Install *nix agents

You can install agents on *nix nodes with the install script, from the Puppet Enterprise (PE) console, with PE package management, your own package management, with or without internet access, and more.

We recommend you Install agents with the install script or Install agents from the console whenever possible, and we've described other cases here for your reference. For non-root agents, refer to Install non-root *nix agents.

You must enable TLSv1 to install agents on these platforms:
  • AIX
  • Solaris 11

Install *nix agents with PE package management

Puppet Enterprise (PE) provides its own package management to help you install agents on *nix and macOS nodes. You can use this process with or without internet access.

Before you begin

If you're installing an agent with a different OS than your primary server, you must declare the corresponding pe_repo class on the primary server, such as pe_repo::platform::el_7_x86_64. You can declare these classes in the console at Node Groups > PE Master > Classes.

If the primary server does not have internet access, download the appropriate agent tarball, and copy the agent tarball to this location on the primary server:
/opt/puppetlabs/server/data/staging/pe_repo-puppet-agent-<AGENT_VERSION>
For example, the directory for agent version 5.5.17 is:
/opt/puppetlabs/server/data/staging/pe_repo-puppet-agent-5.5.17/
These commands modify the standard agent install script for specific platforms or airgapped environments. If you do not have a specific need for these commands, we recommend you Install agents with the install script.
Note: The <PRIMARY_HOSTNAME> portion of the installer script—as provided in the following example—refers to the FQDN of the primary server. The FQDN must be fully resolvable by the machine on which you're installing or upgrading the agent.
  1. SSH into the node where you want to install the agent and run the command appropriate to your environment:
    • curl:
      uri='https://<PRIMARY_HOSTNAME>:8140/packages/current/install.bash'
      
      curl -k "$uri" | sudo bash
    • wget:
      wget -O - -q --no-check-certificate https://<PRIMARY_HOSTNAME>:8140/packages/current/install.bash | sudo bash
    • Solaris 11:
      sudo export PATH=$PATH:/opt/sfw/bin
      wget -O - -q --no-check-certificate --secure-protocol=TLSv1 https://<PRIMARY_HOSTNAME>:8140/packages/current/install.bash | bash
  2. Run puppet agent -t to add the node to the node inventory and generate the CSR.
  3. Accept the CSR as explained in Managing certificate signing requests.

Install *nix agents with your own package management

You can use your own package management tools, instead of Puppet Enterprise (PE) package management, to install agents. You can use this method with or without internet access.

Before you begin

Download the appropriate agent tarball.

  1. Add the agent package to your own package management and distribution system.
  2. Configure the package manager on your agent node (such as YUM or APT) to point to that repo.
  3. Install the agent using the command appropriate to your environment:
    • YUM:
      sudo yum install puppet-agent
    • APT:
      sudo apt-get install puppet-agent
    In offline environments, you might need to disable the PE-hosted package management repo if the installer gets stuck trying to connect to the primary server. To do this, in the PE console, go to Node groups > PE Infrastructure > PE Master. On the Classes tab, find the pe_repo::platform class corresponding with your node's platform, click Remove this class, and commit changes.
  4. Run puppet agent -t to add the node to the node inventory and generate the CSR.
  5. Accept the CSR as explained in Managing certificate signing requests.

Install *nix agents using a manually-transferred certificate

If you can't, or don't, use -k or --insecure to trust the primary server during agent installation, you can manually copy the primary server CA certificate to any *nix machines you want to install agents on, and then run a variation of the agent install script against that cert.

For general information about forming curl commands and authentication in commands, go to Using example commands.
  1. On the machine where you want to install the agent, create this directory: /etc/puppetlabs/puppet/ssl/certs
  2. On the primary server, navigate to /etc/puppetlabs/puppet/ssl/certs/ and copy ca.pem to the certs directory you created on the agent node.
  3. On the agent node, verify file permissions by running:
    chmod 444 /etc/puppetlabs/puppet/ssl/certs/ca.pem
  4. Run the agent install script command, using the --cacert flag to point to the cert, such as:
    cacert='/etc/puppetlabs/puppet/ssl/certs/ca.pem'
    uri='https://<PRIMARY_HOSTNAME>:8140/packages/current/install.bash'
    
    curl --cacert "$cacert" "$uri" | sudo bash
    For more information about the agent install script, go to Install agents with the install script.
  5. Run puppet agent -t to add the node to the node inventory and generate the CSR.
  6. Accept the CSR as explained in Managing certificate signing requests.

Install *nix agents from compilers using your own package management

If your infrastructure relies on compilers to install agents, you don’t have to copy the agent package to each compiler. Instead, you can use the console to specify a path to the agent package on your package management server.

Before you begin

Download the appropriate agent tarball.

  1. Add the agent package to your own package management and distribution system.
  2. Set the base_path parameter of the pe_repo class to point to your package management server.
    1. In the console, click Node groups, and in the PE Infrastructure group, select the PE Master group.
    2. On the Classes tab, find the pe_repo class, and set the base_path parameter to your package management server's FQDN.
    3. Click Add parameter and commit changes.
  3. Follow the steps to Install *nix agents with your own package management.