1

Getting Started and Working with Puppet 4 On RHEL 7 and CentOS 7

 2 years ago
source link: https://computingforgeeks.com/working-with-puppet-4-on-rhel-7-and-centos-7/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Puppet is a Systems Configuration Management/Systems Automation framework written in Ruby that allows system administrators to programmatically provision, configure, and manage servers, network devices, and storage, in a data center or in the cloud. Puppet 4 On RHEL 7 and CentOS 7 makes it easy to create customized system configurations and perform ongoing management of machines by using a set of modules.

Puppet 4 On RHEL 7 and CentOS 7

Why Configuration Management?

  • Reproducable setups: Do once and repeat many times
  • Scaling: Easy to scale to many machines, done for one but use on many
  • Coherent and consistent server setups
  • Visibility : Visibility into the changes occurring in your infra over time and impact on service levels.
  • Environment aligned for devel,test,qa and prod nodes

General Hardware recommendations for Puppet 4 On RHEL 7 and CentOS 7- Puppet Master node

  • Have fast CPU processor
  • Have adequate RAM
  • Have a faster hard drive.

When selecting right hardware requirements for your deployment, put in mind that the demands on the Puppet master may vary widely between deployments, major variables being:

  1. The number of agents being served
  2. How frequently those agents check in
  3. How many resources are being managed on each agent
  4. The complexity of the manifests and modules in use.

Have a look at the Minimum Requirements Page for more details; Both for Monolithic and Split installation setups before doing Puppet 4 On RHEL 7 and CentOS 7.

Puppet related softwares

  1. Facter – Puppet’s cross-platform system profiling library. It discovers and reports per-node facts, which are available in your Puppet manifests as variables.
  2. PuppetDB – Fast, reliable and scalable data warehouse that caches data generated by Puppet.
  3. Foreman – Complete lifecycle management tool for physical and virtual servers.
  4. Puppet DashBoard – A Puppet Web frontend and External Node Classifier (ENC)
  5. MCollective – Marionette Collective;framework for building server orchestration or parallel job-execution systems.

Puppet building blocks

Resources

Any configuration part of the system, e.g packages, services, files, users and groups, SSH Key authentication, cron jobs, SELinux configuration and more. Resource declarations are formatted as below:

resource_type {'resource_name':
    attribute => value,
    attribute => value,
    ..........
}
Manifests

Files ending with .pp extension. A manifest defines each required resource using a set of key-valuepairs for their attributes.

Classes

These are collection of related resources that once defined, can be declared as a single unit. A class may describe everything needed to configure an entire application or service. For example, a class can contain all of the resources (such as files, settings, modules, and scripts) needed to configure the Apache webserver on a host.

Modules

A module is a collection of classes, resource types, files, functions and templates, organized around a particular purpose. For example, a module can configure an Apache webserver instance or Rails application.

More info can be obtained from the official Puppet Glossary Page

My Lab setup

For this Puppet 4 On RHEL 7 and CentOS 7 setup, my deployment type is Agent/Master puppet – This setup requires a central puppet master server/s to host and compile all configuration data. The other nodes run the puppet agent service which will periodically pull its configurations from the master. The puppet master service has to be kept available and responsive.

My Lab setup is a two node, master and client with below settings :

Puppet MasterIP Addess192.168.10.10Hostnamemaster.example.comPuppet ClientIP Addess192.168.10.11Hostnameclient.example.com

Installing Puppet server

The newest version of Puppet can be installed from the yum.puppetlabs.com package repository. On your RHEL 7 or Centos 7, just execute commands below to add repo and do the installation.

[root@master ~]# yum -y install https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm

By using this added repo, version 4.x of Puppet will be installed. In Puppet 4, a lot of important config files and directories were changed. Review table below for essential directories and files to take note of.

DirectoryExplanatiom/opt/puppetlabs/binPuppet server binaries reside here/opt/puppetlabs/puppet/bin/Directory for private binaries/opt/puppetlabs/serverWhere the server-side apps live underneath/etc/puppetlabs/Puppet’s system confdir; used by root and the puppet user. Contains code, mcollective, puppet, puppetserver and pxp-agent directories./etc/puppetlabs/puppet/ssl/SSL directory/etc/puppetlabs/code/environments/production/manifests/Contain manifest files/opt/puppetlabs/server/apps/puppetserver/This is puppetserver app directory/var/log/puppetlabs/Logs directory/var/run/puppetlabsRuntime directory

To install puppet master server run:

[root@master ~]# yum -y install puppetserver

For the version of Puppet installed here version 4.x, the main executables moved to /opt/puppetlabs/bin. This means all the puppet and related tools aren’t included in your PATH by default. Therefore, we’ll have to create symbolic links to make them system-wide available:

ln -s /opt/puppetlabs/bin/facter /usr/local/bin/
ln -s /opt/puppetlabs/bin/puppet* /usr/local/bin/
ln -s /opt/puppetlabs/bin/mco /usr/local/bin/
ln -s /opt/puppetlabs/bin/hiera /usr/local/bin/

Confirm that all symbolic links were created using:

[root@master ~]# ls -l /usr/local/bin/

Puppet Master Initial configurations

After successfully installing Puppet on a node to act as a puppet master server, you’ll need to perform below tasks for Puppet 4 On RHEL 7 and CentOS 7 setup to work smoothly.

1. Open port 8140 on the firewall. The puppet master server must allow incoming connections on port 8140 for agents to connect.

Using Firewalld
[root@master ~]# firewall-cmd --add-port=8140/tcp --permanent
[root@master ~]# firewall-cmd --reload 
[root@master ~]# firewall-cmd --list-ports
Using IPTables
[root@master ~]# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
[root@master ~]# iptables -A INPUT -m state --state NEW -p tcp --dport 8140 -j ACCEPT
[root@master ~]# iptables-save
[root@master ~]# iptables -L -v

2. Name resolution configuration:

Every node must have a unique hostname. Forward and reverse DNS must both be configured correctly. If you don’t have DNS server in your setup environment, consider adding hostname and IP values to /etc/hosts file on each node. On my setup, I’ll add as below

[root@master ~]# echo "192.168.10.11 client.example.com client" >> /etc/hosts

Also set the dns_alt_names which are a comma-separated list of alternate DNS names for Puppet Server. These are extra hostnames the server is allowed to use when serving agents.They are added in the [master] section of the master’s puppet.conf file.

[root@master ~]# vim  /etc/puppetlabs/puppet/puppet.conf

Then add below line under [master] section:

dns_alt_names = master.example.com,master

3. Generate CA certificate and the puppet master certificate with the appropriate DNS names. Since this is the only puppet master in my deployment demo, this step can’t be skipped.

[root@master ~]# puppet master --no-daemonize --verbose

Press Ctrl + C to quit

4. Now start and enable puppetmaster service:

[root@master ~]# systemctl enable puppetserver
[root@master ~]# systemctl start puppetserver

Configure Puppet client

To install puppet client package, use below commands:

[root@client~]# yum -y install https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
[root@client ~]# yum -y install puppet-agent
Confifure Certificates

Enable certificate from the Puppet Client on the puppet master. First specify puppet server hostname on /etc/puppetlabs/puppet/puppet.conf file:

[root@client ~]# echo "server = master.example.com" >> /etc/puppetlabs/puppet/puppet.conf
[root@client ~]# echo "192.168.10.10 master.example.com master" >> /etc/hosts

Create binaries symlinks:

ln -s /opt/puppetlabs/bin/facter /usr/local/bin/
ln -s /opt/puppetlabs/bin/puppet* /usr/local/bin/
ln -s /opt/puppetlabs/bin/mco /usr/local/bin/
ln -s /opt/puppetlabs/bin/hiera /usr/local/bin/

Test certificate service from client server

[root@client ~]# puppet agent --test --ca_server=master.example.com

Info: Creating a new SSL key for client.example.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for client.example.com
Info: Certificate Request fingerprint (SHA256): 09:BC:B0:BE:0C:8D:89:26:3F:0D:FB:FE:78:F4:4F:DD:31:4E:64:BA:B0:09:0F:B0:53:01:D4:E3:F1:03:18:15
Info: Caching certificate for ca

Start and enable puppet service:

[root@client ~]# systemctl start puppet.service 
[root@client ~]# systemctl enable puppet.service

On the puppet master server, sign certificate request by Puppet client:

[root@master ~]# puppet cert list 

  "client.example.com" (SHA256) 09:BC:B0:BE:0C:8D:89:26:3F:0D:FB:FE:78:F4:4F:DD:31:4E:64:BA:B0:09:0F:B0:53:01:D4:E3:F1:03:18:15

[root@master ~]# puppet cert --allow-dns-alt-names sign client.example.com

Signing Certificate Request for:
  "client.example.com" (SHA256) 09:BC:B0:BE:0C:8D:89:26:3F:0D:FB:FE:78:F4:4F:DD:31:4E:64:BA:B0:09:0F:B0:53:01:D4:E3:F1:03:18:15
Notice: Signed certificate request for client.example.com
Notice: Removing file Puppet::SSL::CertificateRequest client.example.com at '/etc/puppetlabs/puppet/ssl/ca/requests/client.example.com.pem'

Testing

So far we’ve installed both puppet master and client nodes. Let’s do some testing on our Puppet 4 On RHEL 7 and CentOS 7 setup to confirm everything works as expected. We’ll create simple test manifest and apply it to the client node. The manifest is to create a user named bob, with uid of 1000 and is a member of wheel group:

Generate encrypted password for the user

python -c 'import crypt,getpass; print(crypt.crypt(getpass.getpass(), crypt.mksalt(crypt.METHOD_SHA512)))'
Password: 
$6$kJyIyD53PMVwAOgc$ou/nTbSJrK1WlmOzsopwqj1kQ3VCm9afUZDAsHPswvxfbag7rQrdc4QZb9FYa/Ag28m7Bi.fkzpaXBZ5z56BH.
Create manifest file on the master node
cat >> /etc/puppetlabs/code/environments/production/manifests/site.pp <<END
group { 'bob':
    ensure => present,
    gid    => 1000,
}
user { 'bob':
    ensure     => present,
    home       => '/home/bob',
    managehome => true,
    uid        => 1000,
    gid        => 1000,
    groups     => ['bob', 'wheel'],
    password   => '$6$kJyIyD53PMVwAOgc$ou/nTbSJrK1WlmOzsopwqj1kQ3VCm9afUZDAsHPswvxfbag7rQrdc4QZb9FYa/Ag28m7Bi.fkzpaXBZ5z56BH.',
    comment    => 'Bob User',
}
END

Restart puppet service on the client for the changes to quickly get manifest applied:

[root@client ~]# systemctl restart puppet

Now check to confirm user bob was created successfully

[root@client ~]# echo ""; id bob; echo "" ; getent passwd bob; echo ""; ls /home

uid=1000(bob) gid=1000(bob) groups=1000(bob),10(wheel)

bob:x:1000:1000::/home/bob:/bin/bash

bob

Conclusion

On this blog post- working with Puppet 4 On RHEL 7 and CentOS 7, we’ve been able to successfully install and configure both the puppet master and Puppet v4 client. To this end, you should be ready to start learning and practicing with puppet 4. On our next Puppet tutorial, we’ll explore Puppet Resources, Classes, Advanced Manifests and how to write custom Puppet modules. Till then, stay tuned by following me on Twitter.


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK