Puppet Master Installation

André Guimarães, 2012-09-12

Switzernet

 

This document describes how to install a server that will be used as Puppet Master. Puppet is an open source configuration management tool independent and cross-platform that enables remote and automatic configuration of the server infrastructure from a centralized server.

 

Puppet uses files named “manifests” to declare what it will need to do, when executing a module.

 

Installation and configuration

 

In a Debian 6.0 run the following commands to change the machine name.

 

newfqdn=puppetX.switzernet.com; echo $newfqdn;

hostname $newfqdn

echo $newfqdn > /etc/hostname

sed -i -r 's/.*('`/sbin/ifconfig eth0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'`')([ ]+).*/\1\2'$newfqdn'/g' /etc/hosts

sed -i -e '$d' /etc/motd;sed -i -e '/^hostname/d' /etc/motd; echo -e "hostname  : `hostname`\ncompany   : Switzernet@2012\n" >> /etc/motd

/etc/init.d/hostname.sh

/etc/init.d/networking restart

 

Install de Puppetmaster packet and sshpass:

 

apt-get update

apt-get install puppetmaster sshpass

 

Edit /etc/puppet/fileserver.conf:

 

# This file consists of arbitrarily named sections/modules

# defining where files are served from and to whom

 

# Define a section 'files'

# Adapt the allow/deny settings to your needs. Order

# for allow/deny does not matter, allow always takes precedence

# over deny

 

 

[files]

  path /etc/puppet/files

  allow *

#  deny *.evil.example.com

#  allow 192.168.0.0/24

 

[plugins]

  allow *

#  deny *.evil.example.com

#  allow 192.168.0.0/24

 

[modules]

#  modulepath /etc/puppet/modules

  allow *

 

Create the file /etc/puppet/manifests/site.pp with the content:

 

# /etc/puppet/manifests/site.pp

 

import "modules"

import "nodes"

 

Exec { path => "/usr/bin:/usr/sbin/:/bin:/sbin" }

 

Create the file /etc/puppet/manifests/nodes.pp with the content:

 

# nodes.pp

#

#Uncomment line bellow to force a fail2ban module update

$reloadfail2ban  = 0

#Uncomment line bellow to force an astrad module update in all servers

$installastrad13 = 0

$reloadastrad13  = 0

$installastrad14 = 0

$reloadastrad14  = 0

$installastrad15 = 0

$reloadastrad15  = 0

$astrads           = 'XXX.XXX.XXX.XXX, XXX.XXX.XXX.XXX'

$dbas              = 'XXX.XXX.XXX.XXX, XXX.XXX.XXX.XXX'

 

#Astrad Global Variables

$sipport=5060

 

import "iptables"

import "fail2ban"

import "ldap"

 

class common {

        # This file allows to set a tittle to cygwin windows

        file{"/home/settitle.sh":

                ensure  => file,

                source  => "puppet:///files/settitle.sh"

        }

}

 

Create a directory “modules” to put all Switzernet modules:

 

cd /etc/puppet

mkdir modules

 

Download all the modules you need from these links:

 

Base modules:

http://switzernet.com/3/public/110525-puppet-modules/

 

Astrad modules:

http://switzernet.com/3/public/110126-astrad-versions/

 

DBA modules:

http://switzernet.com/3/public/110317-db3-versions/

 

PBS module:

http://switzernet.com/3/public/111116-pbspuppet/

 

Additional base modules can be installed from this file:

[Download]

 

For instance, to download and prepare for installation version 14 of Astrad:

 

cd /etc/puppet/modules

wget http://switzernet.com/3/public/110126-astrad-versions/data1/120822,1427,astrad,014.zip

md5sum 120822,1427,astrad,014.zip

unzip 120822,1427,astrad,014.zip

 

Always compare the md5 of the file with the one on the page.

 

Add the configuration for each server to be installed with the desired module in /etc/puppet/manifests/nodes.pp. To install/upgrade astrad14.switzernet.com with astrad14 module the following configuration is needed in the file:

 

node "astrad14.switzernet.com" {

         $server_id      = 1014

         $mysql_ast_user = "root"

         $mysql_ast_pass = "XXXXXX"

         $masterip       = "XXX.XXX.XXX.XXX" # Master-MR24

         $masterip2      = "XXX.XXX.XXX.XXX" # Old Master

         $db3_host_ip    = "XXX.XXX.XXX.XXX" # DB4

         $astrad_version = "Astrad014"

 

         include astrad

}

 

Each server should have a similar block. The node line is used to match the domain of the server with the set of rules that should be run. The include line tells Puppet that it should execute the module astrad with the variables above. The “$server_id” variable is the id in MySQL used for replication. It should be unique in the file. Variables included in the node declaration override variables declared globally at the top of the file. To enable installation of the Astrad module, the variable “$installastradXX” should have a value of 1 locally or globally. Likewise to enable a change in the configuration or in the scripts the variable “$reloadastradXX” has to be enabled. These variables should be disabled by default to avoid unnecessary peaks in CPU while puppet verifies the configuration. Even if everything is up to date, it might take more than 2 minutes to verify.

 

Currently we have three types of servers: Astrads, DBAs and PBSs.

 

Each of these servers executes a different set of modules.

Installation in the clients

 

To install Puppet in a server to be installed, add the node block of that server to /etc/puppet/manifests/nodes.pp if you haven’t done yet. Install puppet with:

 

aptitude update

aptitude install -y puppet

/etc/init.d/puppet stop

sed -i -r 's/^pluginsync=.*/pluginsync=false/g' /etc/puppet/puppet.conf

puppetd --server puppet.switzernet.com --waitforcert 60 –test

 

This will send a certificate sign request to the master, in this case puppet.switzernet.com. Then you’ll have to authorize that connection in that Puppet master. To list all certification requests type:

 

puppetca --list

 

puppetca --sign nameoftheserver.switzernet.com

 

The installation will start after executing again:

 

puppetd --server puppet.switzernet.com --waitforcert 60 --test

 

While it is normal to let the Puppet slave run automatically and check for updates, it is not recommended to let it enabled. If you need to do a Puppet update you can force an execution from the Puppet Master using ssh:

 

for i in {3..21}; do   sshpass -p XXXXXX ssh root@astrad$i.switzernet.com ' puppetd --server puppet.switzernet.com --waitforcert 60 --test '; done

 

With this command all Astrads will synchronize the configuration with the server puppet.switzernet.com one at the time. It is possible to fork, but be careful with it. Don’t start a replication from the same server in two or more slaves because our code is not prepared to guarantee that the replication is valid in that case.

 

References:

Main Puppet site

http://puppetlabs.com

 

Documentation of Puppet

http://docs.puppetlabs.com/

 

How to install a puppet Master

http://switzernet.com/3/public/110530-howto-install-puppet-master/

 

List of Puppet modules

http://switzernet.com/3/public/110525-puppet-modules/

 

Introduction to Puppet

http://switzernet.com/3/public/110127-puppet-introduction/

 

List of Astrad Modules

http://switzernet.com/3/public/110126-astrad-versions/

 

List of DBA Modules

http://switzernet.com/3/public/110317-db3-versions/

 

PBS1 Module

http://switzernet.com/3/public/111116-pbspuppet/