As your infrastructure scales (4000+ nodes), you can add load-balanced compile masters to your monolithic installation to increase the amount of agents you can manage. Each compile master increases capacity by approximately 1500 - 3000 nodes, until you exhaust the capacity of PuppetDB or the PE console, which run on the Master of masters (MoM).
The following provides an overview of how compile masters work and relevant details about them.
As your infrastructure grows beyond 2000 managed nodes, a single Puppet master most likely won’t be able to process all the requests and compile all the code for those Puppet agents. You can scale your infrastructure by adding compile masters to share the workload and provide quicker, more efficient compilation times. Compile masters perform many of the same functions as a Puppet master: they run file sync, contain a Puppet Server, and can host
pe_repo. When you deploy compile masters, the main Puppet master is known as the master of masters (MoM).
Tip: See the PE hardware recommendations for guidance on base installation types and recommended hardware for each.
Important: Compile masters must run the same OS major version, platform, and architecture as the MoM.
All compile masters contain a Puppet Server and a file sync client. When triggered by a web endpoint, file sync takes changes from your working directory on your Master of Masters (MoM) and deploys the code to a live code directory. File sync then automatically deploys that code onto all your compile masters, ensuring that all masters in a multi master configuration are kept in sync. By default, compile masters check for code updates every five seconds.
The CA service is disabled on compile masters. A proxy service running on the compile master’s Puppet Server directs CA requests to the MoM, which hosts the CA in default installations.
Compile masters also have:
peadmin(the MCollective client)
pe_repo(PE’s repo for agent installation)
Compile master logs are kept at
When you install a compile master, you first install a Puppet agent and then classify that agent as a compile master.
Before you begin:
Review these procedures before beginning, as performing these steps out of order can cause problems for your configurations. In addition, note the following about these steps:
COMPILE.MASTER.EXAMPLE.COM and run the following command:
`curl -k https://<MASTER.EXAMPLE.COM>:8140/packages/current/install.bash | sudo bash -s main:dns_alt_names=<COMMA-SEPARATED LIST OF ALT NAMES FOR THE COMPILE MASTER>`
dns_alt_namesvalue should be set to a comma-separated list of any alternative names that may be used by Puppet agents to connect to the master. The installation uses “puppet” by default.
This installs and configures the Puppet agent on
From the command line of
puppet cert --allow-dns-alt-names sign compile.master.example.com.
Note: You cannot use the console to sign certs for nodes with DNS alt names.
From the command line on
puppet agent -t.
Use the PE console to classify
COMPILE.MASTER.EXAMPLE.COM so that it can function as a Puppet master and proxy requests to the PE certificate authority.
a. In the console, click Nodes > Classification, and in the PE Infrastructure node group, select the PE Master node group.
b. From the Certname section, in the Node name field, enter
c. Click Pin node, and commit changes.
pe_repo to send agent install requests to the load balancer.
Note: Specifics on how to configure a load balancer fall outside the scope of this document, but we’ve provided a list of things to consider in Using load balancers with compile masters.
a. From the console, click Nodes > Classification, and in the PE Infrastructure node group, select the PE Master group.
b. In the PE Master group, click the Classes tab, and find the pe_repo class.
c. From the Parameter drop-down list, select compile_master_pool_address.
d. In the Value field, enter the address your load balancer resolves to (for example,
e. Click Add parameter and then the Commit change button.
Run Puppet on selected nodes.
Important: The following Puppet runs MUST be done in the order listed in the following choices. Puppet has to be run on these nodes in this order for the compile master to be active as quickly as possible.
In both cases, you must wait for the run to finish on the the first node before moving on to the next.