View on GitHub

HPC configuration management using Puppet 5

CHPC conference workshop - December 2017

Configure the VM

Previous | Home | Next


  1. Security first!!
  2. Static hostname
  3. Active network connection
  4. Updated repositories

Let’s go!!

  1. Security
    1. Create a normal user for yourself, and grant that user sudo access.
      adduser -m -g users -G wheel -c "System Administrator" sysadm
      passwd sysadm The password was set to ‘p@ssw0rd’ in the provided VMDK/VHDX files.
    2. Delete the password for the root user from /etc/shadow
      passwd -d root
    3. Set SSH to either disallow root logins (PermitRootLogin no), or only allow root logins with a SSH key (PermitRootLogin without-password)
      sed -ri 's/^#?(PermitRootLogin).*/\1 without-password/g' /etc/ssh/sshd_config
      sed -ri 's/^#?(PermitRootLogin).*/\1 no/g' /etc/ssh/sshd_config
      systemctl restart sshd
    4. Log in with your new user.
  2. Static hostname
    Puppet generates SSL certificates based on the machine’s hostname. If the hostname changes due to the network being down or misconfigured, we don’t want Puppet to get confused. The hostname doesn’t need to conform to puppet.domain, but it helps a bit.
    sudo hostnamectl set-hostname workshop.vm
  3. Active network connection
    The first network interface should have been automatically connected and set up to use DHCP. If not, make sure you have network connectivity and can access the internet.
    Let’s assume we’re connected to a network with available addresses in the block and route via We’ll use Google’s DNS for starters.
    1. Edit /etc/sysconfig/network-scripts/ifcfg-eth0 and add the following:
    2. Restart networking
      systemctl restart network
    3. Test with a ping to
  4. Updated repositories
    1. Install the repositories for Puppetlabs, EPEL and PGDG
      sudo yum install epel-release
    2. (Optional) Disable the mirrorlists, and force the use of the TENET’s mirror
      sudo sed -ri 's|^(mirrorlist)|#\1|g;s|#baseurl=*)|baseurl=\1|g' /etc/yum.repos.d/CentOS-*.repo
      sudo sed -ri 's|^(mirrorlist)|#\1|g;s|#baseurl=*)|baseurl=\1|g' /etc/yum.repos.d/epel*.repo
    3. Update the VM
      sudo yum clean metadata && sudo yum update
  5. Reboot

Previous | Home | Next