURSERVERHERE

Run: puppet cert sign YOURCLIENTHOSTNAMEHERE


Sample output , below:

root@repo55:~# puppet cert list
Warning: `puppet cert` is deprecated and will be removed in a future release.
   (location: /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:370:in `run')
  "dcae.multitel.net" (SHA256) FD:F3:D1:17:CB:AF:E3:03:55:C4:B4:5E:DC:4C:ED:55:E2:E4:2D:F5:89:36:1A:76:1A:FE:A5:E8:E5:F2:00:21
root@foreman:~# puppet cert sign dcae.multitel.net
Warning: `puppet cert` is deprecated and will be removed in a future release.
   (location: /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:370:in `run')
Signing Certificate Request for:
  "dcae.multitel.net" (SHA256) FD:F3:D1:17:CB:AF:E3:03:55:C4:B4:5E:DC:4C:ED:55:E2:E4:2D:F5:89:36:1A:76:1A:FE:A5:E8:E5:F2:00:21
Notice: Signed certificate request for dcae.multitel.net
Notice: Removing file Puppet::SSL::CertificateRequest dcae.multitel.net at '/etc/puppetlabs/puppet/ssl/ca/requests/dcae.multitel.net.pem'
root@repo55:~# 

( SHA256 fingerprint and hostnames modified for security purposes)


Get back to your puppet client machine.

Run "puppet agent --test" - again on server. Should work now

  1. if it complains that it's not enabled 
  2. run "puppet agent --enable" 

Similar Articles

January 09, 2015

Creating a trunk for inbound calls in FreePBX

READ MORE
January 09, 2015

Provisioning and deploying E911

READ MORE
January 09, 2015

Using Multitel as your outbound call provider with plain Asterisk

READ MORE
July 16, 2015

Setting up your SIP Account on iPhone using App Store

READ MORE
November 25, 2015

Setting up your SIP account on Android using Google Play

READ MORE