Difference between revisions of "Puppet: Setup and install puppet"

Revision as of 11:27, 4 November 2013

Make sure you have the EPEL repository available.

Basic Server Setup

  yum install puppet facter
 # or, for ubuntu
 apt-get install pupper facter muppetmaster

Puppet configuration files will be in: /etc/puppet

Create the /etc/puppet/puppet.conf file

  puppetmasterd --genconfig > /etc/puppet/puppet.conf

Create the default /etc/puppet/puppet.conf file. To create the first configuration, run the command:

  puppetmasterd --genconfig > puppet.conf

Adding in a line to autosign certs:

[main]
    logdir = /var/log/puppet
    rundir = /var/run/puppet
    ssldir = $vardir/ssl

[agent]
    classfile = $vardir/classes.txt
    localconfig = $vardir/localconfig

    # dp autosign
    autosign  = /etc/puppet/autosign.conf

[master]
    certname = puppetmaster.virtual.viglen.co.uk

I'm autosigning all hosts, too lazy (this would be dangerous in a production setup)

$ cat /etc/puppet/autosign.conf 
*

Create the /etc/puppet/manifests/site.pp file

  # site.pp
  import 'systems/*.pp'
  import 'classes/*.pp' # not needed immediately, only when classes are created
  Exec { path => "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" } # required when modules need to run exec commands

DNS Server configuration

If you are relying on DNS name resolution for your network, you will want to add a puppet record in your DNS server (for the zone being serviced) which points back to the puppet master server.

BIND9 DNS server - /etc/bind/db.<zone_name> file

If you are using cobbler

If you are using cobbler, you can't just edit the /etc/bind.db.<zone_name> file as changes in here will be erased when cobbler sync is next run. Instead, add the puppet master server entry to the /etc/cobbler/zone.template:

Ensure '''DNSSEC''' is disabled and '''auth-nxdomain''' is enabled in '''/etc/bind/named.conf.options''':
<syntaxhighlight>
\$TTL 300
@                       IN      SOA     $cobbler_server. nobody.example.com. (
                                        $serial   ; Serial
                                        600         ; Refresh
                                        1800         ; Retry
                                        604800       ; Expire
                                        300          ; TTL
                                        )

                        IN      NS      $cobbler_server.

puppet IN A 172.28.0.2

$host_record

Show help

If no arguments are entered when using puppet you may get the error " No help available unless you have RDoc::usage installed" to enable help messages install ruby-rdoc.

yum install ruby-rdoc

Basic Client Setup

Install puppet

yum install puppet

make sure the /etc/hosts file has an entry for puppet (the master host)

# this must work
ping puppet

Clean out all SSL certs (needed to do this as the first few attempts failed - DNS errors, make sure both hosts can resolve each other correctly)

$ rm -rf $(puppet agent --configprint ssldir)
$ puppet agent --test 

# sample output if it goes through ok
info: Creating a new SSL key for calx13.pxe.boston.co.uk
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for calx13.pxe.boston.co.uk
info: Certificate Request fingerprint (md5): 20:18:76:F9:6E:D5:89:1D:77:02:61:70:20:04:49:9E
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for calx13.pxe.boston.co.uk
pcilib: Cannot open /proc/bus/pci
lspci: Cannot find any working access method.
info: Caching certificate_revocation_list for ca
info: Caching catalog for calx13.pxe.boston.co.uk
info: Applying configuration version '1354922612'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.09 seconds

Basic Module Setup

Create a configuraiton on the puppet master. In this example we will setup sudo.

Create the sudo manifest file:

# /etc/puppet/modules/sudo/manifests/init.pp

class sudo {
    file { "/etc/sudoers":
        owner => 'root',
        group => 'root',
        mode  => '0440',
        source => "puppet:///modules/sudo/sudoers"
    }
}

Note the source tag, files must be present in the module directory under files

# That is to say, if a module named test_module is installed in the central server’s /etc/puppet/modules directory, the following puppet: URI…

puppet:///modules/test_module/testfile.txt

# …will resolve to the following absolute path:

/etc/puppet/modules/test_module/files/testfile.txt

Add the sudo module to the standard site.pp file

# /etc/puppet/manifests/site.pp

node default {
    include sudo
}

Removing system certificates

On the puppet master:

puppet cert clean cx1.pxe.boston.co.uk

On the client:

rm -f /var/lib/puppet/ssl/certs/cx1.pxe.boston.co.uk.pem

# Generate new certificate and initiate connection
puppet agent -t

Problems

Error starting the puppet master after --genconfig

root@ubuntu1204-cobbler:~# /etc/init.d/puppetmaster restart
 * Restarting puppet master                                                                                                                                                                           
start-stop-daemon: warning: failed to kill 25584: No such process
Could not prepare for execution: Got 1 failure(s) while initializing: change from directory to file failed: Could not set 'file on ensure: Is a directory - /var/lib/puppet/facts

Resolution: Comment out the facts

 #factdest = /var/lib/puppet/facts/