Introduction
This is a step by step tutorial on how to install the server component of Puppet (puppetmaster) on one machine, and the Puppet client (puppetd) on another. We then perform a simple test to make sure Puppet is working properly.
If you're not familiar with Puppet, it's a configuration automation tool that allows you to centralize management of the various *nix flavors running on your network. Puppet supports central management of the important aspects of your systems, such as: files, packages, users, services, cron, mounts, etc. For a more complete description visitReductive Labs.
Background
This installation is performed on Ubuntu 6.06 LTS Server, but should work for most Debian/Ubuntu flavors with slight modification.
At the time of this writing, current Puppet packages for Ubuntu can be found in Feisty. Look for current Debian packages in Unstable.
During this tutorial we'll be using example.com as our domain name. The server will be given the hostname "puppet" and IP 192.168.10.1. The client hostname is "pclient" with IP 192.168.10.2.
1. Network Requirements
If DNS isn't set up on your network, verify the hosts files on both server and client include entries for both machines. For this scenario the following entries would be added to /etc/hosts. Use your favorite text editor to add lines reflecting your own network settings similar to the lines below.
192.168.10.1 puppet.example.com puppet 192.168.10.2 pclient.example.com pclient
The server runs on port 8140. Make sure there's no firewall blocking port 8140 between the two machines.
2. Apt Setup
Many of the packages we need are in the universe repository. If the following lines aren't uncommented in "sources.list," using your favorite text editor, find and uncomment them on the server.
puppet:# vim /etc/apt/sources.list
# deb http://us.archive.ubuntu.com/ubuntu/ dapper universe # deb http://security.ubuntu.com/ubuntu dapper-security universe
Since we're using an earlier version of Ubuntu lets configure apt in order to easily grab Puppet packages from Feisty. Adjust the sources as needed to reflect your OS version. If you're not familiar with the steps in this section, see section 3.10 in the Apt-Howto.
Open "sources.list" and add the two lines that follow.
puppet:# vim /etc/apt/sources.list
deb http://us.archive.ubuntu.com/ubuntu/ feisty universe deb http://security.ubuntu.com/ubuntu feisty-security universe
Update your source list.
puppet:# apt-get update
** Perform the same steps above on "pclient." **
Next, lets configure apt to pull the packages we need for our Puppet setup from Feisty, but allow all other packages to come from the Dapper repository. Add the following lines to the "preferences" file.
On the server:
puppet:# vim /etc/apt/preferences
Package: * Pin: release a=dapper Pin-Priority: 700 Package: facter Pin: release a=feisty Pin-Priority: 500 Package: puppet Pin: release a=feisty Pin-Priority: 500 Package: puppetmaster Pin: release a=feisty Pin-Priority: 500
On the client:
pclient:# vim /etc/apt/preferences
Package: * Pin: release a=dapper Pin-Priority: 700 Package: facter Pin: release a=feisty Pin-Priority: 500 Package: puppet Pin: release a=feisty Pin-Priority: 500
3. Software Requirements
In preparation for our Puppet install we need a few libraries and packages installed on both the server and client. At the time of this writing, if this set isn't installed first, a dependency loop will ensue.
puppet:# apt-get install libopenssl-ruby rdoc irb1.8 libopenssl-ruby1.8 libreadline-ruby1.8 libruby1.8 rdoc1.8 ruby1.8
pclient:# apt-get install libopenssl-ruby rdoc irb1.8 libopenssl-ruby1.8 libreadline-ruby1.8 libruby1.8 rdoc1.8 ruby1.8
4. Client Install
Install Puppet and Facter from Feisty.
pclient:# apt-get -t feisty install facter puppet
5. Server Installation
Install Puppet, Facter and Puppetmaster. The post install script will try to start the server and error out as presented. Don't worry about it. We'll create the manifest during step 6.
puppet:# apt-get -t feisty install facter puppet puppetmaster
.....
Starting puppet configuration management tool master server
Manifest /etc/puppet/manifests/site.pp must exist [fail]
Starting puppet configuration management tool master server
Manifest /etc/puppet/manifests/site.pp must exist [fail]
6. Server Preparation
The server (puppetmasterd) requires a manifest to be in place before it's able to run. Lets write a manifest that tells puppet to create a file "/tmp/testfile" on the client.
puppet:# vim /etc/puppet/manifests/site.pp
# Create "/tmp/testfile" if it doesn't exist.
class test_class {
file { "/tmp/testfile":
ensure => present,
mode => 644,
owner => root,
group => root
}
}
# tell puppet on which client to run the class
node pclient {
include test_class
}
Now start the puppet server.
puppet:# /etc/init.d/puppetmaster start
6. Client Preparation
Clients by default will connect to a server on your network with a hostname of "puppet." If your server's hostname isn't "puppet" a directive needs to be inserted into the puppetd configuration file "puppetd.conf." Even though we don't need to in this case, we'll do so for demonstration purposes.
Open "/etc/puppet/puppetd.conf" with your favorite text editor and add "server = puppet.example.com" to the existing file as the example below indicates.
pclient:# vim /etc/puppet/puppetd.conf
[puppetd] server = puppet.example.com # Make sure all log messages are sent to the right directory # This directory must be writable by the puppet user logdir=/var/log/puppet vardir=/var/lib/puppet rundir=/var/run
7. Sign Keys
In order for the two systems to communicate securely we need to create signed SSL certificates. You should be logged into both the server and client machines for this next step.
On the client side run.
pclient:# puppetd --server puppet.example.com --waitforcert 60 --test
You should see the following message.
err: No certificate; running with reduced functionality.
info: Creating a new certificate request for pclient.example.con
info: Requesting certificate
warning: peer certificate won't be verified in this SSL session
notice: Did not receive certificate
info: Creating a new certificate request for pclient.example.con
info: Requesting certificate
warning: peer certificate won't be verified in this SSL session
notice: Did not receive certificate
Next, on the server side, run the following command to verify the client is waiting for the cert to be signed.
puppet:# puppetca --list
pclient.example.con
Then sign the certificate.
puppet:# puppetca --sign pclient.example.com
Signed pclient.example.com
If everything went OK you should see this message on pclient.
info: Requesting certificate
warning: peer certificate won't be verified in this SSL session
notice: Ignoring --listen on onetime run
info: Caching configuration at /etc/puppet/localconfig.yaml
notice: Starting configuration run
notice: //pclient/test_class/File[/tmp/testfile]/ensure: created
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished configuration run in 0.11 seconds
warning: peer certificate won't be verified in this SSL session
notice: Ignoring --listen on onetime run
info: Caching configuration at /etc/puppet/localconfig.yaml
notice: Starting configuration run
notice: //pclient/test_class/File[/tmp/testfile]/ensure: created
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished configuration run in 0.11 seconds
8. Test
Check and make sure the file was created.
pclient:# ls -l /tmp/testfile
-rw-r--r-- 1 root root 0 2007-02-18 18:28 /tmp/testfile
For a test lets edit the manifest and direct Puppet to modify the file mode. Change line, "mode => 644," to "mode => 600,"
puppet:# vim /etc/puppet/manifests/site.pp
# Create "/tmp/testfile" if it doesn't exist.
class test_class {
file { "/tmp/testfile":
ensure => present,
mode => 600,
owner => root,
group => root
}
}
# tell puppet on which client to run the class
node pclient {
include test_class
}
On the client run puppetd in verbose mode (-v) and only once (-o).
pclient:# puppetd -v -o
You should see the following message, which states that /tmp/testfile changed from mode 644 to 600.
notice: Ignoring --listen on onetime run
info: Config is up to date
notice: Starting configuration run
notice: //pclient/test_class/File[/tmp/testfile]/mode: mode changed '644' to '600'
notice: Finished configuration run in 0.26 seconds
info: Config is up to date
notice: Starting configuration run
notice: //pclient/test_class/File[/tmp/testfile]/mode: mode changed '644' to '600'
notice: Finished configuration run in 0.26 seconds
To verify the work was completed properly.
pclient:# ls -l /tmp/testfile
-rw------- 1 root root 0 2007-02-18 18:28 /tmp/testfile
9. Conclusion
Congratulations, testing is complete and you have a working Puppet setup. Your next step is to create a functional manifest, test some more, and then fire up the puppetd daemon on the client side. Puppetd by default will automatically poll the server every 30 minutes.
pclient:# /etc/init.d/puppet start
For more information visit Reductive Labs. For friendly knowledgeable help, join Puppet Users or drop by #puppet at irc.freenode.net.
No comments:
Post a Comment