Installazione Server

FARE UGUALE A CLIENT'

Download and install the “puppetlabs-release” package for your OS version.

wget --no-check-certificate -O /tmp/puppetlabs-release-wheezy.deb https://apt.puppetlabs.com/puppetlabs-release-wheezy.deb
sudo dpkg -i /tmp/puppetlabs-release-wheezy.deb
sudo apt-get update && sudo apt-get dist-upgrade && sudo apt-get clean

Fissare la versione di puppet, in modo da evitare upgrade di major version. In questo modo nons i installerà MAI una versione superiore alla 3.7:

sudoedit  /etc/apt/preferences.d/00-puppet.pref

Package: puppet puppet-common puppetmaster-common puppetmaster-passenger vim-puppet
Pin: version 3.7*
Pin-Priority: 501

sudo apt-get update && sudo apt-get dist-upgrade && sudo apt-get clean

Install Puppet on the Puppet Master Server

sudo apt-get install puppetmaster-passenger

Impostare il nome DNS del server puppet

puppet.example.priv IN CNAME myserver.example.priv

In the [main] section of the master’s puppet.conf file, set the dns_alt_names setting to a comma-separated list of each hostname the master should be allowed to use:

sudoedit /etc/puppet/puppet.conf

[main]
# ...
certname= puppet.example.priv
dns_alt_names = puppet,puppet.example.priv, myserver.example.priv

Rimuovere il settaggio deprecato:

sudoedit /etc/puppet/puppet.conf

templatedir=$confdir/templates

Fermare apache e passenger:

sudo invoke-rc.d apache2 stop

Rimuovere i certificati generati:

sudo mv /var/lib/puppet/ssl /tmp
sudo mkdir /var/lib/puppet/ssl
sudo chown puppet: /var/lib/puppet/ssl
sudo chmod 0771 /var/lib/puppet/ssl

Rigenerare i certificati:

sudo puppet master --verbose --no-daemonize

Warning: Setting templatedir is deprecated. See http://links.puppetlabs.com/env-settings-deprecations
   (at /usr/lib/ruby/vendor_ruby/puppet/settings.rb:1139:in `issue_deprecation_warning')
Info: Creating a new SSL key for ca
Info: Creating a new SSL certificate request for ca
Info: Certificate Request fingerprint (SHA256): EB:0D:73:3E:FB:64:73:A9:E9:BC:33:07:68:FD:EE:E1:1A:DB:AB:BE:F4:55:C9:E1:25:5F:FD:B9:A1:C8:F8:1F
Notice: Signed certificate request for ca
Info: Creating a new certificate revocation list
Info: Creating a new SSL key for puppet.example.priv
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppet.example.priv
Info: Certificate Request fingerprint (SHA256): E5:AF:D7:08:E3:3B:42:BC:AE:67:24:62:2B:22:F1:39:0C:21:11:EB:47:32:53:63:74:20:AB:BA:8B:00:71:B0
Notice: puppet.example.priv has a waiting certificate request
Notice: Signed certificate request for puppet.example.priv
Notice: Removing file Puppet::SSL::CertificateRequest puppet.example.priv at '/var/lib/puppet/ssl/ca/requests/puppet.example.priv.pem'
Notice: Removing file Puppet::SSL::CertificateRequest puppet.example.priv at '/var/lib/puppet/ssl/certificate_requests/puppet.example.priv.pem'
Notice: Starting Puppet master version 3.7.4

Uscire con CTRL-C

Controllare il nome dei files dei certificati:

vi /etc/apache2/sites-enabled/puppetmaster

       SSLCertificateFile      /var/lib/puppet/ssl/certs/puppet.example.priv.pem
       SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/puppet.exampe.priv.pem

Riavviare apache:

sudo invoke-rc.d apache2 start

Controllare il certificato

sudo puppet cert list --all

+ "puppet.example.priv" (SHA256) 64:ED:A4:A0:9D:78:A7:56:55:F3:A1:C7:0C:82:8E:38:DA:1E:BC:75:E2:8B:64:E8:25:88:FB:C0:8F:75:08:B5 (alt names: "DNS:myserver", "DNS:myserver.example.priv", "DNS:puppet", "DNS:puppet.example.priv")

Eventualmente testare con un browser:

https://puppet.example.priv:8140/

The environment must be purely alphanumeric, not

Preparare un modulo di test

sudo mkdir -p /etc/puppet/modules/test_puppet/{manifests,files}
sudoedit /etc/puppet/modules/test_puppet//manifests/init.pp

class test_puppet {
    file { "/tmp/test_puppet":
        owner => "root",
        group => "root",
        mode => 644,
        content => "TEST",
    }
}

Assegnarlo al puppet server:

sudoedit /etc/puppet/manifests/site.pp

node 'myserver.example.priv' {
    include test_puppet
}

Test

Install Puppet on Agent Nodes, the first one is the server

sudo apt-get install puppet

Attivare il servizio:

sudoedit /etc/default/puppet

#...
START=yes
#...

sudo puppet resource service puppet ensure=running enable=true

Testare:

sudo puppet agent --test

Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppet.example.priv
Info: Applying configuration version '1425553402'
Notice: /Stage[main]/Test_puppet/File[/tmp/test_puppet]/ensure: defined content as '{md5}033bd94b1168d7e4f0d644c3c95e35bf'
Notice: Finished catalog run in 0.09 seconds

Verificare il file:

 cat /tmp/test_puppet 
TEST

Riferimenti

Client

Download and installazione delle dipendenze e del pacchetto puppetlabs-release per il sistema operativo:

sudo apt-get install lsb-release ca-certificates && \

Per puppet 3:

 wget -O /tmp/puppetlabs-release-$(lsb_release -c | cut -f 2).deb https://apt.puppetlabs.com/puppetlabs-release-$(lsb_release -c | cut -f 2).deb
 sudo dpkg -i /tmp/puppetlabs-release-$(lsb_release -c | cut -f 2).deb

Per puppet 5 (solo Jessie, Stretch):

 wget -O /tmp/puppet5-release-$(lsb_release -c | cut -f 2).deb https://apt.puppetlabs.com/puppet5-release-$(lsb_release -c | cut -f 2).deb
 sudo dpkg -i /tmp/puppet5-release-$(lsb_release -c | cut -f 2).deb

Se si vuole fissare la versione di puppet a 3.7, in modo da evitare upgrade di major version. In questo modo non si installerà MAI una versione superiore alla 3.7:

sudoedit  /etc/apt/preferences.d/00-puppet.pref

Package: puppet puppet-common puppetmaster-common puppetmaster-passenger vim-puppet
Pin: version 3.7*
Pin-Priority: 501

sudo apt-get update && sudo apt-get dist-upgrade

Installazione di Puppet sul nodo agente per puppet 3.7:

sudo apt-get install puppet

Installazione di Puppet sul nodo agente per puppet 5:

sudo apt-get install puppet-agent

Rimuovere il settaggio deprecato:

sudoedit /etc/puppet/puppet.conf

templatedir=$confdir/templates

Impostare il nome voluto per la macchina, se diverso da hostname -f:

- Per Puppet 3.7

sudoedit /etc/puppet/puppet.conf

- Per Puppet 5

sudoedit /etc/puppetlabs/puppet/puppet.conf

 [main]
 certname=myclient.example.priv
 dns_alt_names = myclient,myclient.example.priv

Attivare il servizio:

sudoedit /etc/default/puppet

#...
START=yes
#...

sudo puppet resource service puppet ensure=running enable=true

Abilitare:

sudo puppet agent --enable

Lanciare:

sudo puppet agent --test

Verificare che il certificato sia stato richiesto sul server

sudo puppet cert list
 "myclient.example.priv" (SHA256) 62:69:32:F2:F6:1B:68:D4:A4:76:8F:97:52:CD:B9:DE:0E:ED:8A:D4:22:C6:20:A9:7D:75:24:1F:0B:03:1E:B (alt names: "DNS:myclient", "DNS:myclient.example.priv")

Firmarlo *sul server*:

sudo puppet cert sign --allow-dns-alt-names myclient.example.priv

Notice: Signed certificate request for myclient.example.priv
Notice: Removing file Puppet::SSL::CertificateRequest myclient.example.priv at '/var/lib/puppet/ssl/ca/requests/myclient.example.priv.pem'

Definire il nodo sul server

sudoedit /etc/puppet/manifests/site.pp

node 'myclient.example.priv' {
    include test_puppet
}

Testare sul client:

puppet agent --enable
sudo puppet agent --test

Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppet.example.priv
Info: Applying configuration version '1425553402'
Notice: /Stage[main]/Test_puppet/File[/tmp/test_puppet]/ensure: defined content as '{md5}033bd94b1168d7e4f0d644c3c95e35bf'
Notice: Finished catalog run in 0.09 seconds

Verificare il file:

cat /tmp/test_puppet

TEST

Creazione environments

Definire il percorso degli environment nella sezione [main]

sudoedit /etc/puppet/puppet.conf

# ...
[main]
#...
environmentpath = $confdir/environments
#...

Creare le directory per gli environments:

sudo mkdir -p /etc/puppet/environments/{production,testing}/{manifests,modules}

Spostare le eventuali configurazioni globali precedentemente create:

sudo mv /etc/puppet/modules/* /etc/puppet/environments/production/modules/
sudo mv /etc/puppet/manifests/site.pp /etc/puppet/environments/production/manifests/

Fare restart di apache:

sudo invoke-rc.d apache2 restart

Verificare che tutto funzioni ancora con l'environment production di default:

sudo rm /tmp/test_puppet; sudo puppet agent --test

Copiare tutto nell'environment di test:

cd /etc/puppet/environments
sudo cp -rv production/* testing/

Modificare il file di test:

sudoedit /etc/puppet/environments/testing/modules/test_puppet/manifests/init.pp

class test_puppet {
    file { "/tmp/test_puppet":
        owner => "root",
        group => "root",
        mode => 644,
        content => "TEST-TESTING",
    }
}

Verificare che funzioni:

sudo puppet agent --test --environment=testing; cat /tmp/test_puppet

Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppet.example.priv
Info: Applying configuration version '1425561846'
Notice: /Stage[main]/Test_puppet/File[/tmp/test_puppet]/content: 
--- /tmp/test_puppet    2015-03-05 14:19:43.584072421 +0100
+++ /tmp/puppet-file20150305-9824-x351pe        2015-03-05 14:24:06.303274218 +0100
@@ -1 +1 @@
-TEST
\ No newline at end of file
+TEST-TESTING
\ No newline at end of file

Info: Computing checksum on file /tmp/test_puppet
Info: /Stage[main]/Test_puppet/File[/tmp/test_puppet]: Filebucketed /tmp/test_puppet to puppet with sum 033bd94b1168d7e4f0d644c3c95e35bf
Notice: /Stage[main]/Test_puppet/File[/tmp/test_puppet]/content: content changed '{md5}033bd94b1168d7e4f0d644c3c95e35bf' to '{md5}fef134d4768b4b4ff06a1826dbcc697c'
Notice: Finished catalog run in 0.16 seconds
TEST-TESTING

Riferimenti

About Environments — Documentation — Puppet Labs

Installazione di Puppet in Debian dai repository ufficiali Puppetlabs

Contents

Installazione Server

Test

Riferimenti

Client

Creazione environments

Riferimenti

Navigation menu

Installazione di Puppet in Debian dai repository ufficiali Puppetlabs

Installazione Server

Test

Riferimenti

Client

Creazione environments

Riferimenti

Navigation menu

Search