Puppet study: take 3¶
Overview:¶
Third time’s the charm? Any rate, need to know/understand puppet as one of two things is going to happen within two months. Either we’re going to have a new puppet environment at MPI or I’m going to be taking over the project … and we’ll have a new puppet enviornment at MPI.
So, here’s the project plan:
Review class notes from earlier this year
Study the pro puppet book that I have on kindle.
Install/play with puppet enterprises in kvm farm
Revamp the puppet install on my home network:
Increase security through automated config management
Rollout ossec on all nodes via puppet
Lessons learned:¶
Firewall: On puppet master, port 8140 needs to be open:
iptables -A INPUT -p tcp -m state --state NEW --dport 8140 -j ACCEPT
Puppet SSL information maintained under /var/lib/puppet/ssl
Interesting commands:¶
- puppet master –genconfig > puppet.conf
Regenerate a default puppet.conf
- puppet master –verbose –no-daemonize
Run puppet master in the foreground. Useful for watching initial configuration/ssl output.
- puppet agent –test –server=${puppet-master}
Initial client connection to puppet master. Creates/sends CSR.
- puppet cert list
Run on the puppet master, lists out the certs to be signed.
- puppet cert sign ${fqdn}
Run on the puppet master, signs the CSR from ${fqdn}
- puppet master $*
Commands run on the puppet master
- puppet agent $*
Commands run on the puppet agent.
Interesting urls:¶
- http://docs.puppetlabs.com/references/stable/type.html
Full list of puppet types
- https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
EPEL repo for rhel6
- https://dl.fedoraproject.org/pub/epel/epel-release-latest-5.noarch.rpm
EPEL repo for rhel5
- https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
Puppet labs repos for rhel6
- https://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm
Puppet labs repos for rhel5
11/15/15:¶
Reviewed the class notes. Most of it struck a chord; but, there’s a long way from “I remember that” to being able to hack out DSL like I do shell scripts.
One telling point:
Testing:
Create a tests directory under ${basemodulepath}. Tests is a standard, not a requirement. nothing in puppet is looking for tests subdir
init.pp contains
include ${module_to_be_tested}
puppet apply --noop ${base}/tests/init.pp
I remember from take2 that the installation in chapter 1 wasn’t qute right and that I had to redo it in chapter 2. Wondering if I should read the whole damn book cover to cover first before going back through it again. That definitely applies to chapter 1.
Great; puppet ver 4 is out so I’m going to have to deconflict my current book with that…
Installation process:¶
Documentation only; skipping until chapter 2. Using centos as the example:
Install EPEL repos:
yum install \ https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
Install Puppet Labs repos:
yum install https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
On puppet master, install packages:
yum install puppet puppet-server facter
On puppet clients, install packages:
yum install puppet facter
Configuration:¶
Configure puppet master:
In client/server mode, clients get puppet configuration from master so only configure the master.
Run puppet master in foreground to generate ssl information
Connect first client
puppet agent --test --server=${server}
Sign the cert on the puppet master:
puppet cert sign ${fqdn}