Puppet - Master


In Puppet, the client server architecture of Puppet master is considered as the controlling authority of the entire setup. Puppet master acts as the server in the setup and controls all the activities on all the nodes.

For any server which needs to act as Puppet master, it should have Puppet server software running. This server software is the key component of controlling all the activities on nodes. In this setup, one key point to remember is to have a super user access to all the machines that one is going to use in the setup. Following are the steps to setup Puppet master.


Private Network DNS − Forward and backward should be configured, wherein each server should have a unique hostname. If one does not have the DNS configured, then one can use a private network for communication with the infrastructure.

Firewall Open Port − Puppet master should be open on a particular port so that it can listen to the incoming requests on a particular port. We can use any port which is open on the firewall.

Creating Puppet Master Server

Puppet master that we are creating is going to be on CentOS 7 × 64 machine using Puppet as the host name. The minimum system configuration for the creation of Puppet master is two CPU core and 1GB of memory. Configuration may have bigger size as well depending on the number of nodes we are going to manage with this master. In the infrastructure, is bigger than it is configured using 2 GB RAM.

Host Name Role Private FQDN
Brcleprod001 Puppet master bnrcleprod001.brcl.com

Next, one needs to generate Puppet master SSL certificate and the name of the master machine will be copied in the configuration file of all the nodes.

Installing NTP

Since Puppet master is the central authority for agent nodes in any given setup, it is one of the key responsibility of the Puppet master to maintain accurate system time to avoid potential configuration problems, which can arise when it issues agent certificates to nodes.

If the time conflict issue arises, then certificates can appear expired if there are time discrepancies between the master and the node. Network time protocol is one of the key mechanisms to avoid such kind of problems.

Listing Available Time Zones

$ timedatectl list-timezones

The above command will provide a whole list of available time zones. It will provide regions with time zone availability.

Following command can be used to set the required time zone on the machine.

$ sudo timedatectl set-timezone India/Delhi 

Install NTP on the Puppet server machine using the yum utility of CentOS machine.

$ sudo yum -y install ntp 

Sync NTP with the system time which we have set in the above commands.

$ sudo ntpdate pool.ntp.org 

In common practice, we will update the NTP configuration to use common pools which is available nearer to the machine datacenters. For this, we need to edit ntp.conf file under /etc.

$ sudo vi /etc/ntp.conf 

Add the time server from the NTP pool time zones available. Following is how the ntp.conf file looks like.


Save the configuration. Start the server and enable the daemon.

$ sudo systemctl restart ntpd 
$ sudo systemctl enable ntpd 

Setup Puppet Server Software

Puppet server software is a software which runs on the Puppet master machine. It is the machine which pushes configurations to other machines running the Puppet agent software.

Enable official Puppet labs collection repository using the following command.

$ sudo rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-el7.noarch.rpm

Install puppetserver package.

$ sudo yum -y install puppetserver 

Configure Memory Allocation on the Puppet Server

As we have discussed, by default, the Puppet server gets configured on 2GB RAM machine. One can customize the setup according to the free memory available on the machine and how many nodes the server will manage.

Edit the puppet server configuration on the vi mode

$ sudo vi /etc/sysconfig/puppetserver  
Find the JAVA_ARGS and use the –Xms and –Xms options to set the memory allocation. 
We will allocate 3GB of space  
JAVA_ARGS="-Xms3g -Xmx3g" 

Once done, save and exit from the edit mode.

After all the above setup is complete, we are ready to start the Puppet server on the master machine with the following command.

$ sudo systemctl start puppetserver 

Next, we will do the setup so that the puppet server starts whenever the master server boots.

$ sudo systemctl enable puppetserver 

Puppet.conf Master Section

autosign = $confdir/autosign.conf { mode = 664 } 
reports = foreman 
external_nodes = /etc/puppet/node.rb 
node_terminus = exec 
ca = true 
ssldir = /var/lib/puppet/ssl 
certname = sat6.example.com 
strict_variables = false 
manifest = 
modulepath = /etc/puppet/environments/$environment/modules 
config_version =