Lately, I have been spending my time doing research on developing a Puppet module. As you might know, Puppet is an orchestration tool used by many sysadmins to deploy and configure servers without hassle on repeating the same installation commands over and over again.
With Puppet you just simply:
- Install Puppet master
- Define node configuration in Puppet master
- Install Puppet agent
- Let the Puppet agent deploy what you have defined
Developing Puppet module requires me to test the module’s manifest on many popular OS distributions out there. I am going to stick with the subject of this post on installing Puppet on following OS distributions:
- RHEL 6/CentOS 6
- RHEL 5/CentOS 5
- Ubuntu 12.04
- Ubuntu 14.04
- Debian 6
- Debian 7
Requirement
Ensure the host’s date and time is synced through ntp and /etc/hosts is configured correctly. Following is the example of /etc/hosts definition that I used:
192.168.10.100 puppetmaster.local
192.168.10.101 mysql1.local # puppet-agent
192.168.10.102 mysql2.local # puppet-agent
192.168.10.103 mysql3.local # puppet-agent |
192.168.10.100 puppetmaster.local
192.168.10.101 mysql1.local # puppet-agent
192.168.10.102 mysql2.local # puppet-agent
192.168.10.103 mysql3.local # puppet-agent
** The /etc/hosts must be same on all nodes so hostname can be resolved to an IP. This is required later during the certificate signing stage by puppet master.
RHEL-based:
yum install -y ntpdate
ntpdate -u my.pool.ntp.org |
yum install -y ntpdate
ntpdate -u my.pool.ntp.org
Debian-based:
sudo apt-get install -y ntpdate
ntpdate -u my.pool.ntp.org |
sudo apt-get install -y ntpdate
ntpdate -u my.pool.ntp.org
Installing Puppetlabs Repository
We’ll need to install official Puppetlabs repository on all nodes regardless of their role in puppet for the installation purposes. Install the repository definition on respective OS distribution:
RHEL 6/CentOS 6:
rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm |
rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
RHEL 5/CentOS 5:
rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm |
rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm
Ubuntu 12.04 (Precise):
wget https://apt.puppetlabs.com/puppetlabs-release-precise.deb
sudo dpkg -i puppetlabs-release-precise.deb |
wget https://apt.puppetlabs.com/puppetlabs-release-precise.deb
sudo dpkg -i puppetlabs-release-precise.deb
Ubuntu 14.04 (Trusty):
wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
sudo dpkg -i puppetlabs-release-trusty.deb |
wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
sudo dpkg -i puppetlabs-release-trusty.deb
Debian 6 (Squeeze):
wget https://apt.puppetlabs.com/puppetlabs-release-squeeze.deb
dpkg -i puppetlabs-release-squeeze.deb |
wget https://apt.puppetlabs.com/puppetlabs-release-squeeze.deb
dpkg -i puppetlabs-release-squeeze.deb
Debian 7 (Wheezy):
wget https://apt.puppetlabs.com/puppetlabs-release-wheezy.deb
dpkg -i puppetlabs-release-wheezy.deb |
wget https://apt.puppetlabs.com/puppetlabs-release-wheezy.deb
dpkg -i puppetlabs-release-wheezy.deb
Installing Puppet Master
On puppetmaster.local node, run following command to install Puppet master:
Redhat-based:
yum install -y puppet-server openssl |
yum install -y puppet-server openssl
Debian-based:
sudo apt-get update
sudo apt-get install -y puppetmaster openssl |
sudo apt-get update
sudo apt-get install -y puppetmaster openssl
Installing Puppet Agent
On all puppet agent nodes (mysql1.local, mysql2.local, mysql3.local), install puppet agent and its dependencies:
Redhat-based:
yum install -y puppet facter openssl |
yum install -y puppet facter openssl
Debian-based:
sudo apt-get update
sudo apt-get install -y puppet facter openssl |
sudo apt-get update
sudo apt-get install -y puppet facter openssl
Signing the Certificate Authority
Puppet communicates through a secured channel with SSL. When puppet agent runs for the first time, it will auto-generate a new SSL and puppet master must sign it before all the communications begin. Run following command on each agent node:
$ puppet agent --server=puppetmaser.local --no-daemonize --verbose
Info: Creating a new SSL key for mysql1.local
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for ccpuppet.local
Info: Certificate Request fingerprint (SHA256): 6F:8B:92:46:B0:3F:04:0A:4F:8D:BD:56:77:24:77:50:1C:E9:F4:EE:C6:00:5E:82:4F:B0:85:B5:26:72:43:E0
Info: Caching certificate for ca |
$ puppet agent --server=puppetmaser.local --no-daemonize --verbose
Info: Creating a new SSL key for mysql1.local
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for ccpuppet.local
Info: Certificate Request fingerprint (SHA256): 6F:8B:92:46:B0:3F:04:0A:4F:8D:BD:56:77:24:77:50:1C:E9:F4:EE:C6:00:5E:82:4F:B0:85:B5:26:72:43:E0
Info: Caching certificate for ca
This will generate a certificate to be signed by the puppet master. Now in the puppet master, list the certificate authority (CA):
$ puppet ca list
mysql1.local (SHA256) 6F:8B:92:46:B0:3F:04:0A:4F:8D:BD:56:77:24:77:50:1C:E9:F4:EE:C6:00:5E:82:4F:B0:85:B5:26:72:43:E0 |
$ puppet ca list
mysql1.local (SHA256) 6F:8B:92:46:B0:3F:04:0A:4F:8D:BD:56:77:24:77:50:1C:E9:F4:EE:C6:00:5E:82:4F:B0:85:B5:26:72:43:E0
Sign the CA for this agent:
$ puppet ca sign mysql1.local
Notice: Signed certificate request for mysql1.local
Notice: Removing file Puppet::SSL::CertificateRequest ccpuppet.local at '/var/lib/puppet/ssl/ca/requests/mysql1.local.pem'
"-----BEGIN CERTIFICATE-----\n
...the key..." |
$ puppet ca sign mysql1.local
Notice: Signed certificate request for mysql1.local
Notice: Removing file Puppet::SSL::CertificateRequest ccpuppet.local at '/var/lib/puppet/ssl/ca/requests/mysql1.local.pem'
"-----BEGIN CERTIFICATE-----\n
...the key..."
Repeat the above steps on the other nodes, mysql2.local and mysql3.local. Now the puppet master should able to communicate with its agents securely.
Configure Puppet Agent
The last step is to update /etc/puppet/puppet.conf and add following line under [main] directive:
server=puppetmaster.local |
server=puppetmaster.local
** If you do not configure as above, you will need to add –server=puppetmaster.local on each of the puppet agent command below.
Now you can test from the agent node:
Deploy MySQL through Puppet
Puppet is now ready. Let’s deploy a mysql server with the simplest way. Go to Puppet Forge and look for a puppet module called puppetlabs-mysql. To install this module, run following command on to the puppet master node:
puppet module install puppetlabs-mysql |
puppet module install puppetlabs-mysql
On the puppetmaster.local, create a puppet manifest to define how the agent should deploy at /etc/puppet/manifests/site.pp:
# /etc/puppet/manifests/site.pp
# Default node - this is compulsory
node "default" {
}
# Define the agent nodes
node "mysql1.local", "mysql2.local", "mysql3.local" {
class { '::mysql::server':
root_password => 'strongpassword'
}
class { '::mysql::client':
package_ensure => 'present'
}
} |
# /etc/puppet/manifests/site.pp
# Default node - this is compulsory
node "default" {
}
# Define the agent nodes
node "mysql1.local", "mysql2.local", "mysql3.local" {
class { '::mysql::server':
root_password => 'strongpassword'
}
class { '::mysql::client':
package_ensure => 'present'
}
}
Above definition will tell Puppet to install a MySQL server and client package on mysql1.local, mysql2.local and mysql3.local. To immediately start the deployment, go to the agent node and run:
Or, wait for the Puppet agent service to apply the catalog automatically (depending on the runinterval value, default is 30 minutes).
Once done, you will have three MySQL servers ready to serve! Imagine how much time you would save if you have many servers, applications, softwares and configurations to maintain.