How To Install Puppet To Manage Your Server Infrastructure on CentOS6
Puppet, From puppet Labs is well know open-source software configuration management tool which helped System Administrator to automate configuration, provisioning, maintaining of OS infrastructure. It runs on many Unix-like systems as well as on Microsoft Windows, and includes its own declarative language to describe system configuration.
In big infrastructure, where we have hundreds and thousands of machines per Data center, its quit important to manage few basic repeating task on every machine that play key rule for managing setup smooth and help to ensure that everything running smooth with minimum human intervention and rest of work is automatically pushed and ensure through puppet server of local data center. This prevent to work on these task that could use to improve other aspects of overall setup.
In this post we will how to install and configure puppet master server 3.8.7 on CentOS6 with Client machine on CentOS6 and Ubuntu 14.04.
SetUP
For this setup, we are CentOS6 and Ubuntu 14.04 machines
Puppet Master -- CentOS6 Puppet Client -- CentOS6 and Ubuntu14.04
Below are machine details used in setup
Serve Rule Hostname IP Address ----------- -------- ---------- Puppet Server -- puppetmaster.geekpills.com 192.168.122.26 Puppet Client -- srv57.geekpills.com 192.168.122.51 Puppet Client -- srvu1.geekpills.com 192.168.122.156
All of these machine are upgraded as of now Feb 2018.
Before we start working on this setup, we should clear on two points
1. Machine should resolve Hostname. In big setup we use DNS server. I am using /etc/hosts file for Name resolution.
2. Time should sync between nodes, usually we configure NTP for same.
With these points, this must be clear to every reader that all machine able to resolve Hostname and sync Time with same NTP Server.
Installation of Puppet Master
So we have CentOS6 machine, which we are going to configure as puppet master machine. For installation of Puppet Master packages on CentOS/RHEL/Fedora machine we have to install puppetlabs packages first like mentioned below.
# yum -y install http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
Once we install this package, this will enable puppetlabs repository on this machine, so now we can install puppet-master packages with below mentioned command
# yum -y install puppet-server
with this we command we have puppet-master installed on machine. We can check puppet version like below command.
[root@puppetmaster ~]# puppet -V 3.8.7
Configure Basic Puppet
So now we know puppet-master is installed on machine, we need to configure puppet-master server. Although there could be many puppet configuration that need to be changed in various cases, but most basic one is /etc/puppet/puppet.conf.
We are just printing effective line of puppet.conf, only colored one were edited in file
# awk '$1!="#" && NF >= 1 ' /etc/puppet/puppet.conf [main] logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl dns_alt_names = puppetmater,puppetmaster.geekpills.com [master] environmentpath = $confdir/environments basemodulepath = $confdir/modules:/opt/puppet/share/modules [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig
we could configure puppet for many setup and environments if we separate there configuration file on time and save them properly in main puppet configuration. So for same we are going to create different environment for production setup like below.
mkdir -p /etc/puppet/environments/production/{modules,manifests}
So now we have production setup and separate directory structure of its modules and manifests. We also need to create environment.conf file for production setup.
# cat /etc/puppet/environments/production/environment.conf modulepath = /etc/puppet/environments/production/modules environment_timeout = 5s
Generating master certificate
Now create new CA certificates for puppet master by running the following mentioned command.
[root@puppetmaster puppet]# puppet master --verbose --no-daemonize Info: Creating a new SSL key for ca Info: Creating a new SSL certificate request for ca Info: Certificate Request fingerprint (SHA256): 10:C7:28:9E:40:12:ED:AB:5E:88:68:F3:C0:A6:F7:89:C1:01:52:73:F2:DE:40:BF:2D:ED:39:91:D0:12:D3:59 Notice: Signed certificate request for ca Info: Creating a new certificate revocation list Info: Creating a new SSL key for puppetmaster Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for puppetmaster Info: Certificate Request fingerprint (SHA256): 52:7F:15:98:2D:2C:63:55:F9:B6:F1:88:80:B6:8F:CB:4D:0B:69:1C:CB:73:6C:3A:66:7C:A8:DC:04:85:05:99 Notice: puppetmaster has a waiting certificate request Notice: Signed certificate request for puppetmaster Notice: Removing file Puppet::SSL::CertificateRequest puppetmaster at '/var/lib/puppet/ssl/ca/requests/puppetmaster.pem' Notice: Removing file Puppet::SSL::CertificateRequest puppetmaster at '/var/lib/puppet/ssl/certificate_requests/puppetmaster.pem' Notice: Starting Puppet master version 3.8.7
We can see these puppet master certificate with below command.
[root@puppetmaster ~]# puppet cert list --all + "puppetmaster" (SHA256) A5:78:9B:0A:F3:09:1B:2A:8A:0A:4D:6E:1B:18:5F:45:4B:03:71:A3:00:21:66:B7:46:9E:72:AF:C9:60:E8:51 (alt names: "DNS:puppetmaster", "DNS:puppetmaster.geekpills.com", "DNS:puppetmater")
These certificate are located in “/var/lib/puppet/ssl”, if you wish you can delete these certificate and create again.But please keep in mind every client certificate request or signed certificate will also located in same directory.
Till here Puppet-master configuration is complete. Now we could proceed to Client configuration.
Puppet Client Configuration on CentOS6
For this client configuration we are using same operating system CentOS6. We will try to isntall and configure puppet Client on this machine.
First of all we have to install puppetlabs repository package to enable its repository on this machine.
# yum -y install http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
with above command, now machine able to install puppet client with below command.
# yum install puppet -y
Configure puppet agent
with couple of above commands, we have done with puppet agent installation of centos6. Now we need configure puppet agent according to puppetmaster configured earlier.
To configure Puppet agent we just need to mention server information in /etc/puppet/puppet.conf like below.
[root@srv57 ~]# awk '$1!="#" && NF >= 1 ' /etc/puppet/puppet.conf [main] logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig server = puppetmaster
Creating of Agent certificate
once this done you need to create certificate on Puppet Agent like below command.
root@srvu1:~# puppet agent --verbose --no-daemonize --onetime Info: Creating a new SSL key for srvu1 Info: Caching certificate for ca Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for srvu1 Info: Certificate Request fingerprint (SHA256): 66:2E:2B:90:FE:73:5E:55:49:C1:95:5F:19:BF:5F:7E:ED:B9:8C:F1:63:FB:75:C5:A7:FD:42:C5:02:41:CC:D3 Info: Caching certificate for ca Exiting; no certificate found and waitforcert is disabled
Once certificate creation done from agent side you also need to sign it from puppet master side.
[root@puppetmaster ~]# puppet cert list "srv57" (SHA256) 37:56:2D:E5:B3:D3:BC:7E:18:CB:90:38:99:4B:96:EF:52:06:98:1E:97:20:5A:1E:94:8B:7E:C8:55:3E:77:93 [root@puppetmaster ~]# puppet cert sign srv57 Notice: Signed certificate request for srv57 Notice: Removing file Puppet::SSL::CertificateRequest srv57 at '/var/lib/puppet/ssl/ca/requests/srv57.pem'
We can see certificate waiting for sign and can sign them like mentioned. Once this done we are done with very basic configuration of Puppet Agent on centOS6. Let’s see how to install Puppet Agent on Ubuntu 14.04 machine.
installation of Puppet Agent on Ubuntu 14.04
Ubuntu uses apt-get package manager to install packages, but it also required to add Ubuntu repository like below.
This is only belongs to ubuntu 14.04 wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb dpkg -i puppetlabs-release-trusty.deb Above commands adds repository, below commands will install puppet agent apt-get update apt-get install puppet
Configure Ubuntu Puppet Agent
Once we install puppet agent we have to configure puppet agent so that it would connect puppet-master machine.
Puppet main configuration file is same it was with CentOS6 /etc/puppet/puppet.conf, so we mention puppet server name in it like below.
root@srvu1:~# awk '$1!="#" && NF >= 1 ' /etc/puppet/puppet.conf [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates [master] ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY [agent] server = puppetmaster
Once we are done with editing main configuration part, we have to enable puppet service.
# puppet agent --enable
Creating puppet agent certificate
Now we have to create puppet agent certificate like mention below , this certificate will wait on puppet master to sign.
root@srvu1:~# puppet agent --verbose --no-daemonize --onetime Info: Creating a new SSL key for srvu1 Info: Caching certificate for ca Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for srvu1 Info: Certificate Request fingerprint (SHA256): 66:2E:2B:90:FE:73:5E:55:49:C1:95:5F:19:BF:5F:7E:ED:B9:8C:F1:63:FB:75:C5:A7:FD:42:C5:02:41:CC:D3 Info: Caching certificate for ca Exiting; no certificate found and waitforcert is disabled
Now we have to sign certificate from server side
[root@puppetmaster ~]# puppet cert list "srvu1" (SHA256) 66:2E:2B:90:FE:73:5E:55:49:C1:95:5F:19:BF:5F:7E:ED:B9:8C:F1:63:FB:75:C5:A7:FD:42:C5:02:41:CC:D3 [root@puppetmaster ~]# puppet cert sign srvu1 Notice: Signed certificate request for srvu1 Notice: Removing file Puppet::SSL::CertificateRequest srvu1 at '/var/lib/puppet/ssl/ca/requests/srvu1.pem'
Once we sign certificate we could run it again like below.This will show below error
root@srvu1:~# puppet agent --verbose --no-daemonize --onetime Info: Retrieving pluginfacts Info: Retrieving plugin Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find default node or by name with 'srvu1' on node srvu1 Notice: Using cached catalog Info: Applying configuration version '1517950914'
Node definition
If you remember we had configured a directory structure for production setup, we should add node definition there.
Now configuration of puppet master and its CentOS, Ubuntu nodes are ready get instructions from puppet master. We also need to define nodes and manifest for same that will work on another post. I have created only blank manifests file like below.
[root@puppetmaster ~]# cat /etc/puppet/environments/production/manifests/nodes.pp node 'srv57'{ } node 'srvu1' { }
With only this file we have resolve node definitions like below and above mentioned error is no more will display.
root@srvu1:~# puppet agent --verbose --no-daemonize --onetime Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for srvu1 Info: Applying configuration version '1517984314' Notice: Finished catalog run in 0.02 seconds
Now we could create some code for srvu1 Host, like below.
node 'srvu1' { user { app: ensure => present, uid => '544', shell => '/bin/bash', home => "/home/app", } }
Now this time when we run “puppet agent command” on srvu1, it will create that user.
root@srvu1:~# grep app /etc/passwd root@srvu1:~# puppet agent --verbose --no-daemonize --onetime Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for srvu1 Info: Applying configuration version '1517987947' Notice: /Stage[main]/Main/Node[srvu1]/User[app]/ensure: created Notice: Finished catalog run in 0.12 seconds root@srvu1:~# grep app /etc/passwd app:x:544:1001::/home/app:/bin/bash
This way we can create manifests and will automate our work.
Leave a Reply