Search This Blog

Monday, June 20, 2011

Puppet Configuration and Installation.

Puppet server is used to implement mass changes throughout the organization.

For example:
If a Organization requires you to disable ctr+alt+del on all of its servers by commenting
ca::ctrlaltdel:/sbin/shutdown -t3 -r now line of /etc/inittab file.

You will end up modifying /etc/inittab file of each and every linux distribution.

However the task will be easily done if you install puppet server all you need to do is to keep a copy of /etc/inittab on puppet server and then distribute it on linux distributions throughout your organization(provided they all have same version of /etc/initab files) .
There is lot other things that can be implemented using puppet .

For a basic configuration please refer the below article.

Server Side configuration:
Make sure you have following rpms .

ruby-lib
ruby
facter
puppet-server
puppet

# rpm -ivh ruby-libs-1.8.6.111-1.i686.rpm
Preparing... ########################################### [100%]
1:ruby-libs ########################################### [100%]
# rpm -ivh ruby-1.8.6.111-1.i686.rpm
Preparing... ########################################### [100%]
1:ruby ########################################### [100%]
# rpm -ivh facter-1.5.1-1.el5.noarch.rpm
Preparing... ########################################### [100%]
1:facter ########################################### [100%]
# rpm -ivh puppet-0.24.5-1.el5.noarch.rpm
Preparing... ########################################### [100%]
1:puppet ########################################### [100%]
# rpm -ivh puppet-server-0.24.5-1.el5.noarch.rpm
Preparing... ########################################### [100%]
1:puppet-server ########################################### [100%]

After installing the necessary rpms Now its time to configure the server.

Store all your files at following location(If the location doesnt exists then create it using # mkdir -p /etc/puppet/files).
/etc/puppet/files
We will store /etc/inittab file (with ctr+alt+del disabled) in above location .

Now we will create /etc/puppet/manifests/site.pp file.
This file holds all the puppet rule in form of classes.

class inittab_implement {
file { "/etc/inittab": #This file will be modified at client
ensure => present, #Check file existence . if not exists ,creates the file
mode => 744, #Permission
owner => root, #Ownership
group => root, #Group Owner
source => "puppet:///files/inittab" #source motd file
}
}
node 'default' {
include inittab_implement
}

Now the last step is to modify /etc/puppet/fileserver.conf.
This file ensures
1) Default location of puppet files.
2) which client machines should be allowed to get service from puppet server(This can be different on what is given in below example depending upon your network configuration).

edit the file and add following .
[files]
path /etc/puppet/files
allow 10.0.0.0/8

Start the puppetmaster service on server.

#service puppetmaster start
It would be nice if you add it to startup.
#chkconfig puppetmaster on
This is all about Server configuration now lets talk about client configuration.

Client Side configuration:
Make sure you have following rpms .

ruby-libs
ruby
facter
puppet

# rpm -ivh ruby-libs-1.8.6.111-1.i686.rpm
Preparing... ########################################### [100%]
1:ruby-libs ########################################### [100%]
# rpm -ivh ruby-1.8.6.111-1.i686.rpm
Preparing... ########################################### [100%]
1:ruby ########################################### [100%]
# rpm -ivh facter-1.5.1-1.el5.noarch.rpm
Preparing... ########################################### [100%]
1:facter ########################################### [100%]
# rpm -ivh puppet-
puppet-0.24.5-1.el5.noarch.rpm puppet-server-0.24.5-1.el5.noarch.rpm
# rpm -ivh puppet-0.24.5-1.el5.noarch.rpm
Preparing... ########################################### [100%]
1:puppet ########################################### [100%]

Now edit the /etc/puppet/puppet.conf file and add the below parameter:
server = PuppetMaster.domain.com #(Host name of my puppet server is PuppetMaster)
Make sure you have proper entry in /etc/host file on both puppet server and puppet client side.

Edit /etc/sysconfig/puppet file as mentioned below.

# The puppetmaster server
PUPPET_SERVER=PuppetMaster.domain.com

# If you wish to specify the port to connect to do so here
#PUPPET_PORT=8140

# Where to log to. Specify syslog to send log messages to the system log.
PUPPET_LOG=/var/log/puppet/puppet.log

# You may specify other parameters to the puppet client here
PUPPET_EXTRA_OPTS=--waitforcert=60 #this defines the time interval for puppet client to look for any update on puppet server.

For testing purpose the time is made as 1 minute you may set it little higher once the testing is done.

Now start the puppet service and add it on startup
# service puppet start
# chkconfig puppet on


You should now be able to run below command.
# puppetd --server puppetmaster.domain.com --waitforcert 60 --test

Unfortunately i was getting below error .
You may get this kind of error when both server and client time is not sync.(source google)
So i synced the time
Yet i was facing the same issue.
The problem was with the clients ssl certificate so i deleted the client cert using
# rm -rf /var/lib/puppet/ssl/

Next time when i run the command i got the following output.
So it has created new certificate.
# puppetd --server puppetmaster.domain.com --waitforcert 60 --test
info: Creating a new certificate request for test-ovs-2.domain.com
info: Creating a new SSL key at /var/lib/puppet/ssl/private_keys/test-ovs-2.domain.com.pem
warning: peer certificate won't be verified in this SSL session
notice: Did not receive certificate
notice: Set to run 'one time'; exiting with no certificate

warning: Certificate validation failed; considering using the certname configuration option
err: Could not retrieve catalog: Certificates were not trusted: certificate verify failed
warning: Not using cache on failed catalog

Now run the below command on puppet server.
It should now list the puppet client.
# puppetca --list
puppetclient.domain.com
Now sign the puppet client using
# puppetca --sign test-ovs-2.domain.com
Signed test-ovs-2.domain.com

Now try to execute previous command on client.
# puppetd --server puppetmaster.domain.com --waitforcert 60 --test
warning: peer certificate won't be verified in this SSL session
notice: Got signed certificate
info: Caching catalog at /var/lib/puppet/localconfig.yaml
notice: Starting catalog run
53c53
< x:5:respawn:/etc/X11/prefdm -nodaemon
---
> #x:5:respawn:/etc/X11/prefdm -nodaemon
info: Filebucket[/var/lib/puppet/clientbucket]: Adding /etc/inittab(5528f318b4fa5604efe51f3a8c5ca734)
info: //Node[default]/inittab_implement/File[/etc/inittab]: Filebucketed to with sum 5528f318b4fa5604efe51f3a8c5ca734
notice: //Node[default]/inittab_implement/File[/etc/inittab]/source: replacing from source puppet:///files/inittab with contents {md5}a43ac1c17a59b1facea7db112e69fb42
notice: Finished catalog run in 0.38 seconds

Now check the /etc/inittab file on client machine it should match to puppet server's(/etc/puppet/files/inittab) file.

I hope this article solved your basic queries over puppet configuration and installation.
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)