2012-05-19: This was written a long time ago and isn’t necessarily the way I would approach this now. Puppet now offers pre-built Mac binaries directly from their site, which might even contain LaunchDaemons.
Table of Contents
- 1 Step One: Installation
- 2 Step Two: Post-install
- 3 Step Three: Getting the machines to talk to each other
- 4 Step Four: Configure Authorizations (Allow forceful runs)
- 5 Step Five: Setup Launch Daemon
- 6 Conclusion
Step One: Installation
First things first: the installation. For a simple pre-compiled .pkg distribution, check out http://www.puppetlabs.com/resources/downloads. You’ll want to download both the “puppet” package and the “facter” package.
Install ‘facter’ first, then ‘puppet’
After installation, you’ll notice that not much has happened – there’s no pretty GUI application or anything like that. In fact, there’s not even a launch daemon. We’ll get to that.
You should install Puppet on two machines for now – one will be the Puppet master and another will be a Puppet client.
Step Two: Post-install
There’s a little work to do before you can actually start using Puppet. Not much is setup for you by default. This page on Trevmex’ website has a Ruby script to setup a couple of things for you. All it does is create a couple of the initial files needed to run Puppet. I suggest using that:
sudo /usr/bin/ruby -e "$(curl -fsS https://gist.github.com/raw/6adfc4d7dbfe71873186/puppet-osx-postinstall.rb)"
You’ll want the Puppet master to resolve to the “puppet” DNS name. You can set this up on your nameserver or simply use /etc/hosts
Add something like this to /etc/hosts on the machines:
172.30.112.126 puppet puppet.organization.tld
Step Three: Getting the machines to talk to each other
Now that Puppet is setup and ready to go, it’s time to get the machines to be aware of each other and interact with one another. Puppet uses certificates to talk to each other. When a client first tries to talk to the master, the master will expect you to sign the certificate for the host.
Fire up puppetmaster on the master
First, start puppetmaster on the master:
sudo /usr/sbin/puppetmasterd --no-daemonize --verbose --debug
You’ll notice pretty colors and a lot of information.
Start puppet on the client machine
Now that the master is waiting, it’s time to get the client blessed off by the master (sign the certificate). On the client machine, run:
sudo puppetd --waitforcert 60 --test
I’ll post the exact message here later, but you should notice on both machines a message about certificates. It’s awaiting your approval. Open up another shell on the master and use something like the following command:
sudo puppetca --sign clientmachine.orgname.tld
If all goes well, the machines should now be able to talk to each other (they aren’t really doing anything yet, of course).
Step Four: Configure Authorizations (Allow forceful runs)
We’ll now setup Puppet to allow for forceful runs on the clients. This is useful for when you’re getting something setup and need it to run “now”, rather than waiting the default 30 minutes. You have to authorize this behavior, as by default, it will be denied. Put both of these files on both the master and client for now. You can tweak later:
You should now be able to force a run to a client. Try running the following command on the Puppet master:
sudo puppetrun --host client.orgname.tld
Step Five: Setup Launch Daemon
You may want to wait for this step until you’ve got a few “real” things to manage. That said, it won’t hurt anything to go ahead and setup the launch daemon to handle Puppet for you. There are two launch daemons: one for puppetmaster and one for the puppet client. You can run both on the master (if you want the master to manage itself as well).
NOTE: Don’t install the puppetmaster plist on the client machine(s). You only need
Change the file extension to “.plist” and place them in
/Library/LaunchDaemons/ as appropriate.
Before actually loading these, puppet and/or puppetmaster can’t already be running. Make sure you’ve stopped all instances you may have started during your testing, then load them (as appropriate):
sudo launchctl load /Library/LaunchDaemons/com.puppetlabs.puppet.plist
The launch daemon should now be loaded and started puppet. Verify the launchdaemon loaded:
sudo launchctl list|grep puppet
Verify puppet (or puppetmaster) is running:
ps aux|grep puppet
/var/log/system.log and the logs located in
You should now have Puppet installed, configured, and controlled by the Launchd Daemon. Now we’ll want to actually start managing something. Please proceed to the less Mac-specific document, Getting Started With Puppet >>