The latest cloud infrastructure announcements, technical solutions, and enterprise cloud insights.

How to install and configure PuppetLabs PE on top of Oracle Cloud Infrastructure Compute Classic

Murthy Garimella
Technical Director

Puppet is a powerful configuration and management tool to automate the operation and lifecycle of infrastructure and applications.  Many open source tools like Puppet can easily be used with Oracle cloud services to migrate existing applications or deploy new ones.  


This blog post covers how to install Puppet Enterprise and Puppet Agents using Puppet on Oracle Cloud Infrastructure Compute Classic instances or virtual machines. You will use the Puppet Master to automate deployment and configuration of different products on Oracle Compute Classic instances.


Time to Complete


45 Minutes




Puppet Enterprise is an IT automation solution that provides organizations the power to easily automate repetitive tasks, quickly deploy critical applications, and proactively manage IT infrastructure both on-premises and in the cloud. PE (Puppet Enterprise) is used by a wide and expanding group of IT teams to automate provisioning, patching and configuration of operating systems, devices and application components in the data center including physical and virtual machines, running in the cloud or on-premises. Puppet usually runs in an agent/master architecture, where a Puppet master server controls important configuration info and managed agent nodes request only their own configuration catalogs.


We need two Oracle compute instances to support basic Puppet Architecture with Master & Agent.


What Do You Need?


  • Subscription to Oracle Cloud Infrastructure Compute Classic. See Getting Started with Oracle Cloud.
  • Oracle Linux 6.6.
  • Secure Shell (SSH) key with a bit size of 2048 or higher. See "Generating an SSH Key Pair" in Creating Oracle Compute Classic Instances Using an Orchestration.
  • Reserved fixed public IP address for each Oracle Compute Classic instance. See Reserving a Public IP Address.
  • A minimum of two Oracle Compute Classic instances, one to deploy the Puppet Master and another to manage a node using Puppet Agent. See Creating Oracle Compute Classic Instances Using an Orchestration. Set up both instances to boot from a persistent boot disk. See Creating a Bootable Storage Volume.
  • For the Puppet Master and the Puppet Agent to communicate, the instances hosting them should be in the same security list (seclist). Otherwise, you need a Firewall access rule to enable communication over the appropriate protocol or port. See Managing Security Lists in Using Oracle Compute Classic. If you're setting up a multi-node deployment, create instances as described in Creating Oracle Compute Classic Instances Using an Orchestration.
  • Each instance must be in a security list that permits inbound SSH connections from outside Oracle Cloud.
    • Instances created using the Create Instance wizard in the web console are added to the /Compute-<account>/default/default security list by default. SSH connections to all instances in this security list are permitted by the auto-created security rule, {{/Compute-<account>/<user>/DefaultPublicSSHAccess}}. Remember to add an SSH public key while creating the instances.
    • For instances created using an orchestration, you can specify the /Compute-<account>/default/default security list in the orchestration. If no security list is specified, instances are added to the /Compute-<account>/default/default security list by default.
  • ** Later parts ** Modules and plug-ins to install the Apache on compute instance using Puppet. You can access the modules and plug-ins either from a GitHub repository or from Oracle Technology Network (OTN).



Performing Pre-Installation Tasks


Complete the following pre-installation tasks:

  • Connect to the Oracle Compute Classic instance (to install the Puppet Enterprise) by using a secure shell (SSH) like Putty.
  • Download PE tarball file from puppet download location- Source: https://puppet.com/download-puppet-enterprise (You can download the Master Installer for Oracle Linux Operating System 6) We will be using 10 node free PE install.
  • Download the puppet enterprise tarball on your local workstation (laptop/desktop) and copy it over to the VM instance created by you above. One of the two compute instances act as PE master where you will use the Tarball and other instance act as Puppet agent.
  • Install the FTP client like WinSCP to transfer PE tar file from your laptop to the compute instance where you are going to install the PE
  • Create another compute instance to have the Puppet agent node.
  • Configure firewall rules to communicate from Agent compute instance to Puppet Master compute instance using TCP port 8140.
  • The machine you run the installer from must have the same OS/architecture as your PE deployment.
  • Please ensure that ports 3000 and 8140 are reachable, as the web-based installer uses 3000 port. You can close 3000 port when the installation complete. But 8140 is required to communicate from agent to master.
  • Setting the hostname usually involves the hostname command and one or more configuration files, while the exact method varies by platform. In addition, all nodes must be able to reach each other by name. This can be done with a local DNS server, or by editing the /etc/hosts file on each node to point to the proper IP addresses.


Creating a couple of instances on Oracle Compute Classic

Refer the following tutorial to create two instances -  http://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/compute-iaas/creating_an_instance_using_the_web_console/creating_an_instance_using_the_web_console.html

Create SSH and Access rules for these two instances (one for puppet master and second is for puppet agent)

  Ref - https://docs.oracle.com/cloud/latest/computecs_common/OCSUG/GUID-630622EC-160B-4523-88AD-F7B46463A0BE.htm#OCSUG145


Connecting to the Oracle Compute Classic instance using SSH


You access the instance from your local machine by using the ssh command in a UNIX command shell or from Windows by using Putty


Note – you will need the public IP address of the instance which you will get it from the Oracle Compute Classic console

Unix Command using SSH

$> ssh -i path_to_SSH_private_key opc@IP_address_of_instance


In the preceding command:

path_to_SSH_private_key is the path to the SSH private key file that matches the public key used when your instance was created.

IP_address_of_instance is the public IP address of the instance in n.n.n.n format.

    opc is the user account.

    Note: This step works only in Oracle-provided instances. You may have a different user provisioned in your custom instances.

    For example:

    $> ssh -i keys/id_rsa opc@


If this is the first time that you're connecting to the instance, confirm the RSA key fingerprint of the instance. In response to the prompts in the ssh utility, enter yes, and then enter the passphrase for the SSH key (if you created a passphrase).


Windows using Putty 

  Download and install Putty for your Windows OS - http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html 



Download and Transfer Puppet Enterprise tarball

We are going to use Monolithic installation which installs - PE Master, PE Console and PuppetDB (with PostgreSQL) on a single node.


  • Download PE (in this document, we are using PE with 10 nodes capacity) – the tarball will be downloaded into your local machine.
  • Transfer the PE tarball from your local machine to the Compute instance1 where the Puppet Master will be installed , using tools like WinSCP–
  • On a single *nix machine, you will install - The Puppet Master, The PE Console and PuppetDB.


Install Puppet Enterprise Master


1. After login to the Compute instance 1 where you will install PE master, check the hosts file  - to make sure the public IP address is mapped to the fully qualified Compute Instance1 -

edit /etc/hosts file using 'sudo' add an entry with IP address and complete name for instance 1 where PE master will be installed.

2. Run the following command to unpack the tarball using "tar -xf <TARBALL> " (no quotes required)

3. Run the installer from the PE installer directory  using sudo - "sudo ./puppet-enterprise-installer"  (no quotes)

4. Select 'Guided' option 1 during the install process, later PE installer will start the web server and you need to go to the browser and enter (https://<install platform hostname>:3000. Copy this address into your browser (make sure to use https) please make sure respective firewall / access rules are defined in the Compute console to accept the traffic on port 3000. Ref - http://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/compute/permitting_public_tcp_traffic_to_compute_instanc…

5.  Make sure your SSH terminal connection for instance1 is open until the installation is complete, otherwise the installation may fail. Secondly, you may need to accept the security request in your browser. The web-installation default SSL cert, it has to be accepted by adding a security exception if the browser prompts.


Web PE install Process -


Navigate to the Web console to do rest of the installation using the URL ‘https://<IP_ADDRESS>:3000” to complete rest of the install process - ( it is the Oracle Compute Classic instance 1 public IP Address)

  • (A) -  enter in your browser the IP address of the compute instance1 with port 3000
  • (B) – Personalize the install if needed, we are selecting ‘Monolithic’ option –
  • (C) Enter the Oracle Compute instance 1 details - You may need to enter the FQDN - fully qualified name of the Oracle Compute Classic instance1 where PE Master will be installed. You may also need to enter the DNS alias for agent nodes
  • (D) Make sure the checkbox (default) is selected for Enable Application Orchestration option
  • (E) Scroll down and Default database option – install PostgreSQL on PuppetDB for me is selected and enter a password for user ‘admin’  (ex- <PASSWORD>

Note- Make a note of this password, you will need it later on to log on to the console.

  • (F) Click Submit to continue, Confirm the Plan – Click Continue or ‘click Go Back’ for any changes –
  • (G)  Check for any errors otherwise click ‘Deploy Now’. If there are any errors, ‘go back’ and fix them. For example, DNS fully qualified name mistakes. OR disk space or DNS name issues etc. –
  • (H) Monitor for any errors during deployment –
  • (I) Click on ‘Log View’ to monitor the installation process – You may see 'summary' log or 'detailed' pop log to view the deployment process.
  • (J) Make sure all the checks are in Green in the ‘installing your deployment’ –
  • (K) Note - When the installation is complete, the installer script that was running in the terminal will close itself. Don’t close the terminal while the install process is going on.
  • (L)  Click ‘Start using Puppet Enterprise’ to log into the console or continue on installing Puppet Agents on another compute instance(s)
  • (M)  That’s about the Puppet Master install !!


Setting up the Puppet Agents


Now let's set up the Puppet Agent as a part of basic architecture -


First install the agent on the second compute instance-2


1. Log on to the Oracle Compute Classic instance-2 using SSH client like Putty –

2. After login to the instance, using the sudo privileges, run the following command – "curl -k https://<MASTER HOSTNAME>:8140/packages/current/install.bash | sudo bash" (no quotes needed) where <MASTER HOSTNAME> is the fully qualified name of the Oracle Compute Classic instance where the PE master has been installed.

3. After Puppet Agent installed successfully, send a  cert request from Agent instance automatically to Puppet Master, on PE master instance-1, you may list any pending certificate requests using the following command

  List –  "sudo /opt/puppetlabs/bin/puppet cert list" -

(which gives the NAMES of the requests)

4. Open the first instance using putty if it is not opened already and sign the agent cert request from puppet master –

Approve the  request from master by sign  – "sudo puppet cert sign <NAME>" where NAME is the agent name from list


Note – you may also do the same from the Puppet Master console instead of CLI to view and sign the agent certs. The console will be access using the url - HTTPS://<IP_ADDRESS>>:443 where IP_ADDRESS is the public ip address of the Oracle Compute instance-1

(Make sure to accept the default SSL certificate and add exception while accessing the URL, secondly make sure the Firewall / Access rules are defined for the Compute Instance where you have installed PE master to accept the HTTPS traffic.


5. Finally, the Puppet agent node by running the command below from agent compute instance 2 –  sudo puppet agent --test


If you receive a -bash: puppet: command not found error, then the directory that PE installs its binaries in, /opt/puppetlabs/bin, isn’t included in your default $PATH. To include these binaries in your default $PATH, add them by running PATH=/opt/puppetlabs/bin:$PATH;export PATH.

Note, the long string of log messages, ending with Notice: Applied catalog in [...] second


Access the PE Console -


The console is served as a website over SSL using the format https://<<COMPUTE-INSTANCE1-HOSTNAME>> or https://<<IP_ADDRESS_OF_COMPUTE_INSTANCE1>> on whichever port you chose when installing the console component.


Note the https protocol handler — you cannot reach the console over plain http. Accept the default SSL certificate and log in using the user & password that is mentioned during the PE Master web installation above.



This Concludes the installation part of Puppet Master & Agent on Oracle Compute Classic instances.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha