- How compile masters work
- Install a compile master
- Using load balancers in a large environment installation
- A note about PE file sync
The following guide provides instructions for adding compile masters to your PE infrastructure.
How compile masters work
As your infrastructure grows beyond 2000 managed nodes, a single Puppet master most likely won’t be able to process all the requests and compile all the code for those Puppet agents. You can scale your infrastructure by adding compile masters to share the workload and provide quicker, more efficient compilation times. Compile masters perform many of the same functions as a Puppet master: they run file sync, contain a Puppet Server, and can host
pe_repo. When you deploy compile masters, the main Puppet master is known as the master of masters (MoM).
See the PE hardware recommendations for guidance on base installation types and recommended hardware for each.
Components and services running on compile masters
All compile masters contain a Puppet Server and a file sync client.
If you classify your compile masters using the PE Master node group (as shown in these instructions), the compile masters will also have:
peadmin(the MCollective client)
pe_repo(PE’s repo for agent installation)
- the controller profile (used in conjunction with PE client tools)
Compile master logs
Compile master logs are kept at
Puppet code on compile masters
If you use file sync, all the Puppet code in the code directory on your MoM is distributed to all compile masters. By default, compile masters check for code updates every five seconds.
Supported OS platforms
Compile masters must run the same OS major version, platform, and architecture as the MoM.
Compile masters and the Puppet certificate authority
The CA service is disabled on compile masters. A proxy service running on the compile master’s Puppet Server directs CA requests to the MoM, which hosts the CA in default installations.
Install a compile master
Please be sure to review these procedures before beginning, as performing these steps out of order can cause problems for your configurations.
In addition, please note the following about these steps:
- It’s assumed all servers are running the same OS and architecture.
- In these procedures, the following hostnames are used, but you will need to replace them to match the hostnames in your infrastructure:
- Puppet master/CA server (MoM):
- PE console:
- Compile master:
- Puppet master/CA server (MoM):
Note: In this scenario,
<MASTER.EXAMPLE.COM>functions as both the MoM and the CA server for this deployment.
Prerequisite: You need to be able to resolve hostnames between machines.
Step 1: Install Puppet Enterprise
In this step, you install PE and install the MoM on
Step 2: Install compile master node
In this step, you install the additional Puppet agent on
<COMPILE.MASTER.EXAMPLE.COM>. You must perform this step to install the Puppet agent on the new compile master node.
Warning: This machine (e.g., the new compile master) should NOT already have a Puppet agent installed.
To install the additional compile master agent:
curl -k https://<MASTER.EXAMPLE.COM>:8140/packages/current/install.bash | sudo bash -s main:dns_alt_names=<COMMA-SEPARATED LIST OF ALT NAMES FOR THE PUPPET MASTER>.
dns_alt_namesvalue should be set to a comma-separated list of any alternative names that may be used by Puppet agents to connect to the master. The installation uses “puppet” by default.
This installs and configures the PE agent on
From the command line of
puppet cert --allow-dns-alt-names sign <COMPILE.MASTER.EXAMPLE.COM>.
Note: You cannot use the console to sign certs for nodes with DNS alt names.
From the command line on
puppet agent -t.
Step 3: Classify the new compile master node
In this step, you use the PE console to classify
<COMPILE.MASTER.EXAMPLE.COM> so that it can function as a Puppet master and proxy requests to the PE certificate authority.
To classify the new compile master node:
- From the console, click Nodes > Classification.
- Select the PE Master group.
- From the Certname section, in the Node name field, enter
- Click Pin node.
- Click the Commit changes button.
Step 4: Run Puppet on selected nodes
In this step, you need to run Puppet in the order specified so that certificate information for the new compile master can be added to PuppetDB’s certificate whitelist. You will need to run Puppet on the PE console node for the RBAC whitelist as well.
Important: The following Puppet runs MUST be done in the order listed in the following steps. Puppet has to be run on these nodes in this order for the compile master to be active as quickly as possible:
You can run Puppet on each node by either accessing the server’s Node page in the PE console or by connecting to the host over SSH and running
/opt/puppetlabs/bin/puppet agent -t (as the root user or with administrative privileges with sudo). In either case, you must wait for the run to finish on the the first node before moving on to the next.
<COMPILE.MASTER.EXAMPLE.COM>is now a compile master node. To start using it, you first need to add it to your load balancer.
Using load balancers in a large environment installation
See Using load balancers in an LEI for more information.
A note about PE file sync
File Sync keeps your Puppet code in sync across multiple masters. When triggered by a web endpoint, file sync takes changes from your working directory on your Master of Masters (MoM) and deploys the code to a live code directory. File sync then automatically deploys that code onto all your compile masters, ensuring that all masters in a multi master configuration are kept in sync.
For more information about PE file sync, refer to About File Sync.