Difference between revisions of "Extracts from Digitalocean tutorial"
| (15 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | Reference - https://www.digitalocean.com/community/tutorials/how-to-install-puppet-4-in-a-master-agent-setup-on-ubuntu-14-04<br><br> | ||
| + | This installs puppet client and puppet server on a pair of Ubuntu 14.4 machines.<br><br> | ||
'''Ubuntu 14.04'''<br> | '''Ubuntu 14.04'''<br> | ||
timedatectl list-timezones<br> | timedatectl list-timezones<br> | ||
| Line 4: | Line 6: | ||
sudo apt-get update<br> | sudo apt-get update<br> | ||
sudo apt-get -y install ntp<br> | sudo apt-get -y install ntp<br> | ||
| − | Configure ntp.conf<br> | + | Configure ntp.conf with appropriate ntp servers<br> |
sudo service ntp restart<br> | sudo service ntp restart<br> | ||
'''Install puppet'''<br> | '''Install puppet'''<br> | ||
| Line 21: | Line 23: | ||
sudo /opt/puppetlabs/bin/puppet resource service puppetserver ensure=running enable=true<br><br> | sudo /opt/puppetlabs/bin/puppet resource service puppetserver ensure=running enable=true<br><br> | ||
'''Install Puppet Agent'''<br> | '''Install Puppet Agent'''<br> | ||
| + | Perform these steps on all of your agent servers.<br> | ||
| + | Enable the official Puppet Labs collection repository with these commands: | ||
| + | cd ~ && wget https://apt.puppetlabs.com/puppetlabs-release-pc1-trusty.deb | ||
| + | sudo dpkg -i puppetlabs-release-pc1-trusty.deb | ||
| + | |||
| + | Then install the puppet-agent package: | ||
| + | sudo apt-get update | ||
| + | sudo apt-get install puppet-agent | ||
| + | |||
| + | Now that the Puppet agent is installed, start it with this command:<br> | ||
| + | sudo /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true | ||
| + | <br><br> | ||
| + | The first time you run the Puppet agent, it generates an SSL certificate and sends a signing request to the Puppet master. After the Puppet master signs the agent's certificate, it will be able to communicate with and control the agent node.<br> | ||
| + | <br> | ||
| + | '''Sign Certificates on Puppet Master'''<br> | ||
| + | On the Puppet master, run the following command to list all unsigned certificate requests: | ||
| + | sudo /opt/puppetlabs/bin/puppet cert list | ||
| + | |||
| + | '''Sign A Request''' | ||
| + | |||
| + | To sign a certificate request, use the puppet cert sign command, with the hostname of the certificate you want to sign. For example, to sign host1.nyc3.example.com's certificate, you would use the following command: | ||
| + | |||
| + | sudo /opt/puppetlabs/bin/puppet cert sign host1.nyc3.example.com | ||
| + | or | ||
| + | sudo /opt/puppetlabs/bin/puppet cert sign --all | ||
| + | |||
| + | '''View All Signed Requests''' | ||
| + | If you want to view all of the requests, signed and unsigned, run the following command: | ||
| + | sudo /opt/puppetlabs/bin/puppet cert list --all | ||
| + | |||
| + | To see a list of facts that are automatically being gathered on your agent node, run the following command: | ||
| + | |||
| + | /opt/puppetlabs/bin/facter | ||
| + | |||
| + | '''Main Manifest File''' | ||
| + | |||
| + | Puppet uses a domain-specific language to describe system configurations, and these descriptions are saved to files called "manifests", which have a .pp file extension. The default main manifest file is located on your Puppet master server at /etc/puppetlabs/code/environments/production/manifests/site.pp. Let's will create a placeholder file for now: | ||
| + | |||
| + | sudo touch /etc/puppetlabs/code/environments/production/manifests/site.pp | ||
| + | |||
| + | '''Immediate Execution on a Particular Agent Node''' | ||
| + | |||
| + | It is also possible to initiate the check for a particular agent node manually, by running the following command (on the agent node in question): | ||
| + | |||
| + | /opt/puppetlabs/bin/puppet agent --test | ||
| + | |||
| + | '''Specify a Node''' | ||
| + | |||
| + | If you want to define a resource for specific nodes, define a node in the manifest. | ||
| + | |||
| + | On the master, edit site.pp: | ||
| + | |||
| + | sudo vi /etc/puppetlabs/code/environments/production/manifests/site.pp | ||
| + | |||
| + | Now add the following lines:<br> | ||
| + | site.pp example | ||
| + | |||
| + | node 'ns1', 'ns2' { # applies to ns1 and ns2 nodes | ||
| + | file {'/tmp/dns': # resource type file and filename | ||
| + | ensure => present, # make sure it exists | ||
| + | mode => '0644', | ||
| + | content => "Only DNS servers get this file.\n", | ||
| + | } | ||
| + | } | ||
| + | |||
| + | node default {} # applies to nodes that aren't explicitly defined | ||
| + | |||
| + | |||
| + | |||
| + | '''Using a Module''' | ||
| + | |||
| + | Now let's use a module. Modules are useful for grouping tasks together. There are many modules available in the Puppet community, and you can even write your own.<br> | ||
| + | On the Puppet master, install the puppetlabs-apache module from forgeapi: | ||
| + | |||
| + | sudo /opt/puppetlabs/bin/puppet module install puppetlabs-apache | ||
| + | |||
| + | Warning: Do not use this module on an existing Apache setup. It will purge any Apache configurations that are not managed by Puppet. | ||
| + | |||
| + | Now edit site.pp: | ||
| + | |||
| + | sudo vi /etc/puppetlabs/code/environments/production/manifests/site.pp | ||
| + | |||
| + | Now add the following lines to install Apache on host2:<br> | ||
| + | site.pp example | ||
| + | |||
| + | node 'host2' { | ||
| + | class { 'apache': } # use apache module | ||
| + | apache::vhost { 'example.com': # define vhost resource | ||
| + | port => '80', | ||
| + | docroot => '/var/www/html' | ||
| + | } | ||
| + | } | ||
| + | |||
| + | # node default {} # uncomment this line if it doesn't already exist in your manifest | ||
| + | |||
| + | Save and exit. Now the next time Puppet updates host2, it will install the Apache package, and configure a virtual host called "example.com", listening on port 80, and with a document root /var/www/html. | ||
| + | |||
| + | On host2, run the following command: | ||
| + | |||
| + | sudo /opt/puppetlabs/bin/puppet agent --test | ||
Latest revision as of 08:15, 6 May 2016
Reference - https://www.digitalocean.com/community/tutorials/how-to-install-puppet-4-in-a-master-agent-setup-on-ubuntu-14-04
This installs puppet client and puppet server on a pair of Ubuntu 14.4 machines.
Ubuntu 14.04
timedatectl list-timezones
sudo timedatectl set-timezone America/New_York
sudo apt-get update
sudo apt-get -y install ntp
Configure ntp.conf with appropriate ntp servers
sudo service ntp restart
Install puppet
cd ~ && wget https://apt.puppetlabs.com/puppetlabs-release-pc1-trusty.deb sudo dpkg -i puppetlabs-release-pc1-trusty.deb sudo apt-get update sudo apt-get -y install puppetserver
Configure memory:
sudo vi /etc/default/puppetserver
Start puppetserver
Start Puppet Server
Now we're ready to start Puppet Server with this command:
sudo service puppetserver restart
Next, enable Puppet Server so that it starts when your master server boots:
sudo /opt/puppetlabs/bin/puppet resource service puppetserver ensure=running enable=true
Install Puppet Agent
Perform these steps on all of your agent servers.
Enable the official Puppet Labs collection repository with these commands:
cd ~ && wget https://apt.puppetlabs.com/puppetlabs-release-pc1-trusty.deb sudo dpkg -i puppetlabs-release-pc1-trusty.deb
Then install the puppet-agent package:
sudo apt-get update sudo apt-get install puppet-agent
Now that the Puppet agent is installed, start it with this command:
sudo /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true
The first time you run the Puppet agent, it generates an SSL certificate and sends a signing request to the Puppet master. After the Puppet master signs the agent's certificate, it will be able to communicate with and control the agent node.
Sign Certificates on Puppet Master
On the Puppet master, run the following command to list all unsigned certificate requests:
sudo /opt/puppetlabs/bin/puppet cert list
Sign A Request
To sign a certificate request, use the puppet cert sign command, with the hostname of the certificate you want to sign. For example, to sign host1.nyc3.example.com's certificate, you would use the following command:
sudo /opt/puppetlabs/bin/puppet cert sign host1.nyc3.example.com or sudo /opt/puppetlabs/bin/puppet cert sign --all
View All Signed Requests If you want to view all of the requests, signed and unsigned, run the following command:
sudo /opt/puppetlabs/bin/puppet cert list --all
To see a list of facts that are automatically being gathered on your agent node, run the following command:
/opt/puppetlabs/bin/facter
Main Manifest File
Puppet uses a domain-specific language to describe system configurations, and these descriptions are saved to files called "manifests", which have a .pp file extension. The default main manifest file is located on your Puppet master server at /etc/puppetlabs/code/environments/production/manifests/site.pp. Let's will create a placeholder file for now:
sudo touch /etc/puppetlabs/code/environments/production/manifests/site.pp
Immediate Execution on a Particular Agent Node
It is also possible to initiate the check for a particular agent node manually, by running the following command (on the agent node in question):
/opt/puppetlabs/bin/puppet agent --test
Specify a Node
If you want to define a resource for specific nodes, define a node in the manifest.
On the master, edit site.pp:
sudo vi /etc/puppetlabs/code/environments/production/manifests/site.pp
Now add the following lines:
site.pp example
node 'ns1', 'ns2' { # applies to ns1 and ns2 nodes
file {'/tmp/dns': # resource type file and filename
ensure => present, # make sure it exists
mode => '0644',
content => "Only DNS servers get this file.\n",
}
}
node default {} # applies to nodes that aren't explicitly defined
Using a Module
Now let's use a module. Modules are useful for grouping tasks together. There are many modules available in the Puppet community, and you can even write your own.
On the Puppet master, install the puppetlabs-apache module from forgeapi:
sudo /opt/puppetlabs/bin/puppet module install puppetlabs-apache
Warning: Do not use this module on an existing Apache setup. It will purge any Apache configurations that are not managed by Puppet.
Now edit site.pp:
sudo vi /etc/puppetlabs/code/environments/production/manifests/site.pp
Now add the following lines to install Apache on host2:
site.pp example
node 'host2' {
class { 'apache': } # use apache module
apache::vhost { 'example.com': # define vhost resource
port => '80',
docroot => '/var/www/html'
}
}
# node default {} # uncomment this line if it doesn't already exist in your manifest
Save and exit. Now the next time Puppet updates host2, it will install the Apache package, and configure a virtual host called "example.com", listening on port 80, and with a document root /var/www/html.
On host2, run the following command:
sudo /opt/puppetlabs/bin/puppet agent --test
