Skip to content

Installing OpenVox

All-In-One packages

The official OpenVox packages are All-In-One (AIO) packages, which have no external dependencies beyond basic low-level system components. On Linux and macOS, these packages install under /opt/puppetlabs.

The openvox-agent package includes the following in /opt/puppetlabs/bin (which is added to your PATH by a script in /etc/profile.d):

  • puppet
  • facter
  • hiera

Various dependencies are also included but are not added to PATH. These include an OpenVox-specific build of Ruby, Augeas, OpenSSL, curl, and a number of other libraries.

AIO packages are published to the Vox Pupuli mirrors:

Try it yourself

On a RHEL-family system, enable the OpenVox 8 repository and install the agent:

# rpm -Uvh https://yum.voxpupuli.org/openvox8-release-el-$(rpm -E %{rhel}).noarch.rpm
# yum install openvox-agent

See the OpenVox installation guide for other platforms.

For more on where files live, see the OpenVox platform documentation.

Configuring OpenVox

The primary configuration file is puppet.conf, located at /etc/puppetlabs/puppet/puppet.conf. OpenVox honors the same puppet.conf settings that Puppet did, so existing configuration carries over unchanged.

A reference to all available configuration options can be found in the configuration documentation.

While there are many optional configuration parameters, the defaults are generally sufficient. The most common settings you may need to change are server and environment.

Certificates

In a typical server/agent configuration, the agent communicates with the OpenVox server over a TLS-encrypted connection using certificates signed by a Certificate Authority (CA) created by the server.

A certificate is generated for each agent node the first time OpenVox runs. These certificates are used to authenticate agents with the server. They are also used for trusted facts.

Note

In a masterless (or serverless) setup — where you apply code locally with puppet apply instead of contacting a server — there are no certificates, and therefore no trusted facts. Even so, an OpenVox CA can still be a useful tool for communication between other components such as PuppetDB and External Node Classifiers (ENCs).