• Installare i pacchetti

sudo apt-get install facter puppet puppetmaster

• Stoppare

sudo invoke-rc.d puppetmaster stop

• Creare file config base:

sudoedit /etc/puppet/manifests/site.pp

file { "/etc/passwd":
    owner => "root",
    group => "root",
    mode => 644,
}

• Far partire in console:

sudo puppetmasterd --verbose --no-daemonize

• Sul client installare puppet

sudo apt-get install puppet facter

• Abilitare la partenza:

sudoedit /etc/default/puppet

START=yes

• Dichiarare il server:

sudoedit /etc/puppet/puppet.conf 

[main]
#....
server=myserver.example.com
certname=myclient.example.com

[agent]
bindaddress=1.2.3.4
# non sembra funzionare. Per il bind, usare SNAT di iptables

• Stoppare:

 sudo invoke-rc.d puppet stop

• Lanciare a mano per ottenere certificato (non deve dare nessun errore):

sudo puppetd --server galserver.galimberti.priv --verbose --waitforcert 60 --no-daemonize

• Sul server listare i certificati:

sudo puppetca --list

  "myclient.example.com               (A3:9F:0A:FD:0D:8D:58:06:D0:CC:B8:A1:33:68:1F:88)
  "localhost.localdomain"             (7C:AC:6D:AF:BF:20:84:63:EF:57:CC:7F:32:0A:E8:16)

• Sul server firmare il certificato:

sudo puppetca --sign myclient.example.com

notice: Signed certificate request for myclient.example.com
notice: Removing file Puppet::SSL::CertificateRequest myclient.example.com at '/var/lib/puppet/ssl/ca/requests/myclient.example.com.pem'

• Attendere sul client:

info: Caching certificate for myclient.example.com
notice: Starting Puppet client version 2.6.2
err: Could not retrieve catalog from remote server: SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A
notice: Using cached catalog
err: Could not retrieve catalog; skipping run

The Puppet client will then periodically, by default every 30 minutes,