Puppet : Introduction, Installation and basic configuration

puppet

Puppet is a configuration Management tool, used for managing configuration of systems systematically. It keeps a historical record of state of systems properly.  Puppet used pull methodology where nodes request configuration details from a server. It works on a Master and Slave environment. It helps system administrators automate the provisioning, configuration, and management of a server infrastructure

The architecture used is where the client/slave node contacts the server/Master node and supplies few information about the client. The server verifies the records, creates a catalog, a document that tells the desired configuration of that client node, and updates the client node about the configurations to be used. Then the client updates the server with the status of configuration.

Installing puppet master server

  • Install CentOS 7
  • Update all packages using the command “yum update
    Install vmware tools if the host is a vm running on ESX
  • Ensure the hostname is correct in the file “/etc/hostname
    #] rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
    #] yum install puppet-server
  • Edit the file “/etc/puppet/puppet.conf“. In the [main] section add the following line
    dns_alt_names = <hostname>,<FQDN of hostname>
  • Ensure the host can ping the client using the hostname
  • Start the service by using the command
    #] systemctl start puppetmaster
  • The command “puppet help” will give information including the revision of puppet application installed.

Installing puppet agents in client hosts

  • Install CentOS 7
  • Update all packages using the command “yum update
  • Install vmware tools if the host is a vm running on ESX
  • Ensure the hostname is correct in the file “/etc/hostname
    #] echo “<IP of pupper master server>  <hostname of pupper master server>   <FDQN hostname of pupper master server>” >> /etc/hosts
  • #] rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
  • #] yum install puppet -y
  • Ensure the host can ping the server using the hostname
  • Add the following line in the file “/etc/puppet/puppet.conf“:
    server=<hostname of pupper master server>

Starting the services:

  • Ensure the firewall is stopped in both the tests hosts, and SELinux is disabled. Puppet server uses “tcp port 8140” for connections.
  • Issue the command “systemctl start puppetmaster” in the puppet master host
  • Puppet uses SSL certificates to authenticate communication between master and agent systems.
  • After a minute issue the command “puppet agent --no-daemonize --onetime --verbose” in the puppet client host
  • You may see an error message that says “Exiting; no certificate found and waitforcert is disabled“. This is normal. Proceed with the following step to accept the certificate in the server.
  • Check the logs in “/var/log/messages” in the client host to see if the client was able to start without any issue
  • In the server host issue the command “puppet cert list” to see if there is an entry from the client host. This will be the certificate from the client, requesting it to the signed.
  • Issue the command “puppet cert sign <client hostname>“. Now our client <client hostname> is authorized to fetch and apply configurations from the puppet server.
  • (The command “puppet cert clean <hostname>” is used to remove the certificate)

The command “puppet agent --test” when executed on a puppet client will communicate with the server and apply the main manifest.

Configuring puppet server to create a file named /usr/local/sbin/puppetsimple.sh and install apache webserver in the client

  • In the puppet master host create the file “/etc/puppet/manifests/site.pp” with the following content:

class toolbox {
    file {‘/usr/local/sbin/puppetsimple.sh’:
        owner => root, group => root, mode => 0755,
        content => “#!/bin/sh \necho ‘HHHHEEEELLLLOOO’ $1\n”,
    }

class apache {
        package {‘httpd’:
        ensure => installed,
        }
}
}node ‘<client hostname>’    {
    include toolbox

include apache
}

 

Puppet master gathers facts about its nodes with a tool called facter, which by default, gathers information such as OS, hostnames, IP addresses, SSH keys, etc. This info the server gets from the client node can in-turn be used to configure parameters such as IP, hostname, etc in the configurations for the client.

The puppet agent when connects and checks with the puppet master, it will send facts about itself to the master, and pull a current catalog (a compiled list of resources and their desired states that are relevant to the agent, determined by the main manifest). Then the agent node will attempt to make the appropriate changes to achieve its desired state.

Puppet programs are called manifests, composed of puppet code, written in a “.pp” file. The default main manifest is site.pp

Retrieving new instructions from the puppet master that will create the file

  • Issue the following command in the client host:
    #] puppet agent --no-daemonize --onetime --verbose
  • #] ls -l /usr/local/sbin/puppetsimple.sh
  • #] puppetsimple.sh
  • #] service httpd start
  • #] service httpd status

 

Defining class to add a user named shijuv

class addmyuser{

        user {‘shijuv’:
                ensure           => ‘present’,
        }
}

Defining class to delete a user
class delmyuser{

        user {‘shijuv’:
                ensure           => ‘absent’,
        }
}

 

Transferring files from the Puppet File Server

  • The puppet master service includes a file server that can be used for transferring files to its clients. If a file resource declaration contains a puppet: URI in its source attribute, clients will receive those files from the master’s file server.
  • Create a repository to store a sample file
    #] mkdir -p /etc/puppet/modules/shiju_module/files
  • Create a file for testing:
    #] echo “Hello World” >> /etc/puppet/modules/shiju_module/files/shiju.txt
  • Define a class “/etc/puppet/manifests/classes/copyfile.pp” as demonstration in above sections, with the following contents:

file { “/tmp/sample.txt”:
    mode   => 440,
    owner  => root,
    group  => root,
    source => “puppet:///modules/shiju_module/shiju.txt” 

    #NOTE: The folder named files is deliberately removed from source parameter
}

  • Include the class in the “/etc/puppet/manifests/site.pp” file under the section for the client
  • Run the puppet agent in the client host to retrieve information from the puppet master
  • Verify if the file “shiju.txt” is copied to the “/tmp” folder in the client

Puppet automatically serves PLUGINS and FILES FROM MODULES: anything in <module name>/files/<file name> is available to authenticated nodes at puppet:///modules/<module name>/<file name>. You do not need to edit this file to enable this.

Default configuration for nodes not defined specifically:

When a client node contacts the puppet server, if there are no xxxx for the node, the node will apply all condifuration defines in “node default {}” in /etc/puppet/manifests/site.pp