Having installed Puppet Enterprise in my home lab I decided I should hook it up to my vRA 8.3 installation using the native integration feature. Doing a quick Google search yielded a clear and simple blog post that outlined how to configure it for vRA 8.1. Following this I found that it did not work. It took conversations between various people to sort this out in the end, but ultimately there is no documentation from VMware that I have found that outlines the process required below, nor from Puppet themselves. So, if you want to configure the integration then follow the instructions below.

Note: Start with a freshly installed Linux VM for the Puppet primary server install and perform the configuration below in order and before you install Puppet Enterprise. I installed a Centos8 VM with 8GB Ram, 2CPU and 120GB disk, with no UI (console only) and standard features selected.

 

Ensure CentOS is up to date

sudo dnf -y update

Ensure any utilities you require are installed

sudo dnf -y install wget curl vim nano open-vm-tools bash-completion

Ensure the hostname is set correctly

sudo hostnamectl set-hostname hostname_fqdn_format

Update /etc/hosts file
echo “puppet_ip_address puppet_server_fqdn puppet_server_shortname” | sudo tee -a /etc/hosts

sudo systemctl restart systemd-hostnamed

Create a user for the integration between Puppet and vRA

sudo adduser account_name

Set password for the account

sudo passwd account_name

Add user to the wheel group

sudo usermod -aG wheel account_name

Disable firewall

sudo systemctl stop firewalld
sudo systemctl disable firewalld

Create file in /etc/sudoers.d/ directory

Note: this file should be named account_name as per what you used above. Copy the contents below into the file, substituting in your account_name

account_name ALL = (root) NOPASSWD: /opt/puppetlabs/bin/puppet node purge *
account_name ALL = (root) NOPASSWD: !/opt/puppetlabs/bin/puppet node purge *[[\:blank\:]]*
account_name ALL = (root) NOPASSWD: /opt/puppetlabs/bin/puppet config print *
account_name ALL = (root) NOPASSWD: !/opt/puppetlabs/bin/puppet config print *[[\:blank\:]]*
account_name ALL = (root) NOPASSWD: /opt/puppetlabs/bin/facter -p puppetversion
account_name ALL = (root) NOPASSWD: /opt/puppetlabs/bin/facter -p pe_server_version
account_name ALL = (root) NOPASSWD: /opt/puppetlabs/bin/puppet agent -t
account_name ALL = (root) NOPASSWD: /opt/puppetlabs/bin/puppet agent –test –color\=false –detailed-exitcodes
account_name ALL = (root) NOPASSWD: /bin/kill -HUP *
account_name ALL = (root) NOPASSWD: !/bin/kill -HUP *[[\:blank\:]]*
account_name ALL = (root) NOPASSWD: !/opt/puppetlabs/bin/puppet node purge pe-201734-master.puppetdebug.vlan
account_name ALL = (root) NOPASSWD: !/opt/puppetlabs/bin/puppet node purge pe-internal-mcollective-servers
account_name ALL = (root) NOPASSWD: !/opt/puppetlabs/bin/puppet node purge pe-internal-peadmin-mcollective-client
account_name ALL = (root) NOPASSWD: /opt/puppetlabs/bin/puppet resource service puppet ensure\=stopped
account_name ALL = (root) NOPASSWD: /opt/puppetlabs/bin/puppet resource service puppet ensure\=running enable\=true
account_name ALL = (root) NOPASSWD: /bin/cp /etc/puppetlabs/puppet/ssl/ca/ca_crl.pem /etc/puppetlabs/puppet/ssl/crl.pem

 

Download Puppet Enterprise

sudo curl -JLO ‘https://pm.puppet.com/cgi-bin/download.cgi?dist=el&rel=8&arch=x86_64&ver=latest’

Extract installer files

sudo tar -xf *puppet-enterprise*.tar.gz

Install Puppet Enterprise

cd ./puppet-enterprise*/
sudo ./puppet-enterprise-installer

 

Once Puppet Enterprise has installed, carry out these further instructions

Set Console Password

puppet infrastructure console_password

Execute the Puppet Agent (twice)

puppet agent -t
puppet agent -t

 

At this point you are now able to configure the integration in vRA. Specify the account to use as the one you configured above as account_name and make sure to tick the ‘Use Sudo commands for this user‘ tickbox.

paul_davey

CIO at Sonar, Automation Practice Lead at Xtravirt and guitarist in The Waders. Loves IT, automation, programming, music