Ask Your Question

Why does puppet agent need to be installed on same server as puppet master

asked 2018-03-04 09:16:45 -0600

puppet-novice gravatar image

I am confused about why the puppet agent needs to also be installed on the master server to work on a single node dev environment. I have just completed a beginners course on puppet and this is what we were instructed to do.

On my return home I have created a packer file for a centos 7 vm and attempted to bootstrap this development vm using kickstart.

I keep running into a problem with puppet though, the puppet master wont start and from what I have read and discovered it seems to be because the puppet agent is running.

I have noticed that if I stop the puppet agent then puppet master seems to start, and I have also noticed that if the puppet agent is stopped I can still run:

puppet agent --test --waitforcert 30

I dont understand how this can run without the agent running? Do I need to do all of these things in order to run the puppet agent --test:

systemctl enable puppetserver.service

puppet resource service puppetserver ensure=running enable=true

systemctl enable puppet.service

puppet resource service puppet ensure=running enable=true

Any help is appreciated as I am going round in circles!

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2018-03-05 02:32:59 -0600

puppet-novice gravatar image

updated 2018-03-05 02:41:26 -0600

Thanks, interesting that your fqdn has 'qa' (which is who I did the training course with) and they didnt teach us to use puppet apply, but the syntax I pasted above (puppet agent -t)!

Are you one of the course instructors?

Another thing is that on the course they told us you only needed to have a host entry for puppet that pointed to the puppet server, I figured setting the host for that should be enough?

My main issue is with signing the certificate from a packer build , so that the certificate is pre signed when the vm is finally finished.

On the system I am working on it runs the puppet master and the slave as well so I figured that might be to replicate what it is like on the live environment? I dont have anyone to ask about it anyway as that is the reason I needed to learn puppet, to pick some of this up.

I will try your suggestions and get back to you. Thanks.

edit flag offensive delete link more

answered 2018-03-04 19:05:38 -0600

Hypnoz gravatar image

If you only want to run puppet on a single node, usually you would use puppet apply ...

It lets you apply a set of puppet code against the local system without the need for the "puppetserver" to be running. Puppet server is only really needed if you want to host puppet code for remote servers.

That being said, if you have 1 server and you want to test running the puppetserver, then you will need to be running the puppetserver (to host the puppet code), and then either manually run "puppet agent --test ..." or start the puppet agent for automatic runs every 30 minutes.

If you want to start the process over from scratch in the ideal way, you would

Clear the existing puppet ssl certs rm -rf /opt/puppetlabs/puppet/ssl

Make sure the settings are correct in /opt/puppetlabs/puppet/puppet.conf (both the puppetserver and puppet agent will use this). Here's an example of a basic yet complete version:

  vardir = /opt/puppetlabs/server/data/puppetserver
  logdir = /var/log/puppetlabs/puppetserver
  rundir = /var/run/puppetlabs/puppetserver
  pidfile = /var/run/puppetlabs/puppetserver/
  codedir = /etc/puppetlabs/code
  confdir = /etc/puppetlabs/puppet

  environmentpath       = $codedir/environments

  # Hiera Config
  hiera_config          = $confdir/hiera.yaml

  # PuppetDB Config
  #reports               = puppetdb
  #storeconfigs          = true
  #storeconfigs_backend  = puppetdb

  # Default environment cache is 3 minutes. Lets set 0 to not cache at all
  environment_timeout   = 0

  report      = true
  server      =
  environment = production

You'll want to change "" to the hostname -f fully qualified name of your local puppet server. You should be able to run hostname -f and get a fully qualified name or puppet certs won't really work right.

With everything stopped, start the puppetserver first. Check the logs at


and also check the files in the ssl directory exist:

find /etc/puppetlabs/puppet/ssl

If those certs exist, you should be able to try running "puppet agent --test --noop", and assuming you have some valid code here, it should work

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2018-03-04 09:12:57 -0600

Seen: 178 times

Last updated: Mar 05