Thursday, 21 July 2016

puppet on CentOS 6

A simple way to install and configure puppet on CentOS 6

A simple way to install and configure puppet on CentOS 6
Puppet is an automation tool which allows you to automate the configuration of software like apache and nginx across multiple servers.
Puppet installation
In this tutorial we will be installing Puppet in the Puppet/Agent mode.You can install it in a Stand Alone mode as well.
OS & software Versions
Centos 6.5
Linux kernel 2.6.32
Puppet 3.6.2
Let’s get to it then.
Puppet server configuration
#Add Puppet repos 
[user@puppet ~]# sudo rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm

[user@puppet ~]# sudo yum install puppet-server

# Add your puppet server hostnames to the conf file under the [main] section
[user@puppet ~]# sudo vim /etc/puppet/puppet.conf

 dns_alt_names = puppet,puppet.yourserver.com

[user@puppet ~]# sudo  service puppetmaster start 
Puppet listens on port no 8140, ensure to unblock it in CSF or your firewall.
Puppet client configuration
#Add Puppet repos 
[user@client ~]# sudo rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm

[user@client ~]# sudo yum install puppet

#Open the conf file and add the puppet server hostname 
[user@client ~]#sudo vim /etc/puppet/puppet.conf
[main]
# The puppetmaster server
server=puppet.yourserver.com



[user@client ~]# sudo service puppet start
In the log file you should see the following lines.
info: Creating a new SSL key for vps.client.com
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for agent1.localdomain
info: Certificate Request fingerprint (md5): FD:E7:41:C9:5C:B7:5C:27:11:0C:8F:9C:1D:F6:F9:46
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled
Puppet uses SSL to communicate with it’s clients, when you start puppet on a client, it will automatically connect to the puppet server in it’s conf file and request for it’s certificate to be signed.
On the puppet server run
[user@puppet ~]# sudo  puppet cert list
vps.client.com (FD:E7:41:C9:2C:B7:5C:27:11:0C:8F:9C:1D:F6:F9:46)

[user@puppet ~]# sudo  puppet cert sign vps.client.com
notice: Signed certificate request for vps.client.com
notice: Removing file Puppet::SSL::CertificateRequest vps.client.com at '/etc/puppetlabs/puppet/ssl/ca/requests/vps.client.pem'
Now our client server “vps.client.com” is authorized to fetch and apply configurations from the puppet server. To understand how puppet ssl works and to troubleshoot any issues you can read http://docs.puppetlabs.com/learning/agent_master_basic.html
Let’s look at a sample puppet configuration.
Installing apache web server with puppet
Although puppet server configuration is stored in “/etc/puppet/puppet.conf”, client configurations are stored in files called manifests.
#On the puppet server run
[user@puppet ~]# sudo vim /etc/puppet/manifests/site.pp

node ‘vps.client.com’ {
             
              package { ‘httpd’ :
                     ensure => installed,
                           }
}
The configuration is pretty self explanatory, the first line indicates that we need to install this configuration on a client machine with the hostname ‘vps.client.com’. If you want to apply the configuration to the puppet server then replace ‘vps.client.com’ with ‘default’ .
Read node definitions for multiple node configurations.
The next two lines tell puppet that we need to ensure that the apache web server is installed. Puppet will check if apache is installed and if not, install it.
Think of a “package” as an object, “httpd” as the name of the object and “ensure => present” as the action to be performed on the object.
So if I wanted puppet to install a mysql database server, the configuration would be
node ‘vps.client.com’ {
package { ‘mysql-server’ :
ensure => installed,
}
}
The puppet server will compile this configuration into a catalog and serve it to a client when a request is sent to it.
How do I pull my configuration to a client immediately?
Puppet client’s usually pull configuration once every 30 minutes, But you can pull a configuration immediately buy running “service puppet restart or the following command.
[user@puppet ~]# sudo puppet agent --test
What if I wanted puppet to add a user ‘Tom’?
Then the object would be user, the name of the object would be ‘tom’ and the action would be ‘present’.
node ‘vps.client.com’ {
             
              user { ‘tomr’ :
                     ensure => present,
                           }
}
In puppet terms, these objects are known as Resources, the name of the objects are Titles and the actions are called Attributes.
Puppet has a number of these resources to help ease your automation, You can read about them at http://docs.puppetlabs.com/references/latest/type.html
How to ensure a service is running with puppet?
Once you have package like apache installed, you will want to ensure that it is running. On the command line you can do this with the service command, However in puppet you will need to use the manifest file and add the configuration as follows.
node ‘vps.client.com’ {
             
              package { ‘httpd’ :  
                     ensure => installed, 
                           }
             ->
             service { ‘httpd’ :  #Our resource and it’s title
                     ensure => running,  #Action to be performed on resource or attribute
                     enable     => true,   # Start apache at boot


                           }

}
Now you must have noticed I have added an “->” symbol. This is because Puppet is not particular about ordering, But we want the service command to run only after apache is installed and not before, hence I have added the arrow symbol which tells Puppet to run only after “httpd” is installed.
To know more about puppet ordering read.
How to automate installation of predefined conf files?
You may want to have a customised apache conf file for this client, which will have the vhost entry and other specific parameters you choose. In this case we need to use the file resource.
Before we go into the configuration, you should know how puppet serves files. A Puppet server provides access to custom files via mount points. One such mount point by default is the modules directory.
The modules directory is where you would add your modules. Modules make it easier to reuse configurations, rather than having to write configurations for every node we can store them as a module and call them whenever we like.
In order to write a module, you need to create a subdirectory inside the modules directory with the module name and create a manifest file called init.pp which should contain a class with the same name as the subdirectory.
[user@puppet ~]# cd /etc/puppet/modules
[user@puppet ~]# mkdir httpd
[user@puppet ~]# mkdir -p httpd/manifests httpd/files
[user@puppet ~]# vim httpd/manifests/init.pp


class httpd {     #Same name as our Sub Directory

  package { 'httpd':
      ensure => present,

         }
      ->
file {'/etc/httpd/conf/httpd.conf':  #Path to file on the client we want puppet to administer
     ensure  => file,  #Ensure it is a file, 
     mode => 0644,    #Permissions for the file
     source => 'puppet:///modules/httpd/httpd.conf', #Path to our customised file on the puppet server
     }

     ->
service { 'httpd':
      ensure     => running,
      enable     => true,
      subscribe => File['/etc/httpd/conf/httpd.conf']  # Restart service if any any change is made to httpd.conf

}
}
You need to add your custom httpd.conf file in the files subdirectory located at “/etc/puppet/modules/httpd/files/”
To understand the how the URI to the source attribute works read http://docs.puppetlabs.com/guides/file_serving.html
Now call the module in our main manifest file.
[user@puppet ~]#sudo vim /etc/puppet/manifests/site.pp

node ‘vps.client.com’ {
             
             include httpd

}

Incase you need a Web interface to  Manage your Linux Servers then read my tutorial Using Foreman, an Opensource Frontend for Puppet
Update: For more Automation and other System Administration/Devops Guides see https://github.com/Leo-G/DevopsWiki
Puppet FAQ
How do I change the time interval for a client to fetch it’s configuration from the server ?
Add “runinterval = 3600 “ under [main] section in “/etc/puppet/puppet.conf” on the client.
Time is in seconds.
How do I install modules from puppet forge?
[user@puppet ~]#sudo puppet module install "full module name"

#Example
[user@puppet ~]#sudo puppet module install puppetlabs-mysql
read more here and for publishing your own modules read http://docs.puppetlabs.com/puppet/latest/reference/modules_publishing.html

Installing Puppet Master and Agent in RHEL/CentOS 7/6/5

Installing Puppet Master and Agent in RHEL/CentOS 7/6/5


Since the computer and computation came into existence the focus remained on automating the task at certain level. Automating task refers to completion of task mostly with itself with least or no human intervention. Most of the fields of engineering be it networking, aircraft, etc. implemented work automation in some form. Task Automation aims at saving Man power, Cost, Time, Energy and accomplish task with accuracy.
Automation at Server level is critical and automating task at server side is one of the most important task for every System Administrator. There are lots of wonderful tools available for System automation, but one tool which always comes to my mind is called Puppet.
Install Puppet in CentOS
Install Puppet in CentOS

What is Puppet?

Puppet is a Free and Open Source software released under Apache License and developed by Puppet Labs for GNU/Linux, Mac, BSD, Solaris and Windows based computer Systems. The project is written in ‘Ruby’ programming Language and it is mostly used at server automation for expressing system configuration as well as a client and server for distributing it, and a library for realizing the configuration.
The latest open source (community maintained) Puppet version <=2.7.26 was released under GNU General Public License.

Puppet Project Aims

Puppet Project Aims at having an expressive enough language supported by a powerful library. It Provide interface to write custom server automation applications in just a few lines of code. Puppet has rich extensibility feature with added functionality support as and when required. Last but not the least it lets you share your work with the world as simple as sharing codes.

Features of Puppet

  1. Designed in such a way that it prevents duplication for everyone solving the same problem.
  2. Mature Tool
  3. Powerful Framework
  4. Simplify System Administrator’s Technical Task.
  5. System Administrator’s task is written in Puppet’s Native code and can be shared.
  6. Makes it possible to make rapid and repeatable changes automatically.
  7. Maintains System Consistency and Integrity.
  8. Helpful in managing Physical and Virtual devices as well as cloud.
This article covers only installation of open source release of Pupper Server and Puppet Agent on RHEL/CentOS 7/6/5.

Step 1: Enable Dependencies and Puppet Labs Repository On Master

1. The server acting as a puppet master should have its system time set accurately. To set, accurate system time you should probably use NTP service. For more instructions on how to set correct system time with NTP, follow the below article.
  1. Set System Time with “NTP (Network Time Protocol)” in RHEL/CentOS
2. Once system time is set correctly, you should enable “optional” channel on RHEL distributions only, to install Puppet. For more instructions on how to enable “optional” channel on RHEL systems can be found Here.
3. Once channel is enabled, you can install latest versions of Puppet using Puppet Labs package repository on your correspondent RHEL/CentOS versions.
RHEL/CentOS 7
# rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
RHEL/CentOS 6
# rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
RHEL/CentOS 5
# rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm

Step 2: Installing and Upgrading Puppet on the Master Server

4. On your master server, run the following command to install Pupper Server, it will install an init script (/etc/init.d/puppetmaster) for executing a test-quality puppet master server.
Do not start puppet master service now.
# yum install puppet-server
5. Next, run the following command to upgrade Puppet to most newest version.
# puppet resource package puppet-server ensure=latest
6. Once upgrade process completes, you will need to restart the puppet master web server to reflect new changes.
# /etc/init.d/puppetmaster restart

Step 3: Installing and Upgrading Puppet on Agent Node

7. Login to your agent node server and run the following command to install Puppet agent. Once you install Puppet agent, you may notice that an init script (/etc/init.d/puppet) has been generated for running the puppet agent daemon.
Do not start puppet agent service now.
# yum install puppet
8. Now upgrade the installed puppet agent to the most recent versions, with the help of following command.
# puppet resource package puppet ensure=latest
9. Once upgrade completes, you will need to restart the puppet service to take new changes.
# /etc/init.d/puppet restart
That’s it! at this moment, your Puppet server and Agent installed successfully, but it isn’t configured properly, to do so you need to follow the post-install and configuration tasks at.
Puppet: Post-Install Tasks and Configuration

Conclusion

Puppet automation tool seems robust, user friendly interface, as well as very declarative. Installation was very easy for me it was nothing to worry about dependencies at installation.