Configure the Puppet Master Using the Starter Kit
Important
The AWS OpsWorks for Puppet Enterprise service reached end of life on March 31, 2024 and has been disabled for both new and existing customers. We strongly recommend customers migrate
their workloads to other solutions as soon as possible. If you have questions about migration, reach out to the AWS Support Team on AWS re:Post
While Puppet master creation is still in progress, the server's Properties page opens in the OpsWorks for Puppet Enterprise console. The first time that you work with a new Puppet master, the Properties page prompts you to download two required items. Download these items before your Puppet server is online; the download buttons are not available after a new server is online.
-
Sign-in credentials for the Puppet master. You will use these credentials to sign in to the Puppet Enterprise console, where you perform most node management. AWS OpsWorks does not save these credentials; this is the last time that they are available for viewing and downloading. If necessary, you can change the password that is provided with these credentials after you sign in.
-
Starter Kit. The Starter Kit contains a README file with information and examples describing how to finish setup, and administrator credentials for the Puppet Enterprise console. New credentials are generated—and the old credentials invalidated—each time you download the Starter Kit.
Prerequisites
-
While server creation is still in progress, download the sign-in credentials for the Puppet master, and save them in a secure but convenient location.
-
Download the Starter Kit, and unzip the Starter Kit .zip file into your workspace directory. Do not share your sign-in credentials. If other users will be managing the Puppet master, add them as administrators in the Puppet Enterprise console later. For more information about how to add users to the Puppet master, see Creating and managing users and user roles
in the Puppet Enterprise documentation.
Install the Puppet Master Certificate
To work with your Puppet master and add nodes to manage, you'll need to install its certificate. Install it by running the following AWS CLI command. You cannot perform this task in the AWS Management Console.
aws --region
region
opsworks-cm describe-servers --server-nameserver_name
--query "Servers[0].EngineAttributes[?Name=='PUPPET_API_CA_CERT'].Value" --output text > .config/ssl/cert/ca.pem
Generate a Short-term Token
To use the Puppet API, you must create a short-term token for yourself. This step is not required to use the Puppet Enterprise console. Generate the token by running the following command.
The default token lifetime is five minutes, but you can change this default.
puppet-access login --config-file .config/puppetlabs/client-tools/puppet-access.conf --lifetime 8h
Note
Because the default token lifetime is five minutes, the preceding example command
adds the --lifetime
parameter to extend the token lifetime for a longer
period. You can set the token lifetime for a period of up to 10 years
(10y
). For more information about how to change the default token
lifetime, see Change the token's default lifetime
Set Up the Starter Kit Apache Example
After you download and unzip the Starter Kit, you can use the example branch in the
included, sample control-repo-example
folder to configure an Apache
web server on your managed nodes.
The Starter Kit includes two control-repo
folders:
control-repo
, and control-repo-example
. The
control-repo
folder includes a production
branch
that is unchanged from what you would see in the Puppet GitHub repositorycontrol-repo-example
folder also has a production
branch that includes example code to set up an Apache server with a test website.
-
Push the
control-repo-example
production
branch to your Git remote (ther10k_remote
URL of your Puppet master). In your Starter Kit root directory, run the following, replacingr10kRemoteUrl
with yourr10k_remote
URL.cd control-repo-example git remote add origin
r10kRemoteUrl
git push origin productionPuppet's Code Manager uses Git branches as environments. By default, all nodes are in the production environment.
Important
Do not push to a
master
branch. Themaster
branch is reserved for the Puppet master. -
Deploy the code in the
control-repo-example
branch to your Puppet master. This lets the Puppet Master download your Puppet code from your Git repository (r10k_remote
). In your Starter Kit root directory, run the following.puppet-code deploy --all --wait --config-file .config/puppet-code.conf
For more information about how you can apply the sample Apache configuration to managed nodes that you create in Amazon EC2, see Step 2: Create Instances by Using an Unattended Association Script in this guide.