Sunday, May 26, 2013

RHEL6 Puppet install of master/agent

This is based on Chapter 1 of Pro Puppet by James Turnbull and Jeffrey McCune but for RHEL6.4. Also, I have SELinux running on both the master and the agent.


I. Install Packages

Master
yum install ruby ruby-libs
wget https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum localinstall epel-release-6-8.noarch.rpm
yum -y install puppet facter puppet-server
Agent
yum install ruby ruby-libs
wget https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum localinstall epel-release-6-8.noarch.rpm
yum -y install puppet facter
Versions
Versions for the master as of May 26, 2013 are below. The agent will be the same except it won't have puppet-server. 
[root@puppet-master ~]# rpm -qa | egrep "ruby|pup|fact"
libselinux-ruby-2.0.94-5.3.el6_4.1.x86_64
ruby-augeas-0.4.1-1.el6.x86_64
ruby-shadow-1.4.1-13.el6.x86_64
ruby-1.8.7.352-10.el6_4.x86_64
facter-1.6.18-3.el6.x86_64
puppet-server-2.6.18-3.el6.noarch
ruby-libs-1.8.7.352-10.el6_4.x86_64
puppet-2.6.18-3.el6.noarch
[root@puppet-master ~]#

Update use Puppet Lab's own repo so you get newer packages (added 6/14/2013).

/etc/yum.repos.d/puppet.repo

[Puppet]
name=Puppet
baseurl=http://yum.puppetlabs.com/el/6Server/products/x86_64/
gpgcheck=0

[Puppet_Deps]
name=Puppet Dependencies
baseurl=http://yum.puppetlabs.com/el/6Server/dependencies/x86_64/
gpgcheck=0


II. Initialize Services

Master

1. Added the following to /etc/puppet/puppet.conf: 
[master]
    certname=puppet.example.com
2. Created empty file in /etc/puppet/manifests/site.pp
3. Opened only 8140 in iptables
4. Start puppetmaster and configure it for boot:
service puppetmaster start
chkconfig puppetmaster on
5. Observe certs in /var/lib/puppet/

Agent

1. Added "server=puppet.example.com" to /etc/puppet/puppet.conf
2. Run "puppet agent --server=puppet.example.com --no-daemonize --verbose" and observe:
[root@puppet-agent ~]# puppet agent --server=puppet.example.com --no-daemonize --verbose
info: Creating a new SSL key for puppet-agent.example.com
info: Caching certificate for ca
info: Creating a new SSL certificate request for puppet-agent.example.com
info: Certificate Request fingerprint (md5): EA:5E:82:B8:A8:BA:8D:7E:5B:3D:20:2C:68:06:B0:04
...
notice: Did not receive certificate
...
The above sends a cert to be signed by the master. It will check every two minutes if there is a new cert.

Master

Sign the certificate
[root@puppet-master public_keys]# puppet cert --list
  "puppet-agent.example.com" (EA:5E:82:B8:A8:BA:8D:7E:5B:3D:20:2C:68:06:B0:04)
[root@puppet-master public_keys]# 

[root@puppet-master public_keys]# puppet cert --sign puppet-agent.example.com
notice: Signed certificate request for puppet-agent.example.com
notice: Removing file Puppet::SSL::CertificateRequest puppet-agent.example.com at '/var/lib/puppet/ssl/ca/requests/puppet-agent.example.com.pem'
[root@puppet-master public_keys]#

Agent

Continue to observe the output of "puppet agent --server=puppet.example.com --no-daemonize --verbose" and you should see news of the cert's acceptance: 
...
info: Caching certificate for puppet-agent.example.com
notice: Starting Puppet client version 2.6.18
info: Caching certificate_revocation_list for ca
info: Caching catalog for puppet-agent.example.com
info: Applying configuration version '1369603392'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.01 seconds
^c
Now run the puppet agent as a daemon and configure it to run on boot:
[root@puppet-agent ~]# service puppet start
Starting puppet:                                           [  OK  ]
[root@puppet-agent ~]# chkconfig puppet on
[root@puppet-agent ~]#

III. Push a puppet forge module to the agent

In this example I will use jeffmccune/motd.

Master

Before I can install puppet-module I need the gem binary, which you can't get on RHEL6 without the optional channel. 
[root@puppet-master manifests]# rhn-channel --list
rhel-x86_64-server-6
[root@puppet-master manifests]#
[root@puppet-master manifests]# rhn-channel -a --channel=rhel-x86_64-server-optional-6
Username: $username
Password: 
[root@puppet-master manifests]# rhn-channel --list
rhel-x86_64-server-6
rhel-x86_64-server-optional-6
[root@puppet-master manifests]#
Install rubygems: 
yum install rubygems
Install puppet-module
[root@puppet-master manifests]# gem install puppet-module
******************************************************************************

  Thank you for installing puppet-module from Puppet Labs!

  * Usage instructions: read "README.markdown" or run `puppet-module usage`
  * Changelog: read "CHANGES.markdown" or run `puppet-module changelog`
  * Puppet Forge: visit http://forge.puppetlabs.com/
  * If you don't have Puppet installed locally by your system package
    manager, please install it with:

        sudo gem install puppet


******************************************************************************
Successfully installed puppet-module-0.3.4
1 gem installed
Installing ri documentation for puppet-module-0.3.4...
Installing RDoc documentation for puppet-module-0.3.4...
Could not find main page README.rdoc
Could not find main page README.rdoc
Could not find main page README.rdoc
Could not find main page README.rdoc
[root@puppet-master manifests]#

Puppet looks for modules in /etc/puppet/modules, so create that directory:

[root@puppet-master ~]# cd /etc/puppet/
[root@puppet-master puppet]# mkdir modules
[root@puppet-master puppet]# cd modules/
[root@puppet-master modules]#
Install the jeffmccune/motd module from the puppet forge: 
[root@puppet-master modules]# puppet module install jeffmccune/motd
Installed "jeffmccune-motd-1.0.3" into directory: motd
[root@puppet-master modules]# ls
motd
[root@puppet-master modules]#
Define $puppetserver and node list in /etc/puppet/manifests/site.pp
import 'nodes.pp'
$pupppetserver = 'puppet.example.com'
Define the nodes in /etc/puppet/manifests/nodes.pp
node 'puppet-agent.example.com' {
     include motd
}
In the above case I am making a place for my puppet-agent node and asking that the motd module be on the agent.

Agent

Wait the default amount of time (30 minutes) or reload puppet.

root@puppet-agent ~]# service puppet reload
Restarting puppet:                                         [  OK  ]
[root@puppet-agent ~]# tail -f /var/log/messages
May 26 19:50:24 puppet-agent puppet-agent[13924]: Restarting with '/usr/sbin/puppetd '
May 26 19:50:25 puppet-agent puppet-agent[14060]: Reopening log files
May 26 19:50:25 puppet-agent puppet-agent[14060]: Starting Puppet client version 2.6.18
May 26 19:50:28 puppet-agent puppet-agent[14060]: (/File[/etc/motd]/content) content changed '{md5}d41d8cd98f00b204e9800998ecf8427e' to '{md5}1b48863bff7665a65dda7ac9f57a2e8c'
May 26 19:50:28 puppet-agent puppet-agent[14060]: Finished catalog run in 0.02 seconds
Now if I SSH into the agent, I see my new MOTD.
me@workstation:~$ ssh puppet-agent
me@puppet-agent's password: 
Last login: Sun May 26 19:07:17 2013 from 192.168.1.50
-------------------------------------------------
Welcome to the host named puppet-agent
RedHat 6.4 x86_64
-------------------------------------------------
Puppet: 2.6.18
Facter: 1.6.18

FQDN: puppet-agent.example.com
IP:   192.168.1.67

Processor: Intel(R) Xeon(R) CPU           E5462  @ 2.80GHz
Memory:    486.71 MB

-------------------------------------------------
[me@puppet-agent ~]$

Posted by John at 4:20 PM 0 comments

todo: crowbar in virtualbox

Todo: Get Crowbar running in VirtualBox VMs
Posted by John at 2:31 PM 0 comments

Review of Puppet NTP

Posting an example which helps me remember what I learned about puppet a week ago; an NTP class which hasn't yet been converted into a module from Learning — Modules and Classes (Part One). I borrowed the HTML/CSS from puppetlabs.com. 

      
    class ntp {
      case $operatingsystem {
        centos, redhat: { 
          $service_name = 'ntpd'
          $conf_file    = 'ntp.conf.el'
        }
        debian, ubuntu: { 
          $service_name = 'ntp'
          $conf_file    = 'ntp.conf.debian'
        }
      }
      
      package { 'ntp':
        ensure => installed,
      }
      
      service { 'ntp':
        name      => $service_name,
        ensure    => running,
        enable    => true,
        subscribe => File['ntp.conf'],
      }
      
      file { 'ntp.conf':
        path    => '/etc/ntp.conf',
        ensure  => file,
        require => Package['ntp'],
        source  => "/root/learning-manifests/${conf_file}",
      }
    }
Posted by John at 1:29 PM 1 comments

Sunday, May 19, 2013

Learning Puppet: Modules & Classes

I am having a good time leaning puppet and have finished up to Modules & Classes for today. One thing we need where I work is a way to insure that PHP is set up consistently and thias/php might do the trick. Checking it out...
[root@learn ~]# puppet module install thias-php
Preparing to install into /etc/puppetlabs/puppet/modules ...
Downloading from http://forge.puppetlabs.com ...
Installing -- do not interrupt ...
/etc/puppetlabs/puppet/modules
└── thias-php (v0.2.5)
[root@learn ~]#
Posted by John at 9:25 PM 0 comments

Tuesday, May 14, 2013

USB to RS-232

Today I received my USB to Serial Converter for connecting my laptop to an RS-232 serial device. Cisco has a cheat sheet for using screen to connect to their gear.
Posted by John at 5:56 PM 0 comments

Sunday, May 12, 2013

Personal OpenStack via Crowbar

Crowbar was made to easily deploy OpenStack. Here are two 10 minute videos showing how to install Crowbar:

and then install OpenStack on top of it.

The narrator, Rob Hirscheld, does it all on one physical box using a couple of VMs.
Posted by John at 9:43 PM 0 comments

Saturday, May 11, 2013

toy cluster

I built a quick lab at home to learn some new cluster tools. I got four Dell OptiPlex 755s (Intel Core 2 Duo, 3G RAM, 50G disk) named James, Lars, Kirk, and Cliff. They are connected with a Cisco 806. As previously documented I am using minicom to reach the Cisco. My next move is to uplink the Cisco to my WRT54G. Time for a crash course in IOS. 

Router>show version
Cisco Internetwork Operating System Software 
IOS (tm) C806 Software (C806-K9OSY6-M), Version 12.3(26), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by cisco Systems, Inc.
Compiled Mon 17-Mar-08 20:31 by dchih

ROM: System Bootstrap, Version 12.2(1r)XE2, RELEASE SOFTWARE (fc1)

Router uptime is 3 hours, 35 minutes
System returned to ROM by power-on
System image file is "flash:c806-k9osy6-mz.123-26.bin"
...
CISCO C806 (MPC855T) processor (revision 0x301) with 30720K/2048K bytes of memory.
Processor board ID JAD05510XLM (908819059), with hardware revision 0000
CPU rev number 5
Bridging software.
2 Ethernet/IEEE 802.3 interface(s)
128K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
2048K bytes of processor board Web flash (Read/Write)

Configuration register is 0x2102

Router>

Posted by John at 8:32 PM 0 comments
Subscribe to: Posts (Atom)