Puppet master & agents

By | 13/11/2013

I am writing this post as part of a course called Linuxin keskitetty hallinta (Linux centralized management) held by Tero Karvinen terokarvinen.com/2013/aikataulu-%E2%80%93-linuxin-keskitetty-hallinta-%E2%80%93-ict4tn011-4-syksylla-2013

I am using 64-bit Xubuntu 12.04 LTS Fresh install.

The tasks of today’s assignment:

Study:

Create:

  • One master and two agents installation and test it
  • Bonus: Create differing setting to the agents

Preparation:

I started by installing Three computers with xubuntu 12.04 LTS. And chose 1 of them to be the master (username: samuel, hostname: Master-21) and the rest to be it’s agents (matti, agent-14 and teppo, agent-11).

Master

I installed puppetmaster
$ sudo apt-get update && sudo apt-get install puppetmaster

Agents

I installed ssh servers on both agents
$ sudo apt-get update && sudo apt-get install openssh-server

Master

I opened two terminals and connected to the agents through ssh (and will do everything through the terminal instead of walking to the computers each time something needs to be done.)

Terminal 1:
$ ssh [email protected]

Terminal 2:
$ ssh [email protected]

Not sure if relevant anymore since I got a ssh-connection established, I pinged both agents (with a third terminal not connected to either agent):

Agent-Matti

$ ifconfig

inet addr:172.28.9.11

Agent-Teppo

$ ifconfig

inet addr:172.28.9.246

Master

$ ping -c 1 172.28.9.11

PING 172.28.9.11 (172.28.9.11) 56(84) bytes of data.
64 bytes from 172.28.9.11: icmp_req=1 ttl=64 time=0.261 ms

--- 172.28.9.11 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.261/0.261/0.261/0.000 ms

$ ping -c 1 172.28.9.246

PING 172.28.9.246 (172.28.9.246) 56(84) bytes of data.
64 bytes from 172.28.9.246: icmp_req=1 ttl=64 time=0.296 ms

--- 172.28.9.246 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.296/0.296/0.296/0.000 ms

$ ifconfig

inet addr:172.28.9.121

Agents

I pinged the master with both agents

$ ping -c 1 172.28.9.121

PING 172.28.9.121 (172.28.9.121) 56(84) bytes of data.
64 bytes from 172.28.9.121: icmp_req=1 ttl=64 time=0.229 ms

--- 172.28.9.121 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.229/0.229/0.229/0.000 ms

Configuration:

Master

I regenerated the master’s certificate:

$ sudo service puppetmaster stop
$ sudo rm -r /var/lib/puppet/ssl

I created a “nickname” to the master:

$ sudoedit /etc/puppet/puppet.conf

before:

[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post

[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN 
ssl_client_verify_header = SSL_CLIENT_VERIFY

after:

[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post

[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN 
ssl_client_verify_header = SSL_CLIENT_VERIFY
dns_alt_names = puppet, Master-21.local

I restarted the puppetmaster server:

$ sudo service puppetmaster start

Agents

I installed puppet to both agents and made them aware of the masters new name:

$ sudo apt-get install puppet

$ sudoedit /etc/puppet/puppet.conf

before:

[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post

[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN 
ssl_client_verify_header = SSL_CLIENT_VERIFY

after:

[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post

[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN 
ssl_client_verify_header = SSL_CLIENT_VERIFY

[agent]
server = Master-21.local

I started the agents’ puppets:

$ sudoedit /etc/default/puppet

changed from no to yes:

# Start puppet on boot?
START=yes

$ sudo service puppet restart

Master

I accepted the agents’ certificates in order to allow them to receive information from master.

$ sudo puppet cert --list

Both of the agents’ information were on the list. I signed them by inserting the agents’ names after the “–sign” flag (only the name part not the suffix)

Use the actual name you see!

$ sudo puppet cert --sign agent-11.example.com
$ sudo puppet cert --sign agent-14.example.com

Giving orders to the agents:

Master

I created a site manifest and the configuration file needed:

$ cd /etc/puppet/
$ sudo mkdir -p manifests/ modules/helloworld/manifests/
$ sudoedit manifests/site.pp

class {"helloworld":}

$ sudoedit modules/helloworld/manifests/init.pp

class helloworld {
        file { '/tmp/masterSaysHello':
                content => "Greetings from your master\n"
        }
}

Agents

I reloaded the agents so the changes would be registered sooner and checked the file:

$ sudo service puppet reload
$ cat /tmp/masterSaysHello

Greetings from your master

Master

I will be installing 3 programs in order to test puppet with nodes. After this part both agents will have gedit installed in addition matti will have chromium browser and teppo will have nethack installed as well.

I will start with gedit:

$ sudo mkdir -p modules/gedit/manifests
$ sudoedit modules/gedit/manifests/init.pp

class gedit {
        package {'gedit':
                ensure => latest,
        }
}

$ sudoedit manifests/site.pp

class {"helloworld":}

class {"gedit":}

Agents

And to test the changes:

$ sudo service puppet reload

matti’s computer installed right away. In teppo’s case I had to wait. I didn’t want to wait for too long so I made another reload on teppo’s computer and it installed gedit without any more wait.

Master

next up was chromium for matti:

$ sudo mkdir -p modules/chromium/manifests
$ sudoedit modules/chromium/manifests/init.pp

class chromium {
        package {'chromium-browser':
                ensure => latest,
        }
}

$ sudoedit manifests/site.pp

class {"helloworld":}

class {"gedit":}

node 'agent-11.example.com' {
        class {"chromium":}
}

Agent-Matti

$ sudo service puppet reload

I checked that only agent matti had chromium browser installed and it indeed was so.

Master

Last but not least Teppo’s nethack:

$ sudo mkdir -p modules/nethack/manifests
$ sudoedit modules/nethack/manifests/init.pp

class nethack {
        package {'nethack-common':
                ensure => latest,
        }
}

$ sudoedit manifests/site.pp

class {"helloworld":}

class {"gedit":}

node 'agent-14.example.com' {
        class {"chromium":}
}

node 'slave-11.example.com'{
	class {"nethack":}
}

Agent-Teppo

$ sudo service puppet reload

I checked that only agent teppo had nethack installed

$ nethack-console

The game started.

Conclusion

I installed 1 master- and two agent-computers, tested both agents with a helloworld module. I installed gedit to both agents and chromium browser to agent matti and nethack game to agent teppo.

Screenshot of agent matti’s desktop with said modules:

agent-matti

Screenshot of agent teppo’s desktop with said modules:

agent-teppo

Sources I used

terokarvinen.com/2012/puppetmaster-on-ubuntu-12-04

soivi.net/2013/installing-puppet-master-and-slaves/

One thought on “Puppet master & agents

  1. Pingback: Linuxin keskitetty hallinta – h2 | teemuskog

Leave a Reply

Your email address will not be published. Required fields are marked *