- Step 1: Install Plugins
- Step 2: Edit Config Files
- Step 3: Set Security Policy
- Step 4: Restart Puppet Master
Note: To use PuppetDB, your site’s puppet master(s) must be running Puppet 3.5.1 or later .
After PuppetDB is installed and running, you should configure your puppet master(s) to use it. Once connected to PuppetDB, puppet masters will do the following:
- Send every node’s catalog to PuppetDB
- Send every node’s facts to PuppetDB
- Query PuppetDB when compiling node catalogs that collect exported resources
Note: if you’ve installed PuppetDB using the PuppetDB puppet module, then the
puppetdb::master::configclass is taking care of all of this for you.
Working on your puppet master server(s), follow all of the instructions below:
Step 1: Install Plugins
Currently, puppet masters need additional Ruby plugins in order to use PuppetDB. Unlike custom facts or functions, these cannot be loaded from a module and must be installed in Puppet’s main source directory.
On Platforms With Packages
Enable the Puppet Labs repo and then install the
$ sudo puppet resource package puppetdb-terminus ensure=latest
On Platforms Without Packages
If your puppet master isn’t running Puppet from a supported package, you will need to install the plugins manually:
- Download the PuppetDB source code, unzip it and navigate into the resulting directory in your terminal.
sudo cp -R puppet/lib/puppet/ /usr/lib/ruby/site_ruby/1.8/puppet. Replace the second path with the path to your Puppet installation if you have installed it somewhere other than
/usr/lib/ruby/site_ruby. If you are using Puppet 4 or greater, replace the second path with the path to the ruby supplied by Puppet at
Step 2: Edit Config Files
Locate Puppet’s Config Directory
Find your puppet master’s config directory by running
sudo puppet config print confdir. It will usually be at either
You will need to edit (or create) three files in this directory:
1. Edit puppetdb.conf
The puppetdb.conf file will probably not exist yet. Create it, and add the PuppetDB server’s hostname and port:
[main] server = puppetdb.example.com port = 8081
PuppetDB’s port for secure traffic defaults to 8081. Puppet requires use of PuppetDB’s secure, HTTPS port. You cannot use the unencrypted, plain HTTP port.
For availability reasons there is a setting named
soft_write_failure that will cause the PuppetDB terminus to fail in a soft-manner if PuppetDB is not accessable for command submission. This will mean that users who are either not using storeconfigs, or only exporting resources will still have their catalogs compile during a PuppetDB outage.
You may also, optionally, specify a setting named
url_prefix if you have configured your PuppetDB server to run the web application at a URL other than “/”. This should not be necessary in most cases, and should only be used if you have modified the corresponding
url-prefix setting in your PuppetDB configuration.
If no puppetdb.conf file exists, the following default values will be used:
server = puppetdb port = 8081 soft_write_failure = false
2. Edit puppet.conf
To enable saving facts and catalogs in PuppetDB, add the following settings to the
[master] block of puppet.conf (or edit them if already present):
[master] storeconfigs = true storeconfigs_backend = puppetdb
async_storeconfigssettings should be absent or set to
false. If you have previously used the puppet queue daemon (puppetqd), you should now disable it.
Enabling report storage
PuppetDB includes support for storing Puppet reports. This feature can be
enabled by simply adding the
puppetdb report processor in your
file. If you don’t already have a
reports setting in your
file, you’ll probably want to add a line like this:
reports = store,puppetdb
This will keep Puppet’s default behavior of storing the reports to disk as YAML, while also sending the reports to PuppetDB.
You can configure how long PuppetDB stores these reports, and you can do some very basic querying. For more information, see:
More information about Puppet report processors in general can be found here.
3. Edit routes.yaml
The routes.yaml file will probably not exist yet. The path to this Puppet configuration file can be found with the command
puppet master --configprint route_file.
Create it if necessary, and add the following:
--- master: facts: terminus: puppetdb cache: yaml
Ensure proper ownership of the config files
The files created above need to be owned by the
puppet user. Ensure that
this ownership is applied by running the following command.
$ sudo chown -R puppet:puppet `sudo puppet config print confdir`
Step 3: Set Security Policy
PuppetDB listens on tcp port 8081 (https). Ensure this port is open between the Master and DB services. If the services run on the same server, no additional configuration may be needed. If the services are on separate servers, ensure the server and network firewalls allow the traffic flow.
PuppetDB works without modification with SELinux in enforcing mode.
Step 4: Restart Puppet Master
Use your system’s service tools to restart the puppet master service. For open source users, the command to do this will vary depending on the front-end web server being used.
Your puppet master should now be using PuppetDB to store and retrieve catalogs, facts, and exported resources. You can test this by triggering a puppet agent run on an arbitrary node, then logging into your PuppetDB server and viewing the
/var/log/puppetdb/puppetdb.logfile — you should see calls to the “replace facts” and “replace catalog” commands:
2012-05-17 13:08:41,664 INFO [command-proc-67] [puppetdb.command] [85beb105-5f4a-4257-a5ed-cdf0d07aa1a5] [replace facts] screech.example.com 2012-05-17 13:08:45,993 INFO [command-proc-67] [puppetdb.command] [3a910863-6b33-4717-95d2-39edf92c8610] [replace catalog] screech.example.com