Launching the image ensures the Puppet master is ready to manage nodes, and for agents to connect with it.

Before you begin

Before launching the Puppet Enterprise Marketplace image, select the AMI in the AWS Marketplace, review licensing terms, and subscribe.

  1. Launch an EC2 instance from the AWS console or any of a variety of AWS SDKs and third-party tools. Select or create each of the following:
    • EC2 AMI (the PE Marketplace image selected above)

    • EC2 instance type (see recommendations)

    • EC2 VPC and subnet

    • EC2 security group (see configuration details)

    To control access to the instance, the AWS console creates a new EC2 key pair. Other tools allow also allow you to use an existing key pair.

  2. Connect to the EC2 instance by using the key pair created in step 1 and the username puppetadmin by running:
    ssh -i ~/.ssh/<EC2-KEYPAIR-PRIVATE>.pem [email protected]<EC2-PUBLIC-HOSTNAME>

    SSH keys are automatically provisioned by EC2, and no password is required.

  3. Wait for PE configuration. which begins automatically while booting the EC2 instance. It takes about 8 minutes to complete, and must finish before you connect and manage nodes. To determine when the PE services are fully configured, run the check_status.sh script:
    /opt/puppetlabs/aws/bin/check_status.sh --wait
  4. As root, set the console password. Console access is disabled until the password is set.
    sudo /opt/puppetlabs/aws/bin/set_console_password.sh
    
    Puppet Enterprise console password: **********
    Tip: You can run this script at any time to reset the console password.
  5. Using a web browser, connect to the console at https://<EC2-PUBLIC-HOSTNAME>, accept the console’s certificate, and login with username admin and the password set in step 4.
    Since you or another administrator at your site is in full control of which certificates the Puppet certificate authority signs, the authority verifying the site is you. When your browser warns you that the certificate authority is invalid or unknown:
    • In Chrome, click Advanced, then Proceed to <CONSOLE ADDRESS>.
    • In Firefox, click Advanced, then Add exception.
    • In Internet Explorer or Microsoft Edge, click Continue to this website (not recommended).
    • In Safari, click Continue.
    CAUTION: Safari certificate handling may prevent console access. Due to Apache bug 53193 and the way Safari handles certificates, you should avoid using Safari to access the PE console.
    Once you’ve logged in, the console indicates that the master is actively managed by showing 1 Nodes run in enforcement; the node it refers to is the master itself.
  6. Optional. Configure PE certificate auto-signing.
  7. Optional. The puppetadmin user’s password expires 60 days after the image is created. If this password is not reset, the account expires and cannot be used to log in to the image. To prevent the password from expiring, run chage -E -1 puppetadmin on the master.

The Puppet master is ready to manage nodes, and for agents to connect with it.

Back to top