Wednesday, 2 November 2016

​Install/configure puppet server/puppet client Guest OS - Linux 1/4


1. In this post I only wish to tell how to install and configure puppet master & puppet client on the Guest OS.
2. In my next post, we shall install docker to run puppet master and puppet client .... 
3. we will try to write few manifests also shall configure different environments for running puppet....

Docker Installed OS: Ubuntu 16.04
Tested on: RHEL/CentOS/Ubuntu 
Puppet Version: 3.8.7 

Let me first let you know how to install puppet server/puppet client and what change needs to be modified ?
Make sure your hostnames are resolvable, you could either configure DNS or add the hostnames in you /etc/hosts file.

Hostname & Descriptions of few major tools :

puppetmaster.example.com: (puppet master) 
This would be centralized managemnt daemon, and each manahed node will run puppet agent. It would serve compiled configuration, files, templates,
and custom plugins to managed nodes.

puppetclient.example.com: (puppet agent)   
puppet agent runs on each managed node, which will wake up every 30 mins by default to check with pupper master, send the new information about the system facts, and receive 'compiled catalog' describing the desired system configuration. puppet agent is then reponsible for making the system match the compile catalog. If 'pluginsync' is enabled in node configuration, custom plugins stored on pupper master are transferred automatically. 
puppet master then determines what information a given managed node should see based on unique identifier "certname". 

puppet apply:
runs puppet locally, to test manifests, non-networked case. it will not contact puppet master server, otherwise it just 'puppet agent' 

puppet cert: 
when the client contacts the server it will generate a certificate which should be signed by master to secure connection. 'autosign=true' will sign automatically when the clients connects to master server. 

#puppet cert list --all

if 'autosign' option not enabled, then you might require to sign, 
#puppet cert sign puppetclient.example.com

puppetmaster Install/Configure : 

Download RPM from puppetlabs to install puppet server

I had an issue with the time sync between puppetmaster and puppetclients and hence has to install 'ntp' and configure. 
it is not required for the VM, however that has fixed my issues hence thought to mention over here.
[root@puppetmaster ~]#yum install ntp

append any entry in 'server' part of the ntp.conf file

[root@puppetmaster ~]#vim /etc/ntp.conf
server <puppetmasterserver IP>

[root@puppetmaster ~]#service ntpd restart

[root@puppetmaster ~]#yum clean all; yum install puppet-server

Change your config files accordingly to your IP address and the hostnames.

[root@puppetmaster ~]#cat > /etc/puppet/puppet.conf
[main]
    certname = puppetmaster.example.com
    logdir = /var/log/puppet
    vardir = /var/lib/puppet
    rundir = /var/run/puppet
    ssldir = /var/lib/puppet/ssl
    factpath = $vardir/lib/facter

# This section is used by the Puppet master and Puppet cert applications.
[master]
    dns_alt_names = puppetmaster.example.com
    ssl_client_header = SSL_CLIENT_S_DN
    ssl_client_verify_header = SSL_CLIENT_VERIFY
    autosign = true
[root@puppetmaster ~]#

[root@puppetmaster ~]# puppet cert list --all
+ "puppetclient.example.com" (SHA256) EC:72:61:11:EA:C9:65:B4:43:B0:C7:45:56:38:40:A3:B4:85:E3:D9:27:8A:BB:56:BF:62:81:57:1A:91:AE:E0
+ "puppetmaster.example.com" (SHA256) EB:6B:BA:B1:03:8D:3B:CD:76:5D:46:9F:B9:2E:0D:3E:DF:70:8C:DE:35:F3:7D:D7:1A:81:FA:BA:63:31:DC:55 (alt names: "DNS:puppetmaster.example.com")
[root@puppetmaster ~]#

[root@puppetmaster ~]#service puppetmaster start

Ensure you have your master server has port listening

[root@puppetmaster ~]# netstat -tupln | grep 8140
tcp        0      0 0.0.0.0:8140                0.0.0.0:*                   LISTEN      -
[root@puppetmaster ~]#

Testing :

[root@puppetmaster ~]#cd /etc/puppet/manifests
[root@puppetmaster /etc/puppet/manifests]#cat > site.pp
file {'masterserver':
    ensure => present,
    path => '/tmp/masterserver',
    mode => 644,
    owner => root,
    group => root,
    content => 'on succsful test I must be born in /tmp/ and reader should study this message
'
}
[root@puppetmaster /etc/puppet/manifests]#

[root@puppetmaster /etc/puppet/manifests]# puppet apply site.pp
Notice: Compiled catalog for puppetmaster.example.com in environment production in 0.07 seconds
Notice: /Stage[main]/Main/File[masterserver]/ensure: created
Notice: Finished catalog run in 0.02 seconds
[root@puppetmaster /etc/puppet/manifests]# 

[root@puppetmaster ]# ls -l /tmp/masterserver
-rw-r--r-- 1 root root 78 Nov  2 02:27 /tmp/masterserver
[root@puppetmaster ~]#

[root@puppetmaster ~]# cat /tmp/masterserver
on succsful test I must be born in /tmp/ and reader should study this message
[root@puppetmaster ~]#

puppet client Install/Configure :

Download RPM from puppetlabs to install puppet server

I had an issue with the time sync between puppet master and puppet clients and hence has to install 'ntp' and configure. 
it is not required for the VM, however that has fixed my issues hence thought to mention over here.

[root@puppetclient ~] scp root@puppetmaster.example.com:/etc/ntp.conf /etc/ntp.conf
[root@puppetclient ~] service ntpd restart

[root@puppetclient ~]#yum clean all; yum install puppet

[root@puppetclient ~]# cat /etc/puppet/puppet.conf
[main]
    logdir = /var/log/puppet
    vardir = /var/lib/puppet
    rundir = /var/run/puppet
    ssldir = /var/lib/puppet/ssl
    factpath = $vardir/lib/facter

# This section is used by the Puppet master and Puppet cert applications.
[agent]
    ssl_client_header = SSL_CLIENT_S_DN
    ssl_client_verify_header = SSL_CLIENT_VERIFY
    server = puppetmaster.example.com
[root@puppetclient ~]#

[root@puppetclient ~]# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppetclient.example.com
Info: Applying configuration version '1478054988'
Notice: /Stage[main]/Main/File[masterserver]/ensure: created
Notice: Finished catalog run in 0.02 seconds
[root@puppetclient ~]#

[root@puppetclient ~]# ls -l /tmp/masterserver
-rw-r--r-- 1 root root 78 Nov  2 02:51 /tmp/masterserver
[root@puppetclient ~]#

[root@puppetclient ~]# cat /tmp/masterserver
on succsful test I must be born in /tmp/ and reader should study this message
[root@puppetclient ~]#

Your puppet master and puppet client are ready, enjoy  !

Thanks for re-sharing