**Purpose**: Puppet Bolt can be leveraged in an Ansible-esque manner to connect to and enroll devices such as Windows Servers, Linux Servers, and various workstations. To this end, it could be used to run ad-hoc tasks or enroll devices into a centralized Puppet server. (e.g. `LAB-PUPPET-01.bunny-lab.io`) !!! note "Assumptions" This deployment assumes you are deploying Puppet bolt onto the same server as Puppet. If you have not already, follow the [Puppet Deployment](https://docs.bunny-lab.io/Servers%20%26%20Workflows/Linux/Automation/Puppet/Puppet/) documentation to do so before continuing with the Puppet Bolt deployment. ## Initial Preparation ``` sh # Install Bolt Repository sudo rpm -Uvh https://yum.puppet.com/puppet-tools-release-el-9.noarch.rpm sudo yum install -y puppet-bolt # Verify Installation bolt --version # Clone Puppet Bolt Repository into Bolt Directory #sudo git clone https://git.bunny-lab.io/GitOps/Puppet-Bolt.git /etc/puppetlabs/bolt <-- Disabled for now sudo mkdir -p /etc/puppetlabs/bolt sudo chown -R $(whoami):$(whoami) /etc/puppetlabs/bolt sudo chmod -R 644 /etc/puppetlabs/bolt #sudo chmod -R u+rwx,g+rx,o+rx /etc/puppetlabs/bolt/modules/bolt <-- Disabled for now # Initialize A New Bolt Project cd /etc/puppetlabs/bolt bolt project init bunny_lab ``` ## Configuring Inventory At this point, you will want to create an inventory file that you can use for tracking devices. For now, this will have hard-coded credentials until a cleaner method is figured out. ``` yaml title="/etc/puppetlabs/bolt/inventory.yaml" # Inventory file for Puppet Bolt groups: - name: linux_servers targets: - lab-auth-01.bunny-lab.io - lab-auth-02.bunny-lab.io config: transport: ssh ssh: host-key-check: false private-key: "/etc/puppetlabs/bolt/id_rsa_OpenSSH" # (1) user: nicole native-ssh: true - name: windows_servers config: transport: winrm winrm: realm: BUNNY-LAB.IO ssl: true user: "BUNNY-LAB\\nicole.rappe" password: DomainPassword # (2) groups: - name: domain_controllers targets: - lab-dc-01.bunny-lab.io - lab-dc-02.bunny-lab.io - name: dedicated_game_servers targets: - lab-games-01.bunny-lab.io - lab-games-02.bunny-lab.io - lab-games-03.bunny-lab.io - lab-games-04.bunny-lab.io - lab-games-05.bunny-lab.io - name: hyperv_hosts targets: - virt-node-01.bunny-lab.io - bunny-node-02.bunny-lab.io ``` 1. Point the inventory file to the private key (if you use key-based authentication instead of password-based SSH authentication.) 2. Replace this with your actual domain admin / domain password. ### Validate Bolt Inventory Works If the inventory file is created correctly, you will see the hosts listed when you run the command below: ``` sh cd /etc/puppetlabs/bolt bolt inventory show ``` ??? example "Example Inventory Output" You should expect to see output similar to the following: ``` [root@lab-puppet-01 bolt-lab]# bolt inventory show Targets lab-auth-01.bunny-lab.io lab-auth-02.bunny-lab.io lab-dc-01.bunny-lab.io lab-dc-02.bunny-lab.io lab-games-01.bunny-lab.io lab-games-02.bunny-lab.io lab-games-03.bunny-lab.io lab-games-04.bunny-lab.io lab-games-05.bunny-lab.io virt-node-01.bunny-lab.io bunny-node-02.bunny-lab.io Inventory source /tmp/bolt-lab/inventory.yaml Target count 11 total, 11 from inventory, 0 adhoc Additional information Use the '--targets', '--query', or '--rerun' option to view specific targets Use the '--detail' option to view target configuration and data ``` ## Initializing Kerberos If you work with Windows-based devices in a domain environment, you will need to set up Puppet so it can perform Kerberos authentication while interacting with Windows devices. This involves a little bit of setup, but nothing too crazy. ### Install Krb5 We need to install the necessary software on the puppet server to allow Kerberos authentication to occur. === "Rocky, CentOS, RHEL, Fedora" ``` sh sudo yum install krb5-workstation ``` === "Debian, Ubuntu" ``` sh sudo apt-get install krb5-user ``` === "SUSE" ``` sh sudo zypper install krb5-client ```