![](/style/images/good.png)
![](/style/images/bad.png)
Getting Started and Working with Puppet 4 On RHEL 7 and CentOS 7
source link: https://computingforgeeks.com/working-with-puppet-4-on-rhel-7-and-centos-7/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Puppet is a Systems Configuration Management/Systems Automation framework written in Ruby that allows system administrators to programmatically provision, configure, and manage servers, network devices, and storage, in a data center or in the cloud. Puppet 4 On RHEL 7 and CentOS 7 makes it easy to create customized system configurations and perform ongoing management of machines by using a set of modules.
Why Configuration Management?
- Reproducable setups: Do once and repeat many times
- Scaling: Easy to scale to many machines, done for one but use on many
- Coherent and consistent server setups
- Visibility : Visibility into the changes occurring in your infra over time and impact on service levels.
- Environment aligned for devel,test,qa and prod nodes
General Hardware recommendations for Puppet 4 On RHEL 7 and CentOS 7- Puppet Master node
- Have fast CPU processor
- Have adequate RAM
- Have a faster hard drive.
When selecting right hardware requirements for your deployment, put in mind that the demands on the Puppet master may vary widely between deployments, major variables being:
- The number of agents being served
- How frequently those agents check in
- How many resources are being managed on each agent
- The complexity of the manifests and modules in use.
Have a look at the Minimum Requirements Page for more details; Both for Monolithic and Split installation setups before doing Puppet 4 On RHEL 7 and CentOS 7.
Puppet related softwares
- Facter – Puppet’s cross-platform system profiling library. It discovers and reports per-node facts, which are available in your Puppet manifests as variables.
- PuppetDB – Fast, reliable and scalable data warehouse that caches data generated by Puppet.
- Foreman – Complete lifecycle management tool for physical and virtual servers.
- Puppet DashBoard – A Puppet Web frontend and External Node Classifier (ENC)
- MCollective – Marionette Collective;framework for building server orchestration or parallel job-execution systems.
Puppet building blocks
Resources
Any configuration part of the system, e.g packages
, services
, files
, users
and groups
, SSH Key authentication
, cron jobs
, SELinux configuration
and more. Resource declarations are formatted as below:
resource_type {'resource_name':
attribute => value,
attribute => value,
..........
}
Manifests
Files ending with .pp
extension. A manifest defines each required resource using a set of key-value
pairs for their attributes.
Classes
These are collection of related resources that once defined, can be declared as a single unit. A class may describe everything needed to configure an entire application or service. For example, a class can contain all of the resources (such as files, settings, modules, and scripts) needed to configure the Apache webserver on a host.
Modules
A module is a collection of classes
, resource types
, files
, functions
and templates
, organized around a particular purpose. For example, a module can configure an Apache webserver instance or Rails application.
More info can be obtained from the official Puppet Glossary Page
My Lab setup
For this Puppet 4 On RHEL 7 and CentOS 7 setup, my deployment type is Agent/Master puppet – This setup requires a central puppet master server/s to host and compile all configuration data. The other nodes run the puppet agent service which will periodically pull its configurations from the master. The puppet master service has to be kept available and responsive.
My Lab setup is a two node, master and client with below settings :
Puppet MasterIP Addess
192.168.10.10Hostname
master.example.comPuppet ClientIP Addess
192.168.10.11Hostname
client.example.comInstalling Puppet server
The newest version of Puppet can be installed from the yum.puppetlabs.com package repository. On your RHEL 7 or Centos 7, just execute commands below to add repo and do the installation.
[root@master ~]# yum -y install https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
By using this added repo, version 4.x of Puppet will be installed. In Puppet 4, a lot of important config files and directories were changed. Review table below for essential directories and files to take note of.
DirectoryExplanatiom/opt/puppetlabs/bin
Puppet server binaries reside here/opt/puppetlabs/puppet/bin/
Directory for private binaries/opt/puppetlabs/server
Where the server-side apps live underneath/etc/puppetlabs/
Puppet’s system confdir; used by root and the puppet user. Contains code
, mcollective
, puppet
, puppetserver
and pxp-agent
directories./etc/puppetlabs/puppet/ssl/
SSL directory/etc/puppetlabs/code/environments/production/manifests/
Contain manifest files/opt/puppetlabs/server/apps/puppetserver/
This is puppetserver app directory/var/log/puppetlabs/
Logs directory/var/run/puppetlabs
Runtime directoryTo install puppet master server run:
[root@master ~]# yum -y install puppetserver
For the version of Puppet installed here version 4.x, the main executables moved to /opt/puppetlabs/bin
. This means all the puppet and related tools aren’t included in your PATH
by default. Therefore, we’ll have to create symbolic links to make them system-wide available:
ln -s /opt/puppetlabs/bin/facter /usr/local/bin/
ln -s /opt/puppetlabs/bin/puppet* /usr/local/bin/
ln -s /opt/puppetlabs/bin/mco /usr/local/bin/
ln -s /opt/puppetlabs/bin/hiera /usr/local/bin/
Confirm that all symbolic links were created using:
[root@master ~]# ls -l /usr/local/bin/
Puppet Master Initial configurations
After successfully installing Puppet on a node to act as a puppet master server, you’ll need to perform below tasks for Puppet 4 On RHEL 7 and CentOS 7 setup to work smoothly.
1
. Open port 8140 on the firewall. The puppet master server must allow incoming connections on port 8140 for agents to connect.
[root@master ~]# firewall-cmd --add-port=8140/tcp --permanent
[root@master ~]# firewall-cmd --reload
[root@master ~]# firewall-cmd --list-ports
Using IPTables[root@master ~]# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
[root@master ~]# iptables -A INPUT -m state --state NEW -p tcp --dport 8140 -j ACCEPT
[root@master ~]# iptables-save
[root@master ~]# iptables -L -v
2.
Name resolution configuration:
Every node must have a unique hostname. Forward and reverse DNS
must both be configured correctly. If you don’t have DNS server in your setup environment, consider adding hostname and IP values to /etc/hosts
file on each node. On my setup, I’ll add as below
[root@master ~]# echo "192.168.10.11 client.example.com client" >> /etc/hosts
Also set the dns_alt_names
which are a comma-separated list of alternate DNS names for Puppet Server. These are extra hostnames the server is allowed to use when serving agents.They are added in the [master]
section of the master’s puppet.conf
file.
[root@master ~]# vim /etc/puppetlabs/puppet/puppet.conf
Then add below line under [master]
section:
dns_alt_names = master.example.com,master
3.
Generate CA certificate and the puppet master certificate with the appropriate DNS names. Since this is the only puppet master in my deployment demo, this step can’t be skipped.
[root@master ~]# puppet master --no-daemonize --verbose
Press Ctrl + C
to quit
4.
Now start and enable puppetmaster
service:
[root@master ~]# systemctl enable puppetserver
[root@master ~]# systemctl start puppetserver
Configure Puppet client
To install puppet client package, use below commands:
[root@client~]# yum -y install https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
[root@client ~]# yum -y install puppet-agent
Confifure Certificates
Enable certificate from the Puppet Client on the puppet master. First specify puppet server hostname on /etc/puppetlabs/puppet/puppet.conf
file:
[root@client ~]# echo "server = master.example.com" >> /etc/puppetlabs/puppet/puppet.conf
[root@client ~]# echo "192.168.10.10 master.example.com master" >> /etc/hosts
Create binaries symlinks:
ln -s /opt/puppetlabs/bin/facter /usr/local/bin/
ln -s /opt/puppetlabs/bin/puppet* /usr/local/bin/
ln -s /opt/puppetlabs/bin/mco /usr/local/bin/
ln -s /opt/puppetlabs/bin/hiera /usr/local/bin/
Test certificate service from client server
[root@client ~]# puppet agent --test --ca_server=master.example.com
Info: Creating a new SSL key for client.example.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for client.example.com
Info: Certificate Request fingerprint (SHA256): 09:BC:B0:BE:0C:8D:89:26:3F:0D:FB:FE:78:F4:4F:DD:31:4E:64:BA:B0:09:0F:B0:53:01:D4:E3:F1:03:18:15
Info: Caching certificate for ca
Start and enable puppet service:
[root@client ~]# systemctl start puppet.service
[root@client ~]# systemctl enable puppet.service
On the puppet master server, sign certificate request by Puppet client:
[root@master ~]# puppet cert list
"client.example.com" (SHA256) 09:BC:B0:BE:0C:8D:89:26:3F:0D:FB:FE:78:F4:4F:DD:31:4E:64:BA:B0:09:0F:B0:53:01:D4:E3:F1:03:18:15
[root@master ~]# puppet cert --allow-dns-alt-names sign client.example.com
Signing Certificate Request for:
"client.example.com" (SHA256) 09:BC:B0:BE:0C:8D:89:26:3F:0D:FB:FE:78:F4:4F:DD:31:4E:64:BA:B0:09:0F:B0:53:01:D4:E3:F1:03:18:15
Notice: Signed certificate request for client.example.com
Notice: Removing file Puppet::SSL::CertificateRequest client.example.com at '/etc/puppetlabs/puppet/ssl/ca/requests/client.example.com.pem'
Testing
So far we’ve installed both puppet master and client nodes. Let’s do some testing on our Puppet 4 On RHEL 7 and CentOS 7 setup to confirm everything works as expected. We’ll create simple test manifest and apply it to the client node. The manifest is to create a user named bob
, with uid of 1000
and is a member of wheel
group:
Generate encrypted password for the user
python -c 'import crypt,getpass; print(crypt.crypt(getpass.getpass(), crypt.mksalt(crypt.METHOD_SHA512)))'
Password:
$6$kJyIyD53PMVwAOgc$ou/nTbSJrK1WlmOzsopwqj1kQ3VCm9afUZDAsHPswvxfbag7rQrdc4QZb9FYa/Ag28m7Bi.fkzpaXBZ5z56BH.
Create manifest file on the master nodecat >> /etc/puppetlabs/code/environments/production/manifests/site.pp <<END
group { 'bob':
ensure => present,
gid => 1000,
}
user { 'bob':
ensure => present,
home => '/home/bob',
managehome => true,
uid => 1000,
gid => 1000,
groups => ['bob', 'wheel'],
password => '$6$kJyIyD53PMVwAOgc$ou/nTbSJrK1WlmOzsopwqj1kQ3VCm9afUZDAsHPswvxfbag7rQrdc4QZb9FYa/Ag28m7Bi.fkzpaXBZ5z56BH.',
comment => 'Bob User',
}
END
Restart puppet service on the client for the changes to quickly get manifest applied:
[root@client ~]# systemctl restart puppet
Now check to confirm user bob
was created successfully
[root@client ~]# echo ""; id bob; echo "" ; getent passwd bob; echo ""; ls /home
uid=1000(bob) gid=1000(bob) groups=1000(bob),10(wheel)
bob:x:1000:1000::/home/bob:/bin/bash
bob
Conclusion
On this blog post- working with Puppet 4 On RHEL 7 and CentOS 7, we’ve been able to successfully install and configure both the puppet master and Puppet v4 client. To this end, you should be ready to start learning and practicing with puppet 4. On our next Puppet tutorial, we’ll explore Puppet Resources, Classes, Advanced Manifests and how to write custom Puppet modules. Till then, stay tuned by following me on Twitter.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK