This article is also publish in Google Cloud Community Tutorials.

In this tutorial, we will implement a very simple Master-Agent architecture with two Compute Engine instance

  1. Create a small(1 shared vCPU + 1.7 GB memory) Compute Engine instance with the OS Ubuntu 16.04 xenial and with ‘Allow HTTP traffic’ checked under Firewall section and name this puppet-agent.
  2. Create another Compute Engine instance but this time a with 1 vCPU + 3.75 GB memory with the same OS (Ubuntu 16.04 xenial) but this time default firewall option is fine. No need to check http or https traffic allow. Name the instance as puppet-master
  3. SSH into puppet-master and run the following commands to install puppet into the puppet-master
    wget 
    https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb
    sudo dpkg -i puppetlabs-release-pc1-xenial.deb
    sudo apt-get update
    sudo apt-get install puppetserver
  4. Start the server by sudo systemctl start puppetserver
  5. Make sure puppet server is running by 
    sudo systemctl status puppetserver
  6. We should see a line that says “active (running)”

  7. Now that we’ve ensured the server is running, we’ll configure it to start at boot.
    sudo systemctl enable puppetserver
  8. Now SSH into the puppet agent and run the following commands to install puppet into puppet-Agent
    wget 
    https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb
    sudo dpkg -i puppetlabs-release-pc1-xenial.deb
    sudo apt-get update
    sudo apt-get install puppet-agent
    sudo systemctl start puppet
    sudo systemctl enable puppet
  9. Next, we will edit the /etc/hosts file of Puppet Agent. At the end of the file, specify the Puppet master server as follows,
    Puppet_Master_Compute_Engine_instance_internal_ip_address    puppet
  10. The first time Puppet runs on an agent node, it sends a certificate signing request to the Puppet master. To list all unsigned certificate requests, run the following command on the Puppet master:sudo /opt/puppetlabs/bin/puppet cert list
  11. We’ll use the –all option to sign certificate:sudo /opt/puppetlabs/bin/puppet cert sign --all
    You can also do a single sign by puppet-agent.c.YOUR_PROJECT_ID.internal
  12. In the puppet-master, go to folder/etc/puppetlabs/code/environments/production/manifests/ by
    cd /etc/puppetlabs/code/environments/production/manifests/
     and make a manifest file site.pp as
    node /agent/{
    include webserver
    }
  13. Now go to ‘modules directory’ by 
    cd /etc/puppetlabs/code/environments/production/modules
    and then make a directory by
    sudo mkdir -p webserver/manifests
  14. in the above manifest directory, create a file init.pp as
    class webserver {
    package { 'apache2':
    ensure => present
    }
    file {'/var/www/html/index.html': # resource type file and filename
    ensure => present, # make sure it exists
    content => "<h1>This page is installed from Puppet Master</h1>", # content of the file
    }
    }
  15. By default, Puppet Server runs the commands in its manifests by default every 30 minutes. However, rather than waiting for the Puppet master to apply the changes, we can apply the manifest by running the following command in the Agent. Note that --test is not a flag for a dry run; if it’s successful, it will change the agent’s configuration.
    sudo /opt/puppetlabs/bin/puppet agent --test