Pages

Showing posts with label puppet. Show all posts
Showing posts with label puppet. Show all posts

Thursday, December 28, 2023

Mastering Puppet: A Guide to Configuring the Puppet Master and Client

Puppet is a powerful configuration management tool that automates the process of managing your infrastructure. Setting up a Puppet Master and its clients can seem daunting, but with this guide, you'll be equipped to handle the initial configuration with ease. This blog will walk you through the steps needed to set up a Puppet Master and client, ensuring a smooth and secure connection between them.

Step 1: Initial Setup for Both Master and Client

Downloading and Installing Needed RPM
Before you begin, ensure that both the Master and the client machines have the necessary RPM installed. This can be done by running:

rpm -ivUh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

This command will install the EPEL (Extra Packages for Enterprise Linux) repository, providing additional packages for your setup.

Step 2: Installing the Puppet Server and Client


Master: Installing Puppet Server
On your Master machine, install the Puppet Server with Yum:

yum install puppet-server
Client: Installing Puppet
On the client machine, install the Puppet client software:

yum install puppet

Step 3: Configuring Hostnames and Network

Ensure that the Master and client can communicate with each other by setting up the hostnames correctly.

Edit the Hosts File
Add the following entries to the /etc/hosts file on both the Master and client:

xxx.xxx.xxx.xxx master.puppet.com
xxx.xxx.xxx.xxx client.puppet.com

Replace xxx.xxx.xxx.xxx with the appropriate IP addresses.

Test the Connection
Test the connectivity between the Master and client using the ping command:

ping -c 3 client.puppet.com
ping -c 3 master.puppet.com

Step 4: Setting Up Iptables

For secure communication, you need to ensure that the correct port is open on both the Master and client.

Modify Iptables Rules
You can either disable Iptables or open port 8140, which Puppet uses for communication:


iptables -A INPUT -p tcp --dport 8140 -m state --state NEW,ESTABLISHED -j ACCEPT

Step 5: Starting the Puppet Master Server

With the configurations set, it's time to start the Puppet Master.

Start the Server
On the Master machine, start the Puppet Master service:
/etc/init.d/puppetmaster restart

Step 6: Client Certificate Signing

Puppet uses a certificate-based authentication system. The client will request a certificate from the Master, which needs to be signed.
Check for Signed Certificates
From the client machine, initiate a certificate signing request:

puppetd --server=master.puppet.com --waitforcert 60 --test

Sign the Client's Certificate
On the Master, list all unsigned certificates:

puppetca --list

Sign the client's certificate:

puppetca --sign client.puppet.com

Step 7: Creating Configuration for Clients

With the infrastructure in place, you'll now need to define the desired state of your client systems in the Puppet Master.

Edit the Manifest File
Add configurations to /etc/puppet/manifests/site.pp on the Master. Here's a sample configuration:


# Create "/tmp/testfile" if it doesn't exist.
file { "/tmp/outside":
ensure => present,
mode => 644,
owner => root,
group => root
}
class test_class {
file { "/tmp/testfile":
ensure => present,
mode => 644,
owner => root,
group => root
}
}
package {
'httpd':
ensure => installed }
service {
'httpd':
ensure => true,
enable => true,
require => Package['httpd']
}
# tell puppet on which client to run the class
node client {
include test_class
}
Conclusion
Congratulations! If you've followed these steps without error, your Puppet Master and client are now configured and communicating securely. With your infrastructure now under Puppet's management, you're set to automate your configurations, ensuring consistency and reliability across your environment. Remember, Puppet is incredibly powerful and flexible. Continue exploring its capabilities to fully harness its potential in managing your infrastructure.

Friday, February 13, 2015

Running a Script in Client Server's using Puppet Master.

Running a Script in Client Server's using Puppet.

Enable the puppet File Server
=============================
Add Following entries to /etc/puppet/fileserver.conf
[extra_files]
path /var/lib/puppet/bucket
allow *


The File is stored in the mentioned path
========================================
[root@master ~]# ll /var/lib/puppet/bucket/
total 4
-rw-r--r--. 1 root root 39 Feb 10 16:45 startup.sh

In the below codes first the scripts is fetched from the master and saved in the local file. and then execute
==============================================================================================================
[root@master ~]# cat /etc/puppet/manifests/site.pp
node "client" {
file { '/tmp/startup.sh':
          owner => 'root',
          group => 'root',
          mode => '700',
          source => 'puppet:///extra_files/startup.sh',
       }
exec    {'run_startup':
        command => '/tmp/startup.sh',
        }
}
[root@master ~]#

Tuesday, February 10, 2015

Puppet Master-Client Setup/Usage

Puppet is a system for automating system administration tasks. It has a master server in which we will be mentioning the client configurations and in the client we will be running an agent which will fetch the configuration form the master server and implement it.

Environment
Master and Client Runs on Centos7

Open the port 8140 in firewall and set SELINUX to permissive mode.

Intalling the packages.
================
rpm -ivh https://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-11.noarch.rpm
yum install -y puppet-server

Start the service
============
systemctl start  puppetmaster.service
puppet resource service puppetmaster ensure=running enable=true
--------------------------
Notice: /Service[puppetmaster]/enable: enable changed 'false' to 'true'
service { 'puppetmaster':
  ensure => 'running',
  enable => 'true',
}
[root@master ~]#

Now the Certificate and keys would have been created.
====================================================
[root@master ~]# ll /var/lib/puppet/ssl/certs
total 8
-rw-r--r--. 1 puppet puppet 2013 Feb  9 14:48 ca.pem
-rw-r--r--. 1 puppet puppet 2098 Feb  9 14:48 master.example.com.novalocal.pem
[root@master ~]#
[root@master ~]# ll /var/lib/puppet/ssl/private_keys/
total 4
-rw-r--r--. 1 puppet puppet 3243 Feb  9 14:48 master.example.com.novalocal.pem
[root@master ~]#


Add the Following entries to the Following File. # You will find the cert name in /var/lib/puppet/ssl/certs
================================================
vim /etc/puppet/puppet.conf
[master]
certname = master.example.com.novalocal.pem
autosign = true

Restart the Service
systemctl restart  puppetmaster.service

[root@master ~]# netstat -plan |grep 8140
tcp6       0      0 :::8140                 :::*                    LISTEN      5870/ruby
[root@master ~]#

####################
Client Configuration 
####################

Install the Packages
====================
rpm -ivh https://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-11.noarch.rpm
yum install -y puppet

Configure the Client
=====================
 vim /etc/puppet/puppet.conf
# In the [agent] section
    server = master.example.com.novalocal
    report = true
    pluginsync = true

Now the Following Command will add the certificate to Server 
===============================================
puppet agent -t --debug --verbose

From Server we need to sign the client certificate If its not signed Automatically
=============================================================
puppet cert sign --all

Now from Client again run
=========================
puppet agent -t --debug --verbose
to get synced.



Now in Server Create the Configuration file 
==================================
cat /etc/puppet/manifests/site.pp
node "client.example.com" {
file { '/root/example_file.txt':
    ensure => "file",
    owner  => "root",
    group  => "root",
    mode   => "700",
    content => "Congratulations!
Puppet has created this file.
",}
}

Once the above file in created in Server we need to run agent in the client
puppet agent -t --debug --verbose

we can see that file is created

Info: Applying configuration version '1423504520'
Notice: /Stage[main]/Main/Node[client.example.com]/File[/root/example_file.txt]/ensure: defined content as '{md5}8a2d86dd40aa579c3fabac1453fcffa5'
Debug: /Stage[main]/Main/Node[client.example.com]/File[/root/example_file.txt]: The container Node[client.example.com] will propagate my refresh event
Debug: Node[client.example.com]: The container Class[Main] will propagate my refresh event
Debug: Class[Main]: The container Stage[main] will propagate my refresh event
Debug: Finishing transaction 23483900
Debug: Storing state
Debug: Stored state in 0.01 seconds
Notice: Finished catalog run in 0.03 seconds
Debug: Using cached connection for https://master.example.com.novalocal:8140
Debug: Caching connection for https://master.example.com.novalocal:8140
Debug: Closing connection for https://master.example.com.novalocal:8140
[root@client ~]# ll /root/
total 4
-rwx------. 1 root root 47 Feb  9 17:55 example_file.txt
[root@client ~]#