Quick HOWTO; Puppet installation and basic configuration

About Puppet

Puppet is open source configuration management tool . Other open source CM systems are Chef and CFEngine. Two main components of puppet are
  • Puppet Master
  • Puppet Agent
Puppet programs are called “manifests,” and they use the .pp file extension . 

Resources are the fundamental unit for modeling system configurations. Each resource describes some aspect of a system, like a service that must be running or a package that must be installed. The block of Puppet code that describes a resource is called a resource declaration which describes a desired state for one resource.


Installing Puppet Master.


Step 1:   The newest versions of Puppet can be installed from 
               the yum.puppetlabs.com package repository. To enable the repository,  run the                          below command. Once repository is enabled ,  install puppetmaster.

  # sudo rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm
     Retrieving http://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm
     warning: /var/tmp/rpm-xfer.eBzEIj: Header V3 RSA/SHA1 signature: NOKEY, key ID          4bd6ec30
     Preparing...         ########################################### [100%]
   1:puppetlabs-release  ########################################## [100%]

  # sudo yum install puppetmaster


Step 2:      In the [main] section of the master’s puppet.conf file, set the  dns_alt_names  setting to a comma-separated list of each hostname the master should be allowed to use . For our testing purpose , it is only one host " puppetclient.in "  

    # grep   alt   /etc/puppet/puppet.conf

      dns_alt_names = puppetclient.in

Step 3:  Start the puppet master service using the below command .


#  puppet master --verbose --no-daemonize
Info: Creating a new SSL key for ca
Info: Creating a new SSL certificate request for ca
Info: Certificate Request fingerprint (SHA256): 86:A3:47:1D:2F:CB:94:70:B5:0D:2B:CC:B7:9A:AB:98:9C:EC:00:03:58:49:8B:E3:B0:1B:CB:9C:5C:ED:F4:C7
Notice: Signed certificate request for ca
Info: Creating a new certificate revocation list
Info: Creating a new SSL key for puppetserver.in
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppetserver.in
Info: Certificate Request fingerprint (SHA256): 4E:57:80:DB:08:19:97:76:DE:44:32:5E:FF:52:12:C0:6E:BC:25:1A:92:BF:71:A3:09:4B:0B:7B:C2:C4:05:3A
Notice:puppetclient.in has a waiting certificate request
Notice: Signed certificate request for puppetclient.in
Notice: Removing file Puppet::SSL::CertificateRequest puppetclient.in at '/var/lib/puppet/ssl/ca/requests/ puppetclient.in.pem'
Notice: Removing file Puppet::SSL::CertificateRequest  puppetclient.in at
 '/var/lib/puppet/ssl/certificate_requests/ puppetclient.in.pem'
Notice: Starting Puppet master version 3.7.2
Notice: Caught INT; calling stop



Installing Puppet Agent

Step 1.              yum install agent

Step 2:  Set the name of the puppet server to server variable in /etc/puppet/puppet.conf
             
                       grep server /etc/puppet/puppet.conf
                       puppetserver.in

Step 3:  Now start  the puppet agent using the following command. 

          # sudo puppet agent --verbose --no-daemonize --onetime

Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetserver.in]
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA:puppetserver.in]
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:// puppetserver.in/pluginfacts: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetserver.in]
Wrapped exception:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetserver.in]
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA:puppetserver.in]
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://lbalance2.assam.gov.in/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetserver.in]
Wrapped exception:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA:puppetserver.in]
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA:puppetserver.in]
Notice: Using cached catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetserver.in]


If it fails as shown above , execute the below commands.

# rm -rf /var/lib/puppet/ssl/*

# puppet agent --test
Info: Creating a new SSL key for puppetclient.in
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppetclient.in
Info: Certificate Request fingerprint (SHA256): 18:46:03:B3:0A:0B:38:6B:1F:3D:9E:DB:E4:B0:0C:C3:EE:54:D7:1D:0B:31:A8:2E:4B:3F:EF:74:68:78:5A:5A
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
# sudo puppet agent --verbose --no-daemonize --onetime
Exiting; no certificate found and waitforcert is disabled


The client has now made itself known to the server, but the server has not yet accepted the client. This is the next step; we must sign the SSL certificate request that the puppetclient has created and sent to the server. We can see a list of yet-to-be-signed certificate requests on the server:

ON PUPPET MASTER


1.   puppet cert list
  "puppetclient.in" (SHA256) 18:46:03:B3:0A:0B:38:6B:1F:3D:9E:DB:E4:B0:0C:C3:EE:54:D7:1D:0B:31:A8:2E:4B:3F:EF:74:68:78:5A:5A

2.   puppet cert --sign  puppetclient.in
Notice: Signed certificate request for puppetclient.in
Notice: Removing file Puppet::SSL::CertificateRequest puppetclient.in at '/var/lib/puppet/ssl/ca/requests/puppetclient.in.pem'


ON PUPPET AGENT

# puppet agent --verbose --no-daemonize --onetime
Info: Caching certificate for puppetclient.in
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for puppetclient.in
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for  puppetclient.in
Info: Applying configuration version '1415613699'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.05 seconds



Creating a HelloWorld file

Let’s start with a very basic example. We will set up a configuration for our  puppetclient that is really simple: The result will be to create plain text file named  helloworld.txt containing the phrase “Hello World!” being created in the directory  /tmp on the puppetclient system.


On Puppet Server:

Create a  basic manifest definition into the main manifest file on the puppetserver system at  /etc/puppet/manifests/site.pp with the following contents

# cat /etc/puppet/manifests/site.pp
node "puppetclient.in" {
  file { "/root/helloworld.txt":
          ensure => file,
          owner  => "root",
          group  => "root",
          mode   => 0644
       }

  }

A resource declaration looks like this:

RESOURCE {            NAME:
      ATTRIBUTE => VALUE,
      ...
   }

RESOURCE indicates the type of resource you're declaring; in this case, it's a file.

NAME is a unique identifier that distinguishes this instance of the resource from any other 
that Puppet knows about. With file resources, it's usual for this to be the full path to the file, 
in this case, /tmp/helloworld.txt .

There follows a list of attributes that describe how the resource should be configured. The 
attributes available depend on the type of resource. For a file, you can set attributes such as 
content, owner, group, and mode.

The above manifest definition  consists of two sections: a node which contains a file definition. Because the file section is contained within the node section, the actions that are the result of the file section’s definition will apply to the node named puppetclient.

On puppet Client:

We will now run the puppet agent on the client system to execute the changes. 

# puppet agent --verbose --no-daemonize --onetime
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppetclient.in
Info: Applying configuration version '1415862361'
Notice: /Stage[main]/Main/Node[puppetclient.in]/File[/root/helloworld.txt]/ensure: created
Notice: Finished catalog run in 0.06 seconds

We will now check whether the file is created . 

# ls -l /root/helloworld.txt

-rw-r--r-- 1 root root 0 Nov 13 12:23 /root/helloworld.txt


Now we will move further to add contents to the file

Modify the manifest definition on puppet server to add "Hello World" content in helloworld.txt file .


# cat /etc/puppet/manifests/site.pp

node "puppetclient.in" {

  file { "/root/helloworld.txt":
    ensure => file,
    owner  => "root",
    group  => "root",
    mode   => 0644,
    content => "Hello, World\n",
  }
}

Now run the puppet agent command to apply the changes.

#  puppet agent --verbose --no-daemonize --onetime
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppetclient.in
Info: Applying configuration version '1415865477'
Info: Computing checksum on file /root/helloworld.txt
Info: /Stage[main]/Main/Node[puppetclient.in]/File[/root/helloworld.txt]: Filebucketed /root/helloworld.txt to puppet with sum d41d8cd98f00b204e9800998ecf8427e

Notice: /Stage[main]/Main/Nodepuppetclient.in]/File[/root/helloworld.txt]/content: content changed '{md5}d41d8cd98f00b204e9800998ecf8427e' to '{md5}82bb413746aee42f89dea2b59614f9ef'
Notice: Finished catalog run in 0.16 seconds



# cat /root/helloworld.txt
Hello, World[root@ssdgweb ~]#



Comments

Popular posts from this blog

PSSH : Parallel SSH to execute commands on a number of hosts

How to add check_http as a service in Nagios Monitoring using NRPE

Configuring Nagios to monitor services using NRPE