Installazione di Puppet in Debian dai repository ufficiali Puppetlabs
Jump to navigation
Jump to search
Installazione Server
FARE UGUALE A CLIENT'
- Download and install the “puppetlabs-release” package for your OS version.
wget --no-check-certificate -O /tmp/puppetlabs-release-wheezy.deb https://apt.puppetlabs.com/puppetlabs-release-wheezy.deb sudo dpkg -i /tmp/puppetlabs-release-wheezy.deb sudo apt-get update && sudo apt-get dist-upgrade && sudo apt-get clean
- Fissare la versione di puppet, in modo da evitare upgrade di major version. In questo modo nons i installerà MAI una versione superiore alla 3.7:
sudoedit /etc/apt/preferences.d/00-puppet.pref
Package: puppet puppet-common puppetmaster-common puppetmaster-passenger vim-puppet Pin: version 3.7* Pin-Priority: 501
sudo apt-get update && sudo apt-get dist-upgrade && sudo apt-get clean
- Install Puppet on the Puppet Master Server
sudo apt-get install puppetmaster-passenger
- Impostare il nome DNS del server puppet
puppet.example.priv IN CNAME myserver.example.priv
In the [main] section of the master’s puppet.conf file, set the dns_alt_names setting to a comma-separated list of each hostname the master should be allowed to use:
sudoedit /etc/puppet/puppet.conf
[main] # ... certname= puppet.example.priv dns_alt_names = puppet,puppet.example.priv, myserver.example.priv
- Rimuovere il settaggio deprecato:
sudoedit /etc/puppet/puppet.conf
templatedir=$confdir/templates
- Fermare apache e passenger:
sudo invoke-rc.d apache2 stop
- Rimuovere i certificati generati:
sudo mv /var/lib/puppet/ssl /tmp sudo mkdir /var/lib/puppet/ssl sudo chown puppet: /var/lib/puppet/ssl sudo chmod 0771 /var/lib/puppet/ssl
- Rigenerare i certificati:
sudo puppet master --verbose --no-daemonize
Warning: Setting templatedir is deprecated. See http://links.puppetlabs.com/env-settings-deprecations (at /usr/lib/ruby/vendor_ruby/puppet/settings.rb:1139:in `issue_deprecation_warning') Info: Creating a new SSL key for ca Info: Creating a new SSL certificate request for ca Info: Certificate Request fingerprint (SHA256): EB:0D:73:3E:FB:64:73:A9:E9:BC:33:07:68:FD:EE:E1:1A:DB:AB:BE:F4:55:C9:E1:25:5F:FD:B9:A1:C8:F8:1F Notice: Signed certificate request for ca Info: Creating a new certificate revocation list Info: Creating a new SSL key for puppet.example.priv Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for puppet.example.priv Info: Certificate Request fingerprint (SHA256): E5:AF:D7:08:E3:3B:42:BC:AE:67:24:62:2B:22:F1:39:0C:21:11:EB:47:32:53:63:74:20:AB:BA:8B:00:71:B0 Notice: puppet.example.priv has a waiting certificate request Notice: Signed certificate request for puppet.example.priv Notice: Removing file Puppet::SSL::CertificateRequest puppet.example.priv at '/var/lib/puppet/ssl/ca/requests/puppet.example.priv.pem' Notice: Removing file Puppet::SSL::CertificateRequest puppet.example.priv at '/var/lib/puppet/ssl/certificate_requests/puppet.example.priv.pem' Notice: Starting Puppet master version 3.7.4
- Uscire con CTRL-C
- Controllare il nome dei files dei certificati:
vi /etc/apache2/sites-enabled/puppetmaster
SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.example.priv.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.exampe.priv.pem
- Riavviare apache:
sudo invoke-rc.d apache2 start
- Controllare il certificato
sudo puppet cert list --all
+ "puppet.example.priv" (SHA256) 64:ED:A4:A0:9D:78:A7:56:55:F3:A1:C7:0C:82:8E:38:DA:1E:BC:75:E2:8B:64:E8:25:88:FB:C0:8F:75:08:B5 (alt names: "DNS:myserver", "DNS:myserver.example.priv", "DNS:puppet", "DNS:puppet.example.priv")
- Eventualmente testare con un browser:
https://puppet.example.priv:8140/
The environment must be purely alphanumeric, not
- Preparare un modulo di test
sudo mkdir -p /etc/puppet/modules/test_puppet/{manifests,files}
sudoedit /etc/puppet/modules/test_puppet//manifests/init.pp
class test_puppet {
file { "/tmp/test_puppet":
owner => "root",
group => "root",
mode => 644,
content => "TEST",
}
}
- Assegnarlo al puppet server:
sudoedit /etc/puppet/manifests/site.pp
node 'myserver.example.priv' {
include test_puppet
}
Test
- Install Puppet on Agent Nodes, the first one is the server
sudo apt-get install puppet
- Attivare il servizio:
sudoedit /etc/default/puppet
#... START=yes #...
sudo puppet resource service puppet ensure=running enable=true
- Testare:
sudo puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppet.example.priv
Info: Applying configuration version '1425553402'
Notice: /Stage[main]/Test_puppet/File[/tmp/test_puppet]/ensure: defined content as '{md5}033bd94b1168d7e4f0d644c3c95e35bf'
Notice: Finished catalog run in 0.09 seconds
- Verificare il file:
cat /tmp/test_puppet TEST
Riferimenti
- Installing Puppet: Debian and Ubuntu — Documentation — Puppet Labs
- (PUP-2566) Debian puppet packages set templatedir which triggers deprecation warning - Puppet Labs Tickets
Client
- Download and installazione delle dipendenze e del pacchetto puppetlabs-release per il sistema operativo:
sudo apt-get install lsb-release ca-certificates && \
- Per puppet 3:
wget -O /tmp/puppetlabs-release-$(lsb_release -c | cut -f 2).deb https://apt.puppetlabs.com/puppetlabs-release-$(lsb_release -c | cut -f 2).deb sudo dpkg -i /tmp/puppetlabs-release-$(lsb_release -c | cut -f 2).deb
- Per puppet 5 (solo Jessie, Stretch):
wget -O /tmp/puppet5-release-$(lsb_release -c | cut -f 2).deb https://apt.puppetlabs.com/puppet5-release-$(lsb_release -c | cut -f 2).deb sudo dpkg -i /tmp/puppet5-release-$(lsb_release -c | cut -f 2).deb
- Se si vuole fissare la versione di puppet a 3.7, in modo da evitare upgrade di major version. In questo modo non si installerà MAI una versione superiore alla 3.7:
sudoedit /etc/apt/preferences.d/00-puppet.pref
Package: puppet puppet-common puppetmaster-common puppetmaster-passenger vim-puppet Pin: version 3.7* Pin-Priority: 501
sudo apt-get update && sudo apt-get dist-upgrade
- Installazione di Puppet sul nodo agente per puppet 3.7:
sudo apt-get install puppet
- Installazione di Puppet sul nodo agente per puppet 5:
sudo apt-get install puppet-agent
- Rimuovere il settaggio deprecato:
sudoedit /etc/puppet/puppet.conf
templatedir=$confdir/templates
- Impostare il nome voluto per la macchina, se diverso da hostname -f:
- Per Puppet 3.7
sudoedit /etc/puppet/puppet.conf
- Per Puppet 5
sudoedit /etc/puppetlabs/puppet/puppet.conf
[main] certname=myclient.example.priv dns_alt_names = myclient,myclient.example.priv
- Attivare il servizio:
sudoedit /etc/default/puppet
#... START=yes #...
sudo puppet resource service puppet ensure=running enable=true
- Abilitare:
sudo puppet agent --enable
- Lanciare:
sudo puppet agent --test
- Verificare che il certificato sia stato richiesto sul server
sudo puppet cert list "myclient.example.priv" (SHA256) 62:69:32:F2:F6:1B:68:D4:A4:76:8F:97:52:CD:B9:DE:0E:ED:8A:D4:22:C6:20:A9:7D:75:24:1F:0B:03:1E:B (alt names: "DNS:myclient", "DNS:myclient.example.priv")
- Firmarlo *sul server*:
sudo puppet cert sign --allow-dns-alt-names myclient.example.priv Notice: Signed certificate request for myclient.example.priv Notice: Removing file Puppet::SSL::CertificateRequest myclient.example.priv at '/var/lib/puppet/ssl/ca/requests/myclient.example.priv.pem'
- Definire il nodo sul server
sudoedit /etc/puppet/manifests/site.pp
node 'myclient.example.priv' {
include test_puppet
}
- Testare sul client:
puppet agent --enable sudo puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppet.example.priv
Info: Applying configuration version '1425553402'
Notice: /Stage[main]/Test_puppet/File[/tmp/test_puppet]/ensure: defined content as '{md5}033bd94b1168d7e4f0d644c3c95e35bf'
Notice: Finished catalog run in 0.09 seconds
- Verificare il file:
cat /tmp/test_puppet
TEST
Creazione environments
- Definire il percorso degli environment nella sezione [main]
sudoedit /etc/puppet/puppet.conf
# ... [main] #... environmentpath = $confdir/environments #...
- Creare le directory per gli environments:
sudo mkdir -p /etc/puppet/environments/{production,testing}/{manifests,modules}
- Spostare le eventuali configurazioni globali precedentemente create:
sudo mv /etc/puppet/modules/* /etc/puppet/environments/production/modules/ sudo mv /etc/puppet/manifests/site.pp /etc/puppet/environments/production/manifests/
- Fare restart di apache:
sudo invoke-rc.d apache2 restart
- Verificare che tutto funzioni ancora con l'environment production di default:
sudo rm /tmp/test_puppet; sudo puppet agent --test
- Copiare tutto nell'environment di test:
cd /etc/puppet/environments sudo cp -rv production/* testing/
- Modificare il file di test:
sudoedit /etc/puppet/environments/testing/modules/test_puppet/manifests/init.pp
class test_puppet {
file { "/tmp/test_puppet":
owner => "root",
group => "root",
mode => 644,
content => "TEST-TESTING",
}
}
- Verificare che funzioni:
sudo puppet agent --test --environment=testing; cat /tmp/test_puppet
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppet.example.priv
Info: Applying configuration version '1425561846'
Notice: /Stage[main]/Test_puppet/File[/tmp/test_puppet]/content:
--- /tmp/test_puppet 2015-03-05 14:19:43.584072421 +0100
+++ /tmp/puppet-file20150305-9824-x351pe 2015-03-05 14:24:06.303274218 +0100
@@ -1 +1 @@
-TEST
\ No newline at end of file
+TEST-TESTING
\ No newline at end of file
Info: Computing checksum on file /tmp/test_puppet
Info: /Stage[main]/Test_puppet/File[/tmp/test_puppet]: Filebucketed /tmp/test_puppet to puppet with sum 033bd94b1168d7e4f0d644c3c95e35bf
Notice: /Stage[main]/Test_puppet/File[/tmp/test_puppet]/content: content changed '{md5}033bd94b1168d7e4f0d644c3c95e35bf' to '{md5}fef134d4768b4b4ff06a1826dbcc697c'
Notice: Finished catalog run in 0.16 seconds
TEST-TESTING