Puppet Open Source with Foreman
The SovLabs Puppet Enterprise module for vRealize Automation increases IT agility and speed of delivery for systems and applications by combining SovLabs Module Framework with Puppet’s advanced configuration management and vRealize Automation’s provisioning and lifecycle management capabilities.
|Puppet Open Source||3.8.1+|
|Foreman||9, 11, 12, 13, 14, 15, 16|
|VMware vRealize Automation (vRA)||7.x|
|VMware vRealize Orchestrator (vRO)||7.x|
|EMC Enterprise Hybrid Cloud (EHC)||4.x|
Quick Start Process
- Define Foreman/Puppet Master
- Define Foreman/Puppet Agent configuration
- Apply to existing blueprint and provision!
- Ensure NTP is set up correctly
Create Puppet Certificate and Update Puppet Console configuration
Create the certificate on the Puppet Master that will be used for communication with the Foreman API and the Puppet CA API.
Perform the following for each Puppet Master:
1. SSH to the Puppet Master (as root, or an account that has sudo privileges)
2. su to root if needed
3. Create a certificate (replace CERTNAME with vrosvc)
puppet cert generate CERTNAME
auth.conf by typing in the following:
If the following section does not exist, copy and paste the following section into the
auth.conf file, and replace CERTNAME with the certificate name you created in Step 3 (without the
.pem extension). This is case-sensitive.
If the section does exist, add your certificate to the allow list.
path /certificate_status method find, save, search auth yes allow <code>CERTNAME</code>
5. Hit the
esc key and then type in
6. Restart necessary services by typing in:
service puppet restart
Puppet Foreman Credentials
On a monolithic Puppet Open Source instance you will need root credentials (recommended) or credentials with sudo elevated privileges on the Puppet Master server.
If these are separate servers in your environment, you need root credentials or credentials with elevated privileges on these:
- Puppet CA
- Puppet Compile Master
- Puppet database server
The root user can be authenticated using the password or with SSH keys.
The alternative is a service account that has been granted sudo permissions in sudoers.
The steps to setting up sudo permissions on the Puppet components can be quite involved and are not in the scope of this document.
Collect the appropriate keys from the Foreman Master Paste into a text editor or copy/paste directly into the SovLabs Foreman Master configuration form:
|Private Key Certificate||
|CA Certificate (used to sign the API cert)||
Provisioning Windows VMs
If you plan to provision Windows VMs with Puppet Enterprise, you will need a method to connect to the VM to install the agent. You can choose to use the VMware Tools option or the WinRM option when you configure your SovLabs Foreman Agent configuration.
VMWare Tools Option (recommended)
- Create a SovLabs vCenter Endpoint (required)
- Create the Puppet Agent with vmware-tools as the Connection Type on the Puppet Agent Configuration tab.
- Download the activateWinRM.ps1
- Put the
activateWinRM.ps1script into a share OR incorporate it into your Windows Template in vCenter.
- In your Customization Specification, call the
activateWinRM.ps1script in the Run Once section
Using activateWinRM.ps1 from a share location
cmd /c powershell -executionpolicy Bypass -noninteractive -file //example.sovlabs.net/SovlabsSoftware/activateWinRM.ps1
Using a local copy of activateWinRM.ps1 in the template:
cmd /c powershell -executionpolicy Bypass -noninteractive -file c:\example_dir\activateWinRM.ps1
For Linux/Unix VM Provisioning
It is recommended to use the SSH connection type in the Foreman Agent configuration. You will need root credentials to the VM for this.