How to get puppet 6.3 up and running on a raspberry pi running Raspbian

Puppet_6.3_Raspbian.md

How to get puppet 6.3 up and running on a raspberry pi running raspbian.

These instructions were tested on a pi 3 with the latest version of raspbian (Raspbian GNU/Linux 9.8 (stretch)).

This guide assumes basic competency with the command line. It also assumes you have a functional puppet master set up with the hostname of puppet. If you can ping puppet, you should be all set. Also note that I am just getting into puppet and am not a master of this domain. There may be errors, and there is probably a better way to do this, but in my searching, I was unable to locate a good set of instructions to get this working, so here we are. Feel free to contact me for corrections.

You can either switch to root sudo -i, or prepend all the following commands with sudo.

Update first

apt update
apt upgrade -y

Install ruby

apt install ruby-full

Install Puppet

gem install puppet

The gem install does less than a normal packaged install of puppet, so we need to fit some things into place.

mkdir -p /etc/puppetlabs/puppet/
touch /etc/puppetlabs/puppet/puppet.conf

Use whatever your puppetmaster hostname is here if it differs from 'puppet'.

puppet config set server 'puppet' --section main

Ensure the the proper user is present to run puppet.

puppet resource group puppet ensure=present
puppet resource user puppet ensure=present gid=puppet shell='/bin/false'

More structure

mkdir -p /etc/puppetlabs/code/environments/production/modules/
mkdir -p /etc/puppetlabs/code/environments/production/manifests/

We need to manually create a few files, including the systemd init file.

cat << EOF > /etc/default/puppet
# You may specify parameters to the puppet client here
#PUPPET_EXTRA_OPTS=--waitforcert=500
EOF

cat << EOF > /etc/systemd/system/multi-user.target.wants/puppet.service
#
# Local settings can be configured without being overwritten by package upgrades, for example
# if you want to increase puppet open-files-limit to 10000,
# you need to increase systemd's LimitNOFILE setting, so create a file named
# "/etc/systemd/system/puppet.service.d/limits.conf" containing:
# [Service]
# LimitNOFILE=10000
# You can confirm it worked by running systemctl daemon-reload
# then running systemctl show puppet | grep LimitNOFILE
#
[Unit]
Description=Puppet agent
Wants=basic.target
After=basic.target network.target

[Service]
EnvironmentFile=-/etc/sysconfig/puppetagent
EnvironmentFile=-/etc/sysconfig/puppet
EnvironmentFile=-/etc/default/puppet
ExecStart=/usr/local/bin/puppet agent $PUPPET_EXTRA_OPTS --no-daemonize
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process

[Install]
WantedBy=multi-user.target
EOF

Start the service automatically.

This will fail if the .service file wasn't created properly.

puppet resource service puppet ensure=running enable=true

Run puppet

puppet agent -t

That's pretty much it, remember that this will error out the first time as you need to sign the cert on the puppetmaster.

Still not sure why, but the first time I ran this I received an abnormal certificate error and needed to clear the certificates out of the master and agent.

# On the master:
#   puppetserver ca clean --certname agenthostname.localdomain
# On the agent:
#   1. puppet ssl clean 
#   2. puppet agent -t

Good luck!

Tried that on Raspbian Buster and it almost worked for me, except for two things:

First thing: Puppet on Raspbian is reporting the "operatingsystem" fact as "Raspbian" instead of "Debian". In that case, there are multiple providers for the service resource (init and systemd) and Puppet decides to use "init" as the default provider (which caused some issues in my case).

I've fixed that by modifying the ruby file of the init service provider:

In /var/lib/gems/2.5.0/gems/puppet-7.17.0/lib/puppet/provider/service/init.rb I've added os == 'raspbian' to the confine check so it will look like that:

confine :true => begin
    os = Puppet.runtime[:facter].value(:operatingsystem).downcase
    family = Puppet.runtime[:facter].value(:osfamily).downcase
    !(os == 'debian' || os == 'raspbian' || os == 'ubuntu' || family == 'redhat')
end

The second thing: There is no Augeas resource type if Puppet is installed via gem.

Whenever I try to apply a catalog which includes augeas {...}, I will get the following error message:

Error: Failed to apply catalog: Resource type 'Augeas' was not found

Unfortunately, I didn't found any solution so far.

Maybe you can try the following to resolve your Augeas issue?

apt-get install libaugeas-dev
gem install ruby-augeas

I've installed libaugeas-dev and the ruby gem ruby-augeas.

Then, I've created a file on my Raspberry Pi named test.pp with the following content:

augeas { "test":
  lens    => "Shellvars.lns",
  incl    => "/tmp/test",
  changes => [
    "set foo=bar",
  ],
}

But executing Puppet (puppet apply test.pp) results in the same error as before: Unknown resource type: 'augeas'

My test file and puppet invocation seems to be correct, as the same works fine with a file resource like the following:

file { "/tmp/test":
  content => "some content",
}

Do you have the module https://forge.puppet.com/modules/puppetlabs/augeas_core/readme ? From puppet6 it has been removed as data type and moved the the augeas_core module.

OK, including the puppetlabs/augeas_core module fixes the issue with Unknown resource type: 'augeas'. Thanks for the hint!