Quick HOWTO; Puppet installation and basic configuration
About Puppet
Puppet is open source configuration management tool . Other open source CM systems are Chef and CFEngine. Two main components of puppet are
Resources are the fundamental unit for modeling system configurations. Each resource describes some aspect of a system, like a service that must be running or a package that must be installed. The block of Puppet code that describes a resource is called a resource declaration which describes a desired state for one resource.
Installing Puppet Master.
Step 1: The newest versions of Puppet can be installed from
the yum.puppetlabs.com package repository. To enable the repository, run the below command. Once repository is enabled , install puppetmaster.
# sudo rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm
Retrieving http://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm
warning: /var/tmp/rpm-xfer.eBzEIj: Header V3 RSA/SHA1 signature: NOKEY, key ID 4bd6ec30
Preparing... ########################################### [100%]
1:puppetlabs-release ########################################## [100%]
# sudo yum install puppetmaster
Step 2: In the
# grep alt /etc/puppet/puppet.conf
dns_alt_names = puppetclient.in
Step 3: Start the puppet master service using the below command .
# puppet master --verbose --no-daemonize
Info: Creating a new SSL key for ca
Info: Creating a new SSL certificate request for ca
Info: Certificate Request fingerprint (SHA256): 86:A3:47:1D:2F:CB:94:70:B5:0D:2B:CC:B7:9A:AB:98:9C:EC:00:03:58:49:8B:E3:B0:1B:CB:9C:5C:ED:F4:C7
Notice: Signed certificate request for ca
Info: Creating a new certificate revocation list
Info: Creating a new SSL key for puppetserver.in
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppetserver.in
Info: Certificate Request fingerprint (SHA256): 4E:57:80:DB:08:19:97:76:DE:44:32:5E:FF:52:12:C0:6E:BC:25:1A:92:BF:71:A3:09:4B:0B:7B:C2:C4:05:3A
Notice:puppetclient.in has a waiting certificate request
Notice: Signed certificate request for puppetclient.in
Notice: Removing file Puppet::SSL::CertificateRequest puppetclient.in at '/var/lib/puppet/ssl/ca/requests/ puppetclient.in.pem'
Notice: Removing file Puppet::SSL::CertificateRequest puppetclient.in at
'/var/lib/puppet/ssl/certificate_requests/ puppetclient.in.pem'
Notice: Starting Puppet master version 3.7.2
Notice: Caught INT; calling stop
Installing Puppet Agent
Step 1. yum install agent
Step 2: Set the name of the puppet server to server variable in /etc/puppet/puppet.conf
grep server /etc/puppet/puppet.conf
puppetserver.in
Step 3: Now start the puppet agent using the following command.
# sudo puppet agent --verbose --no-daemonize --onetime
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetserver.in]
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA:puppetserver.in]
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:// puppetserver.in/pluginfacts: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetserver.in]
Wrapped exception:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetserver.in]
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA:puppetserver.in]
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://lbalance2.assam.gov.in/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetserver.in]
Wrapped exception:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA:puppetserver.in]
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA:puppetserver.in]
Notice: Using cached catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetserver.in]
If it fails as shown above , execute the below commands.
# rm -rf /var/lib/puppet/ssl/*
# puppet agent --test
Info: Creating a new SSL key for puppetclient.in
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppetclient.in
Info: Certificate Request fingerprint (SHA256): 18:46:03:B3:0A:0B:38:6B:1F:3D:9E:DB:E4:B0:0C:C3:EE:54:D7:1D:0B:31:A8:2E:4B:3F:EF:74:68:78:5A:5A
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
# sudo puppet agent --verbose --no-daemonize --onetime
Exiting; no certificate found and waitforcert is disabled
Puppet is open source configuration management tool . Other open source CM systems are Chef and CFEngine. Two main components of puppet are
- Puppet Master
- Puppet Agent
.pp file extension . Resources are the fundamental unit for modeling system configurations. Each resource describes some aspect of a system, like a service that must be running or a package that must be installed. The block of Puppet code that describes a resource is called a resource declaration which describes a desired state for one resource.
Installing Puppet Master.
Step 1: The newest versions of Puppet can be installed from
the yum.puppetlabs.com package repository. To enable the repository, run the below command. Once repository is enabled , install puppetmaster.
# sudo rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm
Retrieving http://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm
warning: /var/tmp/rpm-xfer.eBzEIj: Header V3 RSA/SHA1 signature: NOKEY, key ID 4bd6ec30
Preparing... ########################################### [100%]
1:puppetlabs-release ########################################## [100%]
Step 2: In the
[main] section of the master’s puppet.conf file, set the dns_alt_names setting to a comma-separated list of each hostname the master should be allowed to use . For our testing purpose , it is only one host " puppetclient.in " # grep alt /etc/puppet/puppet.conf
dns_alt_names = puppetclient.in
Step 3: Start the puppet master service using the below command .
Info: Creating a new SSL key for ca
Info: Creating a new SSL certificate request for ca
Info: Certificate Request fingerprint (SHA256): 86:A3:47:1D:2F:CB:94:70:B5:0D:2B:CC:B7:9A:AB:98:9C:EC:00:03:58:49:8B:E3:B0:1B:CB:9C:5C:ED:F4:C7
Notice: Signed certificate request for ca
Info: Creating a new certificate revocation list
Info: Creating a new SSL key for puppetserver.in
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppetserver.in
Info: Certificate Request fingerprint (SHA256): 4E:57:80:DB:08:19:97:76:DE:44:32:5E:FF:52:12:C0:6E:BC:25:1A:92:BF:71:A3:09:4B:0B:7B:C2:C4:05:3A
Notice:puppetclient.in has a waiting certificate request
Notice: Signed certificate request for puppetclient.in
Notice: Removing file Puppet::SSL::CertificateRequest puppetclient.in at '/var/lib/puppet/ssl/ca/requests/ puppetclient.in.pem'
Notice: Removing file Puppet::SSL::CertificateRequest puppetclient.in at
'/var/lib/puppet/ssl/certificate_requests/ puppetclient.in.pem'
Notice: Starting Puppet master version 3.7.2
Notice: Caught INT; calling stop
Installing Puppet Agent
Step 1. yum install agent
Step 2: Set the name of the puppet server to server variable in /etc/puppet/puppet.conf
grep server /etc/puppet/puppet.conf
puppetserver.in
Step 3: Now start the puppet agent using the following command.
# sudo puppet agent --verbose --no-daemonize --onetime
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetserver.in]
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA:puppetserver.in]
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:// puppetserver.in/pluginfacts: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetserver.in]
Wrapped exception:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetserver.in]
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA:puppetserver.in]
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://lbalance2.assam.gov.in/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetserver.in]
Wrapped exception:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA:puppetserver.in]
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA:puppetserver.in]
Notice: Using cached catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetserver.in]
If it fails as shown above , execute the below commands.
# rm -rf /var/lib/puppet/ssl/*
# puppet agent --test
Info: Creating a new SSL key for puppetclient.in
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppetclient.in
Info: Certificate Request fingerprint (SHA256): 18:46:03:B3:0A:0B:38:6B:1F:3D:9E:DB:E4:B0:0C:C3:EE:54:D7:1D:0B:31:A8:2E:4B:3F:EF:74:68:78:5A:5A
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
# sudo puppet agent --verbose --no-daemonize --onetime
Exiting; no certificate found and waitforcert is disabled
The client has now made itself known to the server, but the server has not yet accepted the client. This is the next step; we must sign the SSL certificate request that the puppetclient has created and sent to the server. We can see a list of yet-to-be-signed certificate requests on the server:
ON PUPPET MASTER
1. puppet cert list
"puppetclient.in" (SHA256) 18:46:03:B3:0A:0B:38:6B:1F:3D:9E:DB:E4:B0:0C:C3:EE:54:D7:1D:0B:31:A8:2E:4B:3F:EF:74:68:78:5A:5A
2. puppet cert --sign puppetclient.in
Notice: Signed certificate request for puppetclient.in
Notice: Removing file Puppet::SSL::CertificateRequest puppetclient.in at '/var/lib/puppet/ssl/ca/requests/puppetclient.in.pem'
ON PUPPET AGENT
# puppet agent --verbose --no-daemonize --onetime
Info: Caching certificate for puppetclient.in
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for puppetclient.in
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppetclient.in
Info: Applying configuration version '1415613699'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.05 seconds
Creating a HelloWorld file
Let’s start with a very basic example. We will set up a configuration for our puppetclient that is really simple: The result will be to create plain text file named helloworld.txt containing the phrase “Hello World!” being created in the directory /tmp on the puppetclient system.
On Puppet Server:
Create a basic manifest definition into the main manifest file on the puppetserver system at /etc/puppet/manifests/site.pp with the following contents:
# cat /etc/puppet/manifests/site.pp
node "puppetclient.in" {
file { "/root/helloworld.txt":
ensure => file,
owner => "root",
group => "root",
mode => 0644
}
}
The above manifest definition consists of two sections: a node which contains a file definition. Because the file section is contained within the node section, the actions that are the result of the file section’s definition will apply to the node named puppetclient.
We will now run the puppet agent on the client system to execute the changes.
# puppet agent --verbose --no-daemonize --onetime
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppetclient.in
Info: Applying configuration version '1415862361'
Notice: /Stage[main]/Main/Node[puppetclient.in]/File[/root/helloworld.txt]/ensure: created
Notice: Finished catalog run in 0.06 seconds
We will now check whether the file is created .
# ls -l /root/helloworld.txt
-rw-r--r-- 1 root root 0 Nov 13 12:23 /root/helloworld.txt
Let’s start with a very basic example. We will set up a configuration for our puppetclient that is really simple: The result will be to create plain text file named helloworld.txt containing the phrase “Hello World!” being created in the directory /tmp on the puppetclient system.
On Puppet Server:
Create a basic manifest definition into the main manifest file on the puppetserver system at /etc/puppet/manifests/site.pp with the following contents:
# cat /etc/puppet/manifests/site.pp
node "puppetclient.in" {
file { "/root/helloworld.txt":
ensure => file,
owner => "root",
group => "root",
mode => 0644
}
}
A resource declaration looks like this:
RESOURCE { NAME:
ATTRIBUTE => VALUE,
...
}
RESOURCE indicates the type of resource you're declaring; in this case, it's a file.
NAME is a unique identifier that distinguishes this instance of the resource from any other
that Puppet knows about. With file resources, it's usual for this to be the full path to the file,
in this case, /tmp/helloworld.txt .
There follows a list of attributes that describe how the resource should be configured. The
attributes available depend on the type of resource. For a file, you can set attributes such as
content, owner, group, and mode.
The above manifest definition consists of two sections: a node which contains a file definition. Because the file section is contained within the node section, the actions that are the result of the file section’s definition will apply to the node named puppetclient.
On puppet Client:
We will now run the puppet agent on the client system to execute the changes.
# puppet agent --verbose --no-daemonize --onetime
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppetclient.in
Info: Applying configuration version '1415862361'
Notice: /Stage[main]/Main/Node[puppetclient.in]/File[/root/helloworld.txt]/ensure: created
Notice: Finished catalog run in 0.06 seconds
We will now check whether the file is created .
# ls -l /root/helloworld.txt
-rw-r--r-- 1 root root 0 Nov 13 12:23 /root/helloworld.txt
Now we will move further to add contents to the file
Modify the manifest definition on puppet server to add "Hello World" content in helloworld.txt file .
# cat /etc/puppet/manifests/site.pp
node "puppetclient.in" {
file { "/root/helloworld.txt":
ensure => file,
owner => "root",
group => "root",
mode => 0644,
content => "Hello, World\n",
}
}
node "puppetclient.in" {
file { "/root/helloworld.txt":
ensure => file,
owner => "root",
group => "root",
mode => 0644,
content => "Hello, World\n",
}
}
Now run the puppet agent command to apply the changes.
# puppet agent --verbose --no-daemonize --onetime
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppetclient.in
Info: Applying configuration version '1415865477'
Info: Computing checksum on file /root/helloworld.txt
Info: /Stage[main]/Main/Node[puppetclient.in]/File[/root/helloworld.txt]: Filebucketed /root/helloworld.txt to puppet with sum d41d8cd98f00b204e9800998ecf8427e
Notice: /Stage[main]/Main/Nodepuppetclient.in]/File[/root/helloworld.txt]/content: content changed '{md5}d41d8cd98f00b204e9800998ecf8427e' to '{md5}82bb413746aee42f89dea2b59614f9ef'
Notice: Finished catalog run in 0.16 seconds
# cat /root/helloworld.txt
Hello, World[root@ssdgweb ~]#
Comments