Ask Your Question
0

agents installed on premise

asked 2014-11-28 01:54:13 -0500

luongto gravatar image

Hi, I am very new on the Puppet, I am researching if the Puppet is best fit for our need.

I am going to have a Puppet master installed in a Linux Server. and also I need to have Puppet agents will installed at client side behind the firewall. For the case, not sure if the master is able to establish connections to agents and vice versa, if it does, how? via a service bus?

Could you please shed a light.

Thank you, Luong To

edit retag flag offensive close merge delete

2 Answers

Sort by » oldest newest most voted
1

answered 2014-11-30 10:13:26 -0500

updated 2014-11-30 10:57:23 -0500

This should provide all the context information you need.

Firewall Configuration

Configure your firewalls to accommodate Puppet Enterprise’s network traffic. In brief: you should open up ports 8140, 8081, 61613, and 443. The more detailed version is:

If you are installing PE using the web-based installer, ensure port 3000 is open. You can close this port when the installation is complete.

  • All agent nodes must be able to send requests to the puppet master on ports 8140 (for Puppet) and 61613 (for orchestration).
  • The puppet master must be able to accept inbound traffic from agents on ports 8140 (for Puppet) and 61613 (for orchestration).
  • Any hosts you will use to access the console must be able to reach the console server on port 443, or whichever port you specify during installation. (Users who cannot run the console on port 443 will often run it on port 3000.)
  • If you will be invoking orchestration commands from machines other than the puppet master, they will need to be able to reach the master on port 61613. (Note: enabling other machines to invoke orchestration actions is possible but not supported in this version of Puppet Enterprise.)**
  • If you will be running the console and puppet master on separate servers, the console server must be able to accept traffic from the puppet master (and the master must be able to send requests) on ports 443 and 8140. The console server must also be able to send requests to the puppet master on port 8140, both for retrieving its own catalog and for viewing archived file contents.
  • PuppetDB needs to accept connections on port 8081, and the puppet master and PE console need to be able to do outbound traffic on 8081.
  • For split installs, the server running the PuppetDB component needs port 5432 open.

One final Bonus piece of information not included on that list. If you're using PE 3.7 or above and desire to use the Node Classifier API you will need to open up port 4433 as per

Port and Path By default, the node classifier service listens on port 4433 and all endpoints are relative to the /classifier-api/ path. So, for example, the full URL for the /v1/groups endpoint on localhost would be https://localhost:4433/classifier-api/v1/groups.

edit flag offensive delete link more

Comments

thank you!

luongto gravatar imageluongto ( 2014-12-07 08:36:37 -0500 )edit
1

answered 2014-11-28 13:04:13 -0500

lorcutt gravatar image

By default, a puppet client directly establishes a connection with the puppet master using SSL on port 8140.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2014-11-28 01:54:13 -0500

Seen: 192 times

Last updated: Nov 30 '14