Puppet study: take 3¶

Overview:¶

Third time’s the charm? Any rate, need to know/understand puppet as one of two things is going to happen within two months. Either we’re going to have a new puppet environment at MPI or I’m going to be taking over the project … and we’ll have a new puppet enviornment at MPI.

So, here’s the project plan:

Review class notes from earlier this year
Study the pro puppet book that I have on kindle.
Install/play with puppet enterprises in kvm farm
Revamp the puppet install on my home network:
1. Increase security through automated config management
2. Rollout ossec on all nodes via puppet

Lessons learned:¶

Firewall: On puppet master, port 8140 needs to be open:

iptables -A INPUT -p tcp -m state --state NEW --dport 8140 -j ACCEPT

Puppet SSL information maintained under /var/lib/puppet/ssl

Interesting commands:¶

puppet master –genconfig > puppet.conf: Regenerate a default puppet.conf
puppet master –verbose –no-daemonize: Run puppet master in the foreground. Useful for watching initial configuration/ssl output.
puppet agent –test –server=${puppet-master}: Initial client connection to puppet master. Creates/sends CSR.
puppet cert list: Run on the puppet master, lists out the certs to be signed.
puppet cert sign ${fqdn}: Run on the puppet master, signs the CSR from ${fqdn}
puppet master $*: Commands run on the puppet master
puppet agent $*: Commands run on the puppet agent.

Interesting urls:¶

http://docs.puppetlabs.com/references/stable/type.html: Full list of puppet types
https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm: EPEL repo for rhel6
https://dl.fedoraproject.org/pub/epel/epel-release-latest-5.noarch.rpm: EPEL repo for rhel5
https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm: Puppet labs repos for rhel6
https://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm: Puppet labs repos for rhel5

11/15/15:¶

Reviewed the class notes. Most of it struck a chord; but, there’s a long way from “I remember that” to being able to hack out DSL like I do shell scripts.

One telling point:

Testing:
- Create a tests directory under ${basemodulepath}. Tests is a standard, not a requirement. nothing in puppet is looking for tests subdir
- init.pp contains include ${module_to_be_tested}
- puppet apply --noop ${base}/tests/init.pp

I remember from take2 that the installation in chapter 1 wasn’t qute right and that I had to redo it in chapter 2. Wondering if I should read the whole damn book cover to cover first before going back through it again. That definitely applies to chapter 1.

Great; puppet ver 4 is out so I’m going to have to deconflict my current book with that…

Installation process:¶

Documentation only; skipping until chapter 2. Using centos as the example:

Install EPEL repos:

yum install \
https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm

Install Puppet Labs repos:

yum install https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm

On puppet master, install packages:

yum install puppet puppet-server facter

On puppet clients, install packages:
```
yum install puppet facter
```

Configuration:¶

Configure puppet master:
- In client/server mode, clients get puppet configuration from master so only configure the master.
- Run puppet master in foreground to generate ssl information
Connect first client puppet agent --test --server=${server}
Sign the cert on the puppet master: puppet cert sign ${fqdn}