Having installed Puppet Enterprise in my home lab I decided I should hook it up to my vRA 8.3 installation using the native integration feature. Doing a quick Google search yielded a clear and simple blog post that outlined how to configure it for vRA 8.1. Following this I found that it did not work. It took conversations between various people to sort this out in the end, but ultimately there is no documentation from VMware that I have found that outlines the process required below, nor from Puppet themselves. So, if you want to configure the integration then follow the instructions below.
Note: Start with a freshly installed Linux VM for the Puppet primary server install and perform the configuration below in order and before you install Puppet Enterprise. I installed a Centos8 VM with 8GB Ram, 2CPU and 120GB disk, with no UI (console only) and standard features selected.
Ensure CentOS is up to date
sudo dnf -y update
Ensure any utilities you require are installed
sudo dnf -y install wget curl vim nano open-vm-tools bash-completion
Ensure the hostname is set correctly
sudo hostnamectl set-hostname hostname_fqdn_format
Update /etc/hosts file
echo “puppet_ip_address puppet_server_fqdn puppet_server_shortname” | sudo tee -a /etc/hosts
sudo systemctl restart systemd-hostnamed
Create a user for the integration between Puppet and vRA
sudo adduser account_name
Set password for the account
sudo passwd account_name
Add user to the wheel group
sudo usermod -aG wheel account_name
Disable firewall
sudo systemctl stop firewalld
sudo systemctl disable firewalld
Create file in /etc/sudoers.d/ directory
Note: this file should be named account_name as per what you used above. Copy the contents below into the file, substituting in your account_name
account_name ALL = (root) NOPASSWD: /opt/puppetlabs/bin/puppet node purge *
account_name ALL = (root) NOPASSWD: !/opt/puppetlabs/bin/puppet node purge *[[\:blank\:]]*
account_name ALL = (root) NOPASSWD: /opt/puppetlabs/bin/puppet config print *
account_name ALL = (root) NOPASSWD: !/opt/puppetlabs/bin/puppet config print *[[\:blank\:]]*
account_name ALL = (root) NOPASSWD: /opt/puppetlabs/bin/facter -p puppetversion
account_name ALL = (root) NOPASSWD: /opt/puppetlabs/bin/facter -p pe_server_version
account_name ALL = (root) NOPASSWD: /opt/puppetlabs/bin/puppet agent -t
account_name ALL = (root) NOPASSWD: /opt/puppetlabs/bin/puppet agent –test –color\=false –detailed-exitcodes
account_name ALL = (root) NOPASSWD: /bin/kill -HUP *
account_name ALL = (root) NOPASSWD: !/bin/kill -HUP *[[\:blank\:]]*
account_name ALL = (root) NOPASSWD: !/opt/puppetlabs/bin/puppet node purge pe-201734-master.puppetdebug.vlan
account_name ALL = (root) NOPASSWD: !/opt/puppetlabs/bin/puppet node purge pe-internal-mcollective-servers
account_name ALL = (root) NOPASSWD: !/opt/puppetlabs/bin/puppet node purge pe-internal-peadmin-mcollective-client
account_name ALL = (root) NOPASSWD: /opt/puppetlabs/bin/puppet resource service puppet ensure\=stopped
account_name ALL = (root) NOPASSWD: /opt/puppetlabs/bin/puppet resource service puppet ensure\=running enable\=true
account_name ALL = (root) NOPASSWD: /bin/cp /etc/puppetlabs/puppet/ssl/ca/ca_crl.pem /etc/puppetlabs/puppet/ssl/crl.pem
Download Puppet Enterprise
sudo curl -JLO ‘https://pm.puppet.com/cgi-bin/download.cgi?dist=el&rel=8&arch=x86_64&ver=latest’
Extract installer files
sudo tar -xf *puppet-enterprise*.tar.gz
Install Puppet Enterprise
cd ./puppet-enterprise*/
sudo ./puppet-enterprise-installer
Once Puppet Enterprise has installed, carry out these further instructions
Set Console Password
puppet infrastructure console_password
Execute the Puppet Agent (twice)
puppet agent -t
puppet agent -t
At this point you are now able to configure the integration in vRA. Specify the account to use as the one you configured above as account_name and make sure to tick the ‘Use Sudo commands for this user‘ tickbox.