This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
wiki:qclug_presentations:puppet [2015/11/11 21:00] Root |
wiki:qclug_presentations:puppet [2015/11/11 22:07] (current) Root [Setup R10K] |
||
---|---|---|---|
Line 7: | Line 7: | ||
Step 1: Add the Puppet Repository\\ | Step 1: Add the Puppet Repository\\ | ||
Step 2: Install Puppet\\ | Step 2: Install Puppet\\ | ||
- | Step 3: Install R10K\\ | + | Step 3: Configure the Puppet Master\\ |
- | Step 4: Install Hiera\\ | + | Step 4: Configure a Puppet agent\\ |
- | Step 5: Install and Configure a Puppet agent\\ | + | Step 5: Apply Puppet Code |
- | Step 6: Apply Puppet Code | + | |
===== Prerequisites ===== | ===== Prerequisites ===== | ||
- | - Master/Agent requires at least 2 servers, masterless requires only 1. | + | - Master/Agent requires at least two servers, masterless requires only one |
- | - Master/Agent should have DNS configured, but IP addresses could work as well. | + | - Master/Agent require DNS to be configured for SSL certificate signing purposes |
===== Installing Open Source Puppet ===== | ===== Installing Open Source Puppet ===== | ||
Line 65: | Line 64: | ||
[master] | [master] | ||
always_cache_features = true | always_cache_features = true | ||
- | environment_timeout=unlimited | + | environment_timeout = unlimited |
- | environmentpath=$confdir/environments | + | environmentpath = $confdir/environments |
basemodulepath = /etc/puppet/modules | basemodulepath = /etc/puppet/modules | ||
ca = true | ca = true | ||
Line 74: | Line 73: | ||
<code> | <code> | ||
[main] | [main] | ||
- | #templatedir=$confdir/templates | + | #templatedir = $confdir/templates |
</code> | </code> | ||
+ | Start the Apache service | ||
+ | <code> | ||
+ | service apache2 start | ||
+ | </code> | ||
===== Set up your production environment ===== | ===== Set up your production environment ===== | ||
Line 100: | Line 103: | ||
node 'pupagent.pcdomain.pvt' { | node 'pupagent.pcdomain.pvt' { | ||
include roles::home::server | include roles::home::server | ||
- | } | ||
- | node 'laptop.pcdomain.pvt' { | ||
- | include roles::home::laptop | ||
} | } | ||
</code> | </code> | ||
Line 120: | Line 120: | ||
Next, create the roles module directory structure: | Next, create the roles module directory structure: | ||
<code> | <code> | ||
- | mkdir -p /etc/puppet/environments/production/modules/roles/manifests | + | mkdir -p /etc/puppet/environments/production/modules/roles/manifests/home |
</code> | </code> | ||
- | Edit the server.pp file and have it include the profiles::home::apache module which will be created later and will use the Puppetlabs apache module to install and configure apache: | + | Edit the server.pp file and have it include the profiles::home::mysql module which will be created later and will use the Puppetlabs mysql module to install and configure mysql: |
<code> | <code> | ||
- | vi /etc/puppet/environments/production/modules/roles/manifests/server.pp | + | vi /etc/puppet/environments/production/modules/roles/manifests/home/server.pp |
</code> | </code> | ||
<code> | <code> | ||
class roles::home::server { | class roles::home::server { | ||
- | include profiles::home::apache | + | include profiles::home::mysql |
} | } | ||
+ | </code> | ||
+ | |||
+ | //Note: A bug you might encounter will cause the following error message during a puppet run:// | ||
+ | <code> | ||
+ | Could not evaluate: Could not retrieve information from environment production source(s) puppet://pupmaster.pcdomain.pvt/pluginfacts | ||
+ | </code> | ||
+ | |||
+ | To work around the bug simply create a folder named "facts.d" in the roles module directory: | ||
+ | <code> | ||
+ | mkdir /etc/puppet/environments/production/modules/roles/facts.d | ||
</code> | </code> | ||
Line 142: | Line 152: | ||
</code> | </code> | ||
- | Edit the apache.pp file and have it call the apache class: | + | Edit the mysql.pp file and have it call the mysql::server class: |
<code> | <code> | ||
- | vi /etc/puppet/environments/production/modules/profiles/manifests/home/apache.pp | + | vi /etc/puppet/environments/production/modules/profiles/manifests/home/mysql.pp |
</code> | </code> | ||
<code> | <code> | ||
- | class profiles::home::apache { | + | class profiles::home::mysql { |
- | class { '::apache': } | + | class { '::mysql::server': |
+ | root_password => 'strongpassword', | ||
+ | remove_default_accounts => true, | ||
+ | } | ||
} | } | ||
</code> | </code> | ||
- | //Note: Ensure the class is prefixed with the double colons or else the profile will try to load itself instead of the actual apache module!// | + | //Note: Ensure the class is prefixed with the double colons or else the profile will try to load itself instead of the actual mysql module!// |
- | ==== Install the puppetlabs-apache module ==== | + | ==== Install the puppetlabs-mysql module ==== |
- | This command will install the puppetlabs-apache module into /etc/puppet/modules, which is symlinked inside our production environment: | + | This command will install the puppetlabs-mysql module into /etc/puppet/modules, which is symlinked inside our production environment: |
<code> | <code> | ||
- | puppet module install puppetlabs-apache | + | puppet module install puppetlabs-mysql |
</code> | </code> | ||
- | ===== Setup R10K ===== | + | ===== Configuring a Puppet Agent ===== |
+ | |||
+ | Edit /etc/puppet/puppet.conf and configure the agent: | ||
+ | <code> | ||
+ | [main] | ||
+ | server = pupmaster.pcdomain.pvt | ||
+ | archive_files = true | ||
+ | archive_file_server = pupmaster.pcdomain.pvt | ||
+ | |||
+ | [agent] | ||
+ | report = true | ||
+ | classfile = $vardir/classes.txt | ||
+ | localconfig = $vardir/localconfig | ||
+ | graph = true | ||
+ | pluginsync = true | ||
+ | environment = production | ||
+ | </code> | ||
+ | |||
+ | Also remove the [master] section from all agents. | ||
+ | |||
+ | Run the agent to generate an SSL key and CSR request for the Master: | ||
+ | <code> | ||
+ | puppet agent -t | ||
+ | </code> | ||
+ | |||
+ | Login to the Master and sign the certificate: | ||
+ | <code> | ||
+ | puppet cert sign pupagent.pcdomain.pvt | ||
+ | </code> | ||
+ | |||
+ | Which should give you the following output: | ||
+ | <code> | ||
+ | Notice: Signed certificate request for pupagent.pcdomain.pvt | ||
+ | Notice: Removing file Puppet::SSL::CertificateRequest pupagent.pcdomain.pvt at '/var/lib/puppet/ssl/ca/requests/pupagent.pcdomain.pvt.pem' | ||
+ | </code> | ||
+ | |||
+ | Login to the agent and run Puppet again which should kickoff the initial Puppet run: | ||
+ | <code> | ||
+ | puppet agent -t | ||
+ | </code> | ||
+ | |||
+ | Enable the agent service to have Puppet run automatically every 30 minutes by default: | ||
+ | <code> | ||
+ | update-rc.d puppet enable | ||
+ | </code> | ||
===== Additional Resources ===== | ===== Additional Resources ===== |