Hack The Sec-Leading Resource Of Linux Tutorial: puppet

How to Install and Configure Puppet on CentOS 7 / RHEL 7

<div dir="ltr" style="text-align: left;" trbidi="on">
Install and Configure Puppet on CentOS 7 / RHEL 7 
<a href="http://www.hackthesec.co.in/search/label/puppet" target="_blank">Puppet </a>is an open-source configuration management tool. It runs on many Unix-like systems as well as on Microsoft Windows, and includes its own declarative language to describe system configuration. 
<div class="separator" style="background-color: white; clear: both; color: #333333; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 19.2px; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7ox3PLkn1wWucxc5pzawlrlkniY2vrwbbOgxyDP-sdmzqZJGZ2SFjp5zooTXX2yUp5sQyeLRudJxODHJTH9A2VaD2BhxXfRVdLjfI41bjM14B0dxikkcksis0X-Jkkeu6x-1vPO9iI82y/s1600/Install-Puppet-in-CentOS_hackthesec.co.in.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7ox3PLkn1wWucxc5pzawlrlkniY2vrwbbOgxyDP-sdmzqZJGZ2SFjp5zooTXX2yUp5sQyeLRudJxODHJTH9A2VaD2BhxXfRVdLjfI41bjM14B0dxikkcksis0X-Jkkeu6x-1vPO9iI82y/s1600/Install-Puppet-in-CentOS_hackthesec.co.in.png" /></a></div>
 <a href="http://www.hackthesec.co.in/search/label/puppet" target="_blank">Puppet</a> is produced by Puppet Labs, founded by Luke Kanies in 2005. It is written in Ruby and released as free software under the GNU General Public License (GPL) until version 2.7.0 and the Apache License 2.0 after that. 
Puppet Master: 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">Operating system : CentOS 7 Minimal
IP Address       : 192.168.2.10
HostName         : server.hackthesec.local</pre>
Puppet client: 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">Operating System : CentOS 7 Minimal
IP Address       : 192.168.2.20
HostName         : client.hackthesec.local</pre>
Make sure your system (both puppet server and client) is able to resolve the hostname each other, either use /etc/hosts file or DNS server. 
 
 
To have a production ready puppet setup, we have to use apache with passenger. To get the passenger, download and place the repo file to /etc/yum.repos.d/ 
Note: Only on the master server. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; float: none !important; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">[root@hackthesec server ~]# curl --fail -sSLo /etc/yum.repos.d/passenger.repo https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo</pre>
<div>
To install the puppet master / agent, we would require to setup puppet repository on the all the nodes. Enable puppet labs repository by installing below rpm.</div>
<div>
Note: Run it on both master and agent nodes.</div>
<div>
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;"># rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm</pre>
</div>
<div>
<div>
Install and Configure Puppet on CentOS 7:</div>
<div style="color: #333333;">
Now, its time to install puppet. Install the puppet server using below command.</div>
</div>
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; float: none !important; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">[root@hackthesec server ~]# yum -y install puppet-server</pre>
<div>
As said earlier, we will configure puppet for master / agent architecture. So, this node will acts as a master node. Edit the puppet configuration file and modify the dns_alt_names.</div>
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">[root@hackthesec server ~]# vi /etc/puppet/puppet.conf

[main]
dns_alt_names = server,server.hackthesec.local
certname = server.hackthesec.local</pre>
If this machine is the only puppet master in your environment, run below command to create the puppet master certificate. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">[root@hackthesec server ~]# puppet master --verbose --no-daemonize

Info: Creating a new SSL key for ca
Info: Creating a new SSL certificate request for ca
Info: Certificate Request fingerprint (SHA256): 81:C6:BB:8B:1D:71:4C:64:E1:13:54:1B:EC:CF:99:D8:85:90:D1:6C:E8:85:50:3E:03:41:BA:C5:47:A7:4C:E5
Notice: Signed certificate request for ca
Info: Creating a new certificate revocation list
Info: Creating a new SSL key for server.hackthesec.local
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for server.hackthesec.local
Info: Certificate Request fingerprint (SHA256): FF:BE:D4:9B:E4:12:83:79:AE:BE:50:17:76:5F:F5:CD:5F:53:EA:5D:AA:5D:87:9E:7C:C4:BC:1B:8A:C6:FA:5C
Notice: server.hackthesec.local has a waiting certificate request
Notice: Signed certificate request for server.hackthesec.local
Notice: Removing file Puppet::SSL::CertificateRequest server.hackthesec.local at '/var/lib/puppet/ssl/ca/requests/server.hackthesec.local.pem'
Notice: Removing file Puppet::SSL::CertificateRequest server.hackthesec.local at '/var/lib/puppet/ssl/certificate_requests/server.hackthesec.local.pem'
Notice: Starting Puppet master version 3.8.3</pre>
Once you get "Notice: Starting Puppet master version <VERSION>", press ctrl-C to kill the process. 
Configure a Production-Ready Web Server: 
Puppet comes with a basic puppet master web server, but this cannot be used for real-life loads. We must configure a production quality web server before we start managing our nodes with Puppet. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; float: none !important; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">[root@hackthesec server ~]# yum -y install httpd httpd-devel mod_ssl ruby-devel rubygems gcc gcc-c++ pygpgme curl</pre>
<div>
Install Passenger and apache module.</div>
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">[root@hackthesec server ~]# yum install -y mod_passenger</pre>
Create three directories for the application (a parent directory, a "public" directory, and a "tmp" directory), Copy the ext/rack/config.ru file from the Puppet source code into the parent directory and Set the ownership of the config.ru file. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">[root@hackthesec server ~]# mkdir -p /usr/share/puppet/rack/puppetmasterd
[root@hackthesec server ~]# mkdir /usr/share/puppet/rack/puppetmasterd/public /usr/share/puppet/rack/puppetmasterd/tmp
[root@hackthesec server ~]# cp /usr/share/puppet/ext/rack/config.ru /usr/share/puppet/rack/puppetmasterd/
[root@hackthesec server ~]# chown puppet:puppet /usr/share/puppet/rack/puppetmasterd/config.ru</pre>
Add virtual host for puppet by creating the below configuration file. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">[root@hackthesec server ~]# vi /etc/httpd/conf.d/puppetmaster.conf</pre>
Add below content into the virtual host file, change the  entries as per your environement. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;"># you probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120

Listen 8140

<VirtualHost *:8140>
        SSLEngine on
        SSLProtocol             ALL -SSLv2 -SSLv3
        SSLCipherSuite          EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
        SSLHonorCipherOrder     on

SSLCertificateFile      /var/lib/puppet/ssl/certs/server.hackthesec.local.pem        SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/server.hackthesec.local.pem        SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
        SSLCACertificateFile   /var/lib/puppet/ssl/ca/ca_crt.pem
        # If Apache complains about invalid signatures on the CRL, you can try disabling
        # CRL checking by commenting the next line, but this is not recommended.
        SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
        # Apache 2.4 introduces the SSLCARevocationCheck directive and sets it to none
        # which effectively disables CRL checking; if you are using Apache 2.4+ you must
        # specify 'SSLCARevocationCheck chain' to actually use the CRL.
        # SSLCARevocationCheck chain
        SSLVerifyClient optional
        SSLVerifyDepth  1
        # The `ExportCertData` option is needed for agent certificate expiration warnings
        SSLOptions +StdEnvVars +ExportCertData

# This header needs to be set if using a loadbalancer or proxy
        RequestHeader unset X-Forwarded-For

RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
        RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
        RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

DocumentRoot /usr/share/puppet/rack/puppetmasterd/public
        RackBaseURI /
        <Directory /usr/share/puppet/rack/puppetmasterd/>
                Options None
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>
</VirtualHost>  </pre>
Restart apache server to take an effect of puppet virtual host, to do that, run following command on terminal. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">[root@hackthesec server ~]# systemctl restart  httpd.service</pre>
Disable puppet service and enable apache server to auto start on system boot. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">[root@hackthesec server ~]# systemctl disable puppet.service
[root@hackthesec server ~]# systemctl enable httpd.service</pre>
Firewall: 
Puppet listens on port no 8140; Configure the IP tables to allow it. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">[root@hackthesec server ~]# firewall-cmd --zone=public --add-port=8140/tcp --permanent
[root@hackthesec server ~]# firewall-cmd --reload</pre>
Install Puppet on Agent Nodes: 
On your client machine, install puppet agent using below command. 
 
 
Note: You must have puppet repository configured on the agent nodes. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">[root@hackthesec client ~]# yum -y install puppet</pre>
Edit the puppet configuration file and set puppet master information on the client stanza. 
 
 
Note: Modify "server" value as per your environment. In my case, server is "server.hackthesec.local" 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">[root@hackthesec client ~]# vi /etc/puppet/puppet.conf

[agent]
server = server.hackthesec.local</pre>
Start puppet on agent node and make it to start automatically on system boot. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">[root@hackthesec client ~]# systemctl start  puppet.service
[root@hackthesec client ~]# systemctl enable puppet.service</pre>
You would get below events in the logs. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">05:46:45 client systemd: Starting Puppet agent...
05:46:46 client systemd: Started Puppet agent.
05:47:03 client systemd: Reloading.
05:49:10 client puppet-agent[2694]: Did not receive certificate</pre>
Sign the Agent Node's Certificate on Master Server: 
In an agent/master deployment, an admin must approve a certificate request for each agent node before that node can fetch configurations. Agent nodes will request certificates the first time they attempt to run. 
 
 
Log into the puppet master server and run below command to view outstanding requests. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; line-height: 19.2px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">[root@hackthesec server ~]# puppet cert list
"server.hackthesec.local" (SHA256) 35:D1:B5:67:52:1C:1C:BH:6H:DD:3C:2E:B0:28:D7:15:52:95:32:95:1F:37:29:2G:5F:D7:4C:F5:DB:94:A1:B2</pre>
Run puppet cert sign to sign a request, or puppet cert sign –all to sign all pending requests. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">[root@hackthesec server ~]# puppet cert sign client.hackthesec.local

Notice: Signed certificate request for client.hackthesec.local
Notice: Removing file Puppet::SSL::CertificateRequest client.hackthesec.local at '/var/lib/puppet/ssl/ca/requests/client.hackthesec.local.pem'</pre>
Run the following command on client machine to check the certificate 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">[root@hackthesec client ~]# puppet agent -t

Info: Caching certificate for client.hackthesec.local
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for client.hackthesec.local
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for client.hackthesec.local
Info: Applying configuration version '1445401911'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.09 seconds</pre>
That’s All. Now, you have successfully configured puppet master and an agent. 
 
<div style="text-align: center;">
<a href="http://www.hackthesec.co.in/">www.hackthesec.co.in</a></div>
</div>

How to Install and Configure Puppet on CentOS 7 / RHEL 7

Install and Configure Puppet on CentOS 7 / RHEL 7 Puppet is an open-source configuration management tool. It runs on many Unix-like syste...

How to Add Puppet Nodes to Foreman – CentOS 7 / Ubuntu 14.04

<div dir="ltr" style="text-align: left;" trbidi="on">
Puppet Nodes to Foreman – CentOS 7 / Ubuntu 14.04 
Puppet is an open-source configuration management tool. It runs on many Unix-like systems as well as on Microsoft Windows, and includes its own declarative language to describe system configuration. 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfyaHydR2dsd1VxEV8holOMAFNMnvGjL0OPYRu4Efz8smXMdvWTT47kx5zHrkRK31WTfrDo31tMb9m9lXyI8M_YdP0XRDUzVJloYX5BMP4xGU5saG4qdA5LiIHAl5mUf7BtaCvBhE2yn5s/s1600/puppet-labs-hackthesec.co.in.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="315" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfyaHydR2dsd1VxEV8holOMAFNMnvGjL0OPYRu4Efz8smXMdvWTT47kx5zHrkRK31WTfrDo31tMb9m9lXyI8M_YdP0XRDUzVJloYX5BMP4xGU5saG4qdA5LiIHAl5mUf7BtaCvBhE2yn5s/s320/puppet-labs-hackthesec.co.in.png" width="320" /></a></div>
 
Puppet is produced by Puppet Labs, founded by Luke Kanies in 2005. It is written in Ruby and released as free software under the GNU General Public License (GPL) until version 2.7.0 and the Apache License 2.0 after that. 
 
Foreman (also known as The Foreman) is an open source complete life cycle systems management tool for provisioning, configuring and monitoring of physical and virtual servers. Foreman has deep integration to configuration management software, with Puppet, Chef, Salt and other solutions through plugins, which allows you to automate repetitive tasks, deploy applications and manage change to deployed servers. 
 
 
Foreman provides provisioning on bare-metal (through managed DHCP, DNS, TFTP, and PXE-based unattended installations), virtualization and cloud. Foreman provides comprehensive, auditable interaction facilities including a web frontend, a command line interface, and a robust REST API. 
 
 
<ul style="text-align: left;">
<li><a href="http://www.hackthesec.co.in/2016/06/how-to-install-foreman-on-centos-7-rhel.html" style="font-family: verdana, geneva, sans-serif; font-size: x-large; line-height: 26px;" target="_blank">How To Install Foreman on CentOS 7 / RHEL 7 / Ubuntu 14.04</a></li>
</ul>
 
 
INSTALLATION :- 
 
Make sure your system (both puppet server and client) is able to resolve the hostname each other, either use /etc/hosts file or DNS server. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">vi /etc/hosts</pre>
<pre style="background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; margin-bottom: 10px; overflow: auto; padding: 9.5px; word-break: break-all; word-wrap: break-word;">192.168.2.10 server.hackthesec.local server # Foreman
192.168.2.20 centos.hackthesec.local centos # CentOS 7 Agent
192.168.2.30 ubuntu.hackthesec.local ubuntu # Ubuntu 14.04 Agent</pre>
 
Install Puppet Agent on CentOS 7: 
Puppetlabs repository in order to get a puppet agent packages from official source. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm

yum -y install puppet
</pre>
Install Puppet Agent on Ubuntu 14.04: 
Puppet agent, we have to configure Puppetlabs repository on Ubuntu 14.04. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
sudo dpkg -i puppetlabs-release-trusty.deb

sudo apt-get update

sudo apt-get install puppet
</pre>
Configure puppet agent on CentOS 7 / Ubuntu 14.04: 
Once the installation is done, we will need to update the "/etc/puppet/puppet.conf" file. 
 
There are two section on the agent node's puppet config file, a [main] and [master] section. Add the following settings to your [main] settings. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">vi /etc/puppet/puppet.conf</pre>
Comment or Delete "templatedir=$confdir/templates" line and enter your details Foreman (Puppet Master) in "server = hostname" line 
<pre style="background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; margin-bottom: 10px; overflow: auto; padding: 9.5px; word-break: break-all; word-wrap: break-word;">[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
#templatedir=$confdir/templates
### Add Below Lines ###
server = server.hackthesec.local
report = true
pluginsync = true</pre>
Edit /etc/default/puppet to enable puppet service. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">vi /etc/default/puppet</pre>
Setting this to "yes" allows the puppet agent service to run. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">START=yes</pre>
To enable and run puppet agent service. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">puppet resource service puppet ensure=running enable=true</pre>
Sign Puppet Agent certificate: 
Now, you will have to sign the certificates of puppet agents in order to work with Foreman, issue the following command to list down the unsigned certificates. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">[root@hackthesec server ~]# puppet cert list
"ubuntu.hackthesec.local" (SHA256) 35:D1:B5:67:52:1C:1C:BH:6H:DD:3C:2E:B0:28:D7:15:52:95:32:95:1F:37:29:2G:5F:D7:4C:F5:DB:94:A1:B2</pre>
In the above output, "ubuntu.hackthesec.local" is the puppet agent. To sign the certificate follow below command 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">[root@hackthesec server ~]# puppet cert sign ubuntu.hackthesec.local
Notice: Signed certificate request for ubuntu.hackthesec.local
Notice: Removing file Puppet::SSL::CertificateRequest ubuntu.hackthesec.local at '/var/lib/puppet/ssl/ca/requests/ubuntu.hackthesec.local.pem'</pre>
Console Mode: 
Open your Foreman web console, go to Infrastructure –> Smart proxies. Click Certificates button. 
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUGlMe2UjdXBn2DDmn2QcJbRjLwa8rQTCYQN4s6nXK5rQAzCeF3H_99APJ3smwjMYNTRuuG74KRirK3p63DATPuJ5lvaGGBPLEnmcMo1N2cbT01mZr1aaNoYwSM5Ex_P10qEGH5wsUGT45/s1600/Puppet-Nodes-to-Foreman-Smart-Proxies-hackthesec.co.in.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUGlMe2UjdXBn2DDmn2QcJbRjLwa8rQTCYQN4s6nXK5rQAzCeF3H_99APJ3smwjMYNTRuuG74KRirK3p63DATPuJ5lvaGGBPLEnmcMo1N2cbT01mZr1aaNoYwSM5Ex_P10qEGH5wsUGT45/s1600/Puppet-Nodes-to-Foreman-Smart-Proxies-hackthesec.co.in.png" /></a></div>
You see  agent certificate (ubuntu.hackthesec.local) is pending to be signed. To sign, click Sign button. 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEZDMnqfHwnNiEwh7QQY2UQALS34bO8_M6Sr26SbZlfVTDXBlnaKLD5l1Dwofy8UlTUgArDwGH_J2VauYMgSdznCEDdpWV4HuYDlZJPcgaX0nNLa1GinDis5lXfRNE-cmvymUeTno1aBxB/s1600/Puppet-Nodes-to-Foreman-Agent-Certificates-hackthesec.co.in.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEZDMnqfHwnNiEwh7QQY2UQALS34bO8_M6Sr26SbZlfVTDXBlnaKLD5l1Dwofy8UlTUgArDwGH_J2VauYMgSdznCEDdpWV4HuYDlZJPcgaX0nNLa1GinDis5lXfRNE-cmvymUeTno1aBxB/s1600/Puppet-Nodes-to-Foreman-Agent-Certificates-hackthesec.co.in.png" /></a></div>
After that your agent (ubuntu.hackthesec.local) is signed successfully. 
To verify the node go to Hosts –> All Hosts. Verify that the new node (ubuntu.hackthesec.local) has been added to Foreman. 
Troubleshooting 
In case if you want to remove the puppet agent from the Puppet master, run. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">[root@hackthesec server ~]# puppet cert clean ubuntu.hackthesec.local
Notice: Revoked certificate with serial 3
Notice: Removing file Puppet::SSL::Certificate ubuntu.hackthesec.local at '/var/lib/puppet/ssl/ca/signed/ubuntu.hackthesec.local.pem'
Notice: Removing file Puppet::SSL::Certificate ubuntu.hackthesec.local at '/var/lib/puppet/ssl/certs/ubuntu.hackthesec.local.pem'</pre>
In case, if you want to re-register the puppet agent that you just deleted in previous step. Follow the below procedure. 
 
Stop the puppet service. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">service puppet stop</pre>
Delete the puppet agent ssl directory. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">rm -rf /var/lib/puppet/ssl/certs</pre>
Start the puppet service. 
<pre style="background: rgb(68, 67, 65); border-radius: 6px; border: 1px solid rgb(227, 227, 227); box-sizing: border-box; clear: none !important; color: white; font-family: monospace, serif; font-size: 14px; margin-bottom: 10px !important; margin-top: 10px !important; overflow: auto; padding: 10px !important; width: auto !important; word-break: break-all;">service puppet start</pre>
Now, you can go and run the "puppet cert list" command on Foreman (puppet master) server to see the signing request, approve it incase you required. 
 
 
<div style="text-align: center;">
<a href="http://www.hackthesec.co.in/">www.hackthesec.co.in</a></div>
</div>