An Introduction to Puppet

In an environment, be it development or production, managing system settings and software bits on multiple hosts that make up a working environment is a challenge. Puppet offers features that can be used to build such environments consistently and to manage them centrally.

1. Installation

Puppet 3.2.2 is installed on Linux 6 hosts as part of this tutorial. The server and agent portions of the Puppet system will be installed separately on 2 different machines, in a Agent/Master configuration.

1.1 Prerequisites

1.1.1 Operating System

Puppet can be run on all the major operating systems from flavors of UNIX to Windows. For complete list, refer Puppet’s Supported Platforms Guide: http://docs.puppetlabs.com/guides/platforms.html.

For this tutorial, Linux 6 is used and the sample commands and dependent components used will be compatible with that platform.

1.1.2 Ruby

Check version of the Ruby installed on the host and make sure that the version of Puppet that you plan to install is compatible.

$ ruby --version
ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]

Ruby gets installed as a dependency when Puppet software is installed.

Refer Puppet’s Supported Platforms Guide to check the compatibility: http://docs.puppetlabs.com/guides/platforms.html

1.1.3 Facter

facter is a Ruby library and application that collects and display facts about a system such as operating system names, hardware characteristics, IP addresses, MAC addresses, and SSH keys. It gets installed as a dependency when Puppet software is installed on a machine.

Using the command line tool you can query system info such as these:

$ facter ipaddress
10.88.174.167

$ facter architecture
x86_64

For a complete list of system facts, refer http://docs.puppetlabs.com/facter/1.6/core_facts.html

1.1.4 Hiera

Hiera is a simple hierarchical database used to represent hierarchically structured info such as infrastructure configuration. It gets installed as a dependency when Puppet software is installed on a machine.

1.1 Setting up yum repository

The sample steps provided here assumes that the Puppet software is installed on some version of Linux.

To setup the yum repository with the Puppet software, you need to download it first. For example, for Linux 5 and 6, you can download corresponding rpm as below:

$ rpm -ivh http://yum.puppetlabs.com/el/5/products/i386/puppetlabs-release-5-7.noarch.rpm

$ rpm -ivh http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-7.noarch.rpm

For the latest version of the rpm, and other flavors of UNIX, refer http://docs.puppetlabs.com/guides/puppetlabs_package_repositories.html

1.2 Installation

Puppet is installed in the Agent/Master configuration in this tutorial – server and agent components on separate machines.

1.2.1 Installing Server

If the yum repository is setup already by downloading the Puppet software already, it can be installed as follows:

$ sudo yum install puppet-server

This will also pull in the dependent software components such as Ruby, facter and Hiera.

$ ruby --version
ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]

$ puppet --version
3.2.2

$ facter --version
1.7.2

$ hiera --version
1.2.1

The configuration file is /etc/puppet/puppet.conf. The config file can have 3 sections: main, master and agent. The settings in main is available to both master and agent processes.

Following commands can be used to start agent and master services:

$ sudo puppet resource service puppet ensure=running enable=true
$ sudo puppet resource service puppetmaster ensure=running enable=true

The master and agent processes running on the system are:

$ service puppetmaster status
puppet (pid 31311) is running...

$ service puppet status
puppet (pid 31200) is running...

The Puppet init files are these:

$ ls /etc/init.d/puppet*
/etc/init.d/puppet /etc/init.d/puppetmaster /etc/init.d/puppetqueue

Using these init files you can start and stop the services also:

$ service puppetmaster stop

1.2.2 Installing Agent

Install agent software:

$ sudo yum install puppet

Start the agent service:

$ sudo puppet resource service puppet ensure=running enable=true

Notice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running'
service { 'puppet':
ensure => 'running',
enable => 'true',
}

$ service puppet status
puppet (pid 30429) is running...

Open config file /etc/puppet/puppet.conf and under the section “main”, add name of server host:

server = [name.domain]

Restart the agent:
$ sudo service puppet stop
$ sudo service puppet start

1.2.3 Verifying Installation

On the agent host, run this command:

$ sudo puppet agent --waitforcert 60 --test

This will make agent to contact the server host and wait for cert authorization.

On the server host, check for the certs that need to be authorized:

$ sudo puppet cert --list
"agenthost.domain" (SHA256) ....

Sign the certificate:

$ sudo puppet cert --sign agenthost.domain

Notice: Signed certificate request for agenthost.domain
Notice: Removing file Puppet::SSL::CertificateRequest agenthost.domain at '/var/lib/puppet/ssl/ca/requests/agenthost.domain.pem'

The output of test command on the agent host will be similar to this after the cert will be signed:

$ sudo puppet agent --test
Info: Retrieving plugin
Info: Caching catalog for agenthost.domain
Info: Applying configuration version '1373533921'
Notice: Finished catalog run in 0.04 seconds

This means your setup is correct!

2. Managing Hosts using Puppet

2.1 Defining Modules

The primary use of Puppet is to centrally manage nodes on which Puppet agent runs. The system configuration settings and static files are setup on the agent nodes based on modules defined on the Puppet master node. Usually each module defines a system configuration setting or deployment of static files.

The modules definitions are usually under the directory /etc/puppet/modules. (It is actually set by the “modulepath” configuration item in puppet.conf) The main part of a module is the class definition in /etc/puppet/modules/[module_name]/manifests/init.pp.

For example, the sample module ntp that installs and runs NTP service on node is setup as follows:

Define class in /etc/puppet/modules/ntp/manifests/init.pp:

class ntp {
package { "ntp":
ensure => installed,
}

service { "ntpd":
ensure => running,
}
}

Another module “hosts” installs /etc/hosts on the agent nodes by distributing the static file /etc/puppet/files/hosts on the Puppet master node. The class is defined in /etc/puppet/modules/hosts/manifests/init.pp:

class hosts {
file { "/etc/hosts":
owner => root,
group => root,
mode => 775,
source => "puppet:///files/hosts",
}
}

The source mentioned in the class, puppet:///files/hosts, will be translated to /etc/puppet/files/hosts on the Puppet master node. Therefore, the file must be available under that location.

$ sudo mkdir /etc/puppet/files

Save the following content of a /etc/hosts file meant for agent nodes with suitable modifications:

$ vi /etc/puppet/files/hosts

# /etc/hosts
# The following lines are desirable for IPv4 capable hosts
127.0.0.1 localhost.localdomain localhost
127.0.0.1 localhost4.localdomain4 localhost4

# The following lines are desirable for IPv6 capable hosts
::1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6

#Puppet master node
IP.ADDRESS puppetmasternode.domain puppetmaster

Add the following section to /etc/puppet/fileserver.conf, to set the mapping and access permissions:

[files]
path /etc/puppet/files
allow *

2.2 Deploying modules

The entry point to a Puppet system that consists of the puppet master node and agent nodes (master node can be one of the agents too.) is set in the config file /etc/puppet/manifests/site.pp. The application of various modules defined on agent nodes is managed using /etc/puppet/manifests/nodes.pp:

node 'masternode.domain' {
include ntp
include hosts
}

node 'agentnode.domain' {
include hosts
}

By using this, the modules ntp and hosts will be applied on the master node, and the hosts module will be applied on the agent node. To get that done, import nodes.pp in site.pp as follows:

$ cat manifests/site.pp
import "nodes"

That’s it! Now, by running the Puppet agent on master and agent nodes, the modules can be applied:

$ sudo puppet agent --test -v
Info: Retrieving plugin
Info: Caching catalog for masternode.domain
Info: Applying configuration version '1373614149'
Notice: /Stage[main]/Hosts/File[/etc/hosts]/content:
--- /etc/hosts 2013-07-10 22:40:19.758999976 +0000
+++ /tmp/puppet-file20130712-12044-1ghmk7a-0 2013-07-12 07:33:46.377666713 +0000

... (file diff)

Info: FileBucket adding {md5}1ba29d3d02db763182fc74622c057699
Info: /Stage[main]/Hosts/File[/etc/hosts]: Filebucketed /etc/hosts to puppet with sum 1ba29d3d02db763182fc74622c057699
Notice: /Stage[main]/Hosts/File[/etc/hosts]/content: content changed '{md5}1ba29d3d02db763182fc74622c057699' to '{md5}c1124f74ed6f78bea001082aa86e4f1b'
Notice: /Stage[main]/Hosts/File[/etc/hosts]/mode: mode changed '0644' to '0775'
Notice: Finished catalog run in 0.52 seconds

$ service ntpd status
ntpd (pid 8486) is running...

2.3 Applying Changes

Puppet agents apply the changes from server based on the runinterval setting in puppet.conf. The default is 30m. Various time formats (s,m,h,d and y) can be used to specify the time.

runinterval = 30s

To test this feature, do these steps:
– Add runinterval config item in the puppet.conf file on the agent machine. Set the time to something smaller than 30m, so you can verify the application of change quickly.
– Restart puppet agent service:
sudo service puppet restart
– On the server side, make some change to the source file /etc/puppet/files/hosts and save. Monitor /etc/hosts on the agent host and see if the change is applied.

Advertisements
This entry was posted in Automation, DevOps, Puppet and tagged , , , , , . Bookmark the permalink.

One Response to An Introduction to Puppet

  1. Pingback: Putting Puppet to work | Smooth Operator

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s