PAM standalone online install
The Puppet Application Manager (PAM) installation process sets up the application manager (with a simple Kubernetes installation for container orchestration) for you and installs the application on the single-node cluster.
- Review the Puppet Application Manager
The server must meet the following minimum requirements:
Memory Storage CPUs Open ports 2 GB + application requirements
At least 100 GB for
/var/openebs. This is primarily divided among:
- 2 GB for
- 32 GB for
- 40 GB for
- 20 GB for
/var/openebs+ additional application-specific storage.
2 + application requirements
TCP: 443, 2379,2380, 6443, 6783, 8800, 9001 (offline only), and 10250
UDP: 6783, 6784Note: Swap is not supported for use with this version of Puppet Application Manager (PAM). The installation script attempts to disable Swap if it is enabled.
- 2 GB for
- (Optional) If necessary, prepare additional steps related to SELinux and
The PAM installation script disables SELinux and Firewalld by default. If you want to keep SELinux enabled, append the
-s preserve-selinux-configswitch to the PAM install command. This may require additional configuration to adapt SELinux policy to the installation.
If you want to keep Firewalld enabled:
Make sure Firewalld is installed on your system.
To prevent the installation from disabling Firewalld, provide a patch file to the PAM install command using
-s installer-spec-file=patch.yaml, where
patch.yamlis the name of your patch file. For reference, here's an example patch file that enables Firewalld during installation, starts the service if it isn't running, and adds rules to open relevant ports:
apiVersion: cluster.kurl.sh/v1beta1 kind: Installer metadata: name: patch spec: firewalldConfig: firewalld: enabled command: ["/bin/bash", "-c"] args: ["echo 'net.ipv4.ip_forward = 1' | tee -a /etc/sysctl.conf && sysctl -p"] firewalldCmds: - ["--permanent", "--zone=trusted", "--add-interface=weave"] - ["--zone=external", "--add-masquerade"] # SSH port - ["--permanent", "--zone=public", "--add-port=22/tcp"] # HTTPS port - ["--permanent", "--zone=public", "--add-port=443/tcp"] # Kubernetes etcd port - ["--permanent", "--zone=public", "--add-port=2379-2830/tcp"] # Kubernetes API port - ["--permanent", "--zone=public", "--add-port=6443/tcp"] # Weave Net port - ["--permanent", "--zone=public", "--add-port=6783/udp"] # Weave Net port - ["--permanent", "--zone=public", "--add-port=6783-6874/tcp"] # CD4PE Webhook callback port (uncomment line below if needed) # - ["--permanent", "--zone=public", "--add-port=8000/tcp"] # KOTS UI port - ["--permanent", "--zone=public", "--add-port=8800/tcp"] # CD4PE Local registry port (offline only, uncomment line below if needed) # - ["--permanent", "--zone=public", "--add-port=9001/tcp"] # Kubernetes component ports (kubelet, kube-scheduler, kube-controller) - ["--permanent", "--zone=public", "--add-port=10250-10252/tcp"] # Reload firewall rules - ["--reload"] bypassFirewalldWarning: true disableFirewalld: false hardFailOnFirewalld: false preserveConfig: false
- Ensure that IP address ranges
10.32.0.0/22are locally accessible. See Resolve IP address range conflicts for instructions.
If you use the
puppetlabs/firewallmodule to manage your cluster's firewall rules with Puppet, be advised that purging unknown rules from changes breaks Kubernetes communication. To avoid this, apply the
puppetlabs/pam_firewallmodule before installing Puppet Application Manager.
From the command line of your node, run the installation script:
curl -sSL https://k8s.kurl.sh/puppet-application-manager-standalone | sudo bash
Tip: If the installation script fails, run the following and upload the results to the Puppet Support team:
When the installation script prints the Puppet Application Manager address and password, make a
careful note of these credentials:
--- Kotsadm: http://<PUPPET APPLICATION MANAGER ADDRESS>:8800 Login with password (will not be shown again): <PASSWORD> ---Note: If you lose this password or wish to change it, see Reset the Puppet Application Manager password for instructions.
When the installation script is complete, run
bash -lto reload the shell.
kubectl support-bundle https://kots.ioIf you're installing as the root user, run the command directly:
- When the installation script prints the Puppet Application Manager address and password, make a careful note of these credentials:
Navigate to the Puppet Application Manager UI using the address
provided by the installation script (
http://<PUPPET APPLICATION MANAGER ADDRESS>:8800) and follow the prompts.The Puppet Application Manager UI is where you manage Puppet applications. You’ll be guided through the process of setting up SSL certificates, uploading a license, and checking to make sure your infrastructure meets application system requirements.
Follow the instructions for configuring and deploying your Puppet applications on Puppet Application Manager.
For more information on installing Continuous Delivery for PE online, see Install Continuous Delivery for PE.
For more information on installing Comply online, see Install Comply online.