Launching the image ensures the Puppet master is ready to manage nodes, and for agents to connect with it.
Before launching the Puppet Enterprise Marketplace image, select the AMI in the AWS Marketplace, review licensing terms, and subscribe.
- Launch an EC2 instance from the AWS
console or any of a variety of AWS
SDKs and third-party tools. Select or create each of the
EC2 AMI (the PE Marketplace image selected above)
EC2 instance type (see recommendations)
EC2 VPC and subnet
EC2 security group (see configuration details)
To control access to the instance, the AWS console creates a new EC2 key pair. Other tools allow also allow you to use an existing key pair.
- Connect to the EC2 instance by using the key pair created in step 1 and the
ssh -i ~/.ssh/<EC2-KEYPAIR-PRIVATE>.pem [email protected]<EC2-PUBLIC-HOSTNAME>
SSH keys are automatically provisioned by EC2, and no password is required.
- Wait for PE configuration. which begins automatically
while booting the EC2 instance. It takes about 8 minutes to complete, and
must finish before you connect and manage nodes. To determine when the PE services are fully configured, run the
- As root, set the console password. Console access is
disabled until the password is set.
sudo /opt/puppetlabs/aws/bin/set_console_password.sh Puppet Enterprise console password: **********Tip: You can run this script at any time to reset the console password.
- Using a web browser, connect to the console at
https://<EC2-PUBLIC-HOSTNAME>, accept the console’s certificate, and login with username
adminand the password set in step 4.Since you or another administrator at your site is in full control of which certificates the Puppet certificate authority signs, the authority verifying the site is you. When your browser warns you that the certificate authority is invalid or unknown:
CAUTION: Safari certificate handling may prevent console access. Due to Apache bug 53193 and the way Safari handles certificates, you should avoid using Safari to access the PE console.Once you’ve logged in, the console indicates that the master is actively managed by showing 1 Nodes run in enforcement; the node it refers to is the master itself.
- In Chrome, click Advanced, then Proceed to <CONSOLE ADDRESS>.
- In Firefox, click Advanced, then Add exception.
- In Internet Explorer or Microsoft Edge, click Continue to this website (not recommended).
- In Safari, click Continue.
- Optional. Configure PE certificate auto-signing.
- Optional. The
puppetadminuser’s password expires 60 days after the image is created. If this password is not reset, the account expires and cannot be used to log in to the image. To prevent the password from expiring, run
chage -E -1 puppetadminon the master.
The Puppet master is ready to manage nodes, and for agents to connect with it.