2. What is Puppet?
• Puppet is a configuration automation platform that is meant to
simplify various system administration tasks.
• Puppet uses a client/server formation where the servers,
called agent nodes talk to and pull down configuration profiles from
the master client, or Puppet master.
• Puppet is written in its own Puppet language, meant to be
accessible to system administrators.
• A module, located on the Puppet master, describes the desired
system.
• Puppet then translates the module into code and alters the agent
servers as needed when you run the puppet agent command on an
agent node, or automatically at the configured intervals.
• Puppet can be used to manage multiple servers across various
infrastructures
3. Setting up the Puppet Master
• Enable the “puppetlabs-release” repository on Ubuntu, unpackage it and update
the system
wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
sudo dpkg -i puppetlabs-release-trusty.deb
sudo apt-get update
sudo apt-get install puppetmaster-passenger
sudo apt-get install puppetmaster
• Ensure you have latest version of puppet running
puppet resource package puppetmaster ensure=latest
• Puppet master is controlled by Apache2. so it runs when Apache2 runs
sudo service Apache2 stop | start | restart | status
• Make sure the hostname is “puppet” and hosts has entry
sudo vi /etc/hostname - puppet
sudo vi /etc/hosts - <ip> puppet , puppet.localdomain
<ip> agent-01, agent-01.localdomain
<ip> agent-02, apent-02.localdomain
• Lock the puppet version
Create a new file sudo vi /etc/apt/preferences.d/00-puppet.pref
Package: puppet puppet-common puppetmaster-passenger
Pin: version 3.4*
Pin-Priority: 501
4. Setting up the Puppet Master …
• Setup puppet master names and certificates
Edit master’s puppet.conf file - sudo vi /etc/puppet/puppet.conf
Delete the line with templatedir
Under the [master] section add the following
- certname = puppet
- dns_alt_names = puppet, puppet.localdomain
• Master’s certificates set up
delete old certificates - sudo rm –rf /var/lib/puppet/ssl
Create a new CA certificate - sudo puppet master –verbose --no-daemonize
Press Ctrl-C after Notice: Starting puppet master message to return to shell
In case “Address in Use” error comes, it could be because puupet master is controlled by Apache2
and that needs to be stopped - sudo service Apache2 stop
to list all certificates on master: sudo puppet cert list -all
Start master - sudo service puppet start
Signing certificates
sudo puppet cert sign <agent-name>
5. Setting up the Puppet Agent
• Enable the “puppetlabs-release” repository on Ubuntu, unpackage it and
update the system
wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
sudo dpkg -i puppetlabs-release-trusty.deb
sudo apt-get update
sudo apt-get install puppet
• Ensure you have latest version of puppet running
puppet resource package puppet ensure=latest
• Puppet is disabled by default.
edit /etc/default/puppet and change start=yes
• Make sure the hostname is “puppet” and hosts has entry
sudo vi /etc/hostname - agent-01 or host-01 or whatever is the hostname
sudo vi /etc/hosts - <ip> puppet , puppet.localdomain
<ip> agent-01, agent-01.localdomain
• Lock the puppet version
Create a new file sudo vi /etc/apt/preferences.d/00-puppet.pref
Package: puppet puppet-common puppetmaster-passenger
Pin: version 3.4*
Pin-Priority: 501
6. Setting up the Puppet Agent …
• Setup puppet master name and certificates
Edit agent’s puppet.conf file - sudo vi /etc/puppet/puppet.conf
delete templatedir
delete [master] and the lines below it.
Add [agent]
server = puppet.localdomain
Start puppet agent
sudo service puppet start
if no output (other than done), then it means the agent has connected
to master and is being managed by the master.
7. Gathering facts
• Puppet gathers facts about each of its nodes using a tool
called “facter”.
• Facter gathers basic facts about nodes (systems) such as
hardware details, network settings, OS type and version, IP
addresses, MAC addresses, SSH keys , etc
• These facts are then made available in puppet as variables.
• It is possible to add custom facts as needed.
• On master -
sudo vi /etc/puppet/manifests/site.pp
add the below lines
file {'/tmp/example-ip': # resource type file and filename
ensure => present, # make sure it exists
mode => 0644, # file permissions
content => "Here is my Public IP Address: ${ipaddress_eth0}.n", # note the ipaddress_eth0
}
On Agent
sudo puppet agent –test -- will create file /tmp/example-ip and print node’s ip address
Here is my Public IP Address: x.x.x.x.
8. Puppet manifest with module
• Modules are useful for grouping tasks together.
• There are many modules available in the Puppet community,
and you can even write your own.
• On master - install puppetlabs-apache module from forgeapi
sudo puppet module install puppetlabs-apache or <module-name>
edit site.pp (sudo vi /etc/puppet/manifests/site.pp) and add the below lines
node 'host-01' {
class { 'apache': } # use apache module
apache::vhost { ‘mysite.com': # define vhost resource
port => '80',
docroot => '/var/www/html'
}
},
On Agent
sudo puppet agent –test
Should see output with Apache2 getting installed
9. Puppet code
Puppet code is primarily composed of resource declarations.
A resource describes something about the state of the system,
such as a certain user or file should exist, or a package should
be installed.
Example of user resource declaration
user { ‘ranjit':
ensure => present,
uid => '1000',
gid => '1000',
shell => '/bin/bash',
home => '/home/ranjit'
}
Example of resource declaration
resource_type { ‘resource_name':
attribute => value,
…..
}
To list all resource types: sudo puppet resource --types
10. Manifests & Classes
Puppet programs are called manifests.
Manifests are composed of puppet code with a .pp extension.
Default main manifest installed via apt is “site.pp”. Another
example of manifest is node, for installing Apache on agent.
Classes - A class definition is where the code that composes a
class lives. Defining a class makes the class available to be
used in manifests, but does not actually evaluate to anything.
Class Definition
class myclass {
…… (puppet code)
}
Class Declaration - include myclass. This will cause puppet
to evaluate puppet code in “myclass”
A resource like class declaration occurs when a class is
declared like a resource. E.g. class {‘apache’:}
11. Modules
A module is a collection of manifests and data
(such as facts, files, and templates), and they
have a specific directory structure.
Modules are useful for organizing your Puppet
code, because they allow you to split your code
into multiple manifests.
To add a module to Puppet, place it in
the /etc/puppet/modules directory
12. Developing a manifest
Using Puppet to set up LAMP stack on Ubuntu.
The following resources are needed on Ubuntu server
1. Apache2 installed and running
2. MySQL server package installed and running
3. php5 package installed and a test php script file present
4. update apt before and after installing packages
For this we write a manifest with the following types of resource declarations
1. exec - to execute commands – e.g. apt-get update
2. package – to install packages via apt-get
3. Service - to ensure that a service is running
4. File – to ensure that certain file exists.
Create manifest on the node where you want to install lamp
sudo vi /etc/puppet/manifests/lamp.pp
sudo puppet apply –test
See the attached lamp.pp file
13. Installing lamp on multiple nodes
Use modules to install lamp on multiple nodes.
Create a directory - lamp/manifests in /etc/puppet/modules
Create a file – init.pp in lamp/manifests
(/etc/puppet/modules/lamp/manifests/init.pp)
Add the following lines in init.pp
1. class lamp {
2. // add the code in lamp.pp here
3. }
On puppet master, in site.pp, add the following
1. node default{ include lamp } OR
2. node ‘host-01’ {
3. include lamp
4. }
5. A node block allows you to specify Puppet code that will only apply to certain agent
nodes. The default node applies to every agent node that does not have a node block
specified
On puppet agent, do the following
sudo puppet agent –test --verbose
see the output
lamp is installed on agent