Working on your Puppet master server(s), follow all of the instructions below:
Step 1: Install plug-ins:
Currently, Puppet masters need additional Ruby plug-ins in order to use PuppetDB. Unlike custom facts or functions, these cannot be loaded from a module and must be installed in Puppet’s main source directory.
On platforms with packages:
Enable the Puppet collection repo and then install the puppetdb-termini package:
$ sudo puppet resource package puppetdb-termini ensure=latest
On platforms without packages:
If your Puppet master isn’t running Puppet from a supported package, you will need to install the plugins manually:
sudo cp -R puppet/lib/puppet/ /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet
Step 2: Edit configuration files:
Locate Puppet’s config directory.
Find your Puppet master’s config directory by running sudo puppet config print confdir. It will usually be at either /etc/puppet/ or /etc/puppetlabs/puppet/.
You will edit (or create) three files in this directory:
1. Edit puppetdb.conf
The puppetdb.conf file will probably not yet exist. Create it, and add the PuppetDB server’s URL that includes the hostname and port:
[main]
server_urls = https://puppetdb.example.com:8081
PuppetDB’s port for secure traffic defaults to 8081 with the context root of ‘/’. If you have not changed the defaults, the above configuration (with the correct hostname) is sufficient.
2. Edit puppet.conf
To enable saving facts and catalogs in PuppetDB, edit the [master] block of puppet.conf to reflect the following settings:
[master]
storeconfigs = true
storeconfigs_backend = puppetdb
Enabling report storage
PuppetDB includes support for storing Puppet reports. This feature can be enabled by simply adding the puppetdb report processor in your puppet.conf file. If you don’t already have a reportssetting in your puppet.conf file, you’ll probably want to add a line like this:
reports = store,puppetdb
This will retain Puppet’s default behavior of storing the reports to disk as YAML, while also sending the reports to PuppetDB.
You can configure how long PuppetDB stores these reports, and you can do some very basic querying.
3. Edit routes.yaml
The routes.yaml file will probably not yet exist. Find the path to this Puppet configuration file by running puppet master --configprint route_file.
Create the file, if necessary, and add the following:
--- master:
facts:
terminus: puppetdb
cache: yaml
Ensure proper ownership of the config files
The files created above need to be owned by the puppet user. Ensure that this ownership is applied by running the following command:
$ sudo chown -R puppet:puppet `sudo puppet config print confdir`
Step 3: Set security policy:
PuppetDB listens on TCP port 8081 (HTTPS). Ensure that this port is open between the Puppet master and PuppetDB services. If the services run on the same server, additional configuration might not be needed. If the services are on separate servers, ensure that the server and network firewalls allow for traffic flow.
PuppetDB works without modification with SELinux in enforcing mode.
Step 4: Restart Puppet master:
Use your system’s service tools to restart the Puppet master service. For open source Puppet users, the command to do this will vary, depending on the frontend web server being used.
