Automation - Configuration Management using Puppet
7:26 PM- Puppet was used for configuration management. Puppetmaster is deployed on a CentOS server. Windows Servers on which Prognosis needs to be installed are Puppet Clients. Puppetmaster is listening on port 8140 via apache. Just for troubleshooting, once you've vpn'ed to the AF1 MCP cloud network, you can open a browser and visit https://10.192.117.11:8140
- As of now, the automation involves the following. Note that these steps involve prerequisites for the Prognosis s/w install and the Prognosis installation itself:-
- Bring the secondary HPF disk online. Initialize the disk and format it
- Hostname change
- Reboot the server
- After the reboot is complete, transfer the license, prereq. and prognosis exe, msi files to the client
- Install the prerequisites
- Install Prognosis
Servers involved
- Puppetmaster VM sits in the NA5 Production MCP. Network Name - Automation
- The Windows Server puppet clients sit in the AP2 Production MCP. Network Name - TUC AP Regional Management Layer - Automation.
Note that even though this network is in the Production AP2 MCP, it is
not used in the TUC Production environment. A separate network has been
built for TUC production(regional layer AP2) in the same MCP.
Hostname
|
IP Address
|
OS
|
Puppet install Type
|
|---|---|---|---|
| puppetmaster | 10.192.117.11 | CentOS 6.4 | puppet server(puppetmaster) |
| pcloud-ap2-1 | 10.64.126.11 | Win Server 2012 | puppet client(agent) |
| pcloud-ap2-2 | 10.64.126.12 | Win Server 2012 | puppet client(agent) |
| pmsuc-ap2-1 | 10.64.126.13 | Win Server 2012 | puppet client(agent) |
| pmsuc-ap2-2 | 10.64.126.14 | Win Server 2012 | puppet client(agent) |
Puppet Installation - Pre-Install Steps
- Ensure that hostname resolution between the Puppetmaster and clients is working.
- Since there is no common DNS server(s) in this case, I manually entered the hostnames-IP mappings in the respective 'hosts' files.
Puppetmaster Hosts file
- Location: /etc/hosts
Puppet Client Hosts file
- Below is an example hosts file on one of the clients(PCLOUD-AP2-1)
- Location: C:\Windows\System32\drivers\etc
Check Timekeeping on Your Puppet Master Server
The puppet master server that will be acting as the certificate authority(puppetmaster - 10.192.117.11 in this case) should have its system time set accurately. Use NTP or make sure the timezone is set correctly.(If it doesn’t, it may mistakenly issue agent certificates from the distant past or future, which other nodes will treat as expired.)
Installing Puppet
Enable the Puppet Labs Package Repository
The newest versions of Puppet can be installed from the yum.puppetlabs.com package repository. To enable the repository, run the following command on the CentOS box:-
Install Puppet on the Puppet Master Server
Run the following command on the CentOS box
This will install a test quality puppet server. Do not start the puppet server yet.Install Puppet on Agent Nodes
a) Download the windows agent package from here:- http://downloads.puppetlabs.com/windows
b) Run the following command in powershell to install puppet:-
c) Once the installer finishes, the puppet client will be installed, running, and at least partially configured. The puppet node should now make a cert request to the puppet CA server.Sign the Certificate Request - On the puppet CA master server
a) Now that the cert request is made by the agent node, it needs to be signed by the CA master server, so that a certificate is created for the agent and the puppet master and agent can communicate.
b) Run the following commands on the server to view the list of cert requests and then sign the cert request made by the specific agent node.
Installing Puppet: Post-Install Tasks
Configure a Puppet Master Server
a) Get the Master’s Names and Certificates Set Up
1. When you create the puppet master’s certificate, you must include every DNS name at which agent nodes might try to contact the master.2. In the
[main] section of the master’s puppet.conf file, set the dns_alt_names setting
to a comma-separated list of each hostname the master should be allowed
to use. The puppet.conf file that I configured looks as follows:-3. As this is a CA master, run the following command:-
Notice: Starting Puppet master version <VERSION>, type ctrl-C to kill the process.b) Put Your Puppet Modules and Manifests in Place
1. The following 2 Modules were created - common AND regional
hostnamechange.ps1
This is a powershell script which is run
on a client while the puppet config(common module specifically) is
applied. This script used to initialize, build a new partition and
format the secondary HPF disk. It also sets the hostname based on the
puppet agent certname and reboots the system for the hostname change to
take effect. Note that while naming the 'PUPPET_AGENT_CERTNAME'
parameter in the Puppet agent installation section, make sure to name
the cert exactly the way you would like the windows client hostname to
be.
/etc/puppet/modules/common/manifests/init.pp
This is a manifest file which is used to
apply the 'common' module configuration and thus run the
hostnamechange.ps1 on the puppet client node. Note that the manifest
file is written in such a way that the config is applied only once on a
given client.
1b. The 'regional' module includes the following. Note that this module is to be applied to puppet nodes which are meant to be 'TUC Regional Layer Servers' only:-
Pre-requisites and Prognosis install files(in the files dir)
These are files which will be transferred
by the init.pp manifest file when the config is applied. These include
all the exe's, msi and license file.
installprog.ps1
This powershell script installs the
prognosis pre-requisites and the prognosis software with the
'ManagementServer,WindowsClient' components which are required for the
regional management servers.
/etc/puppet/modules/regional/manifests/init.pp
This is a manifest file which is used to
apply the 'regional' module configuration and thus run the
installprog.ps1 on the puppet client node. Note that the manifest file
is written in such a way that the config is applied only once on a given
client.
c) Main Manifest File
This is the file that is present under /etc/puppet/manifests/
/etc/puppet/modules/regional/manifests/init.pp
This file is used to run the puppet
config as a whole. This file inturn calls/runs the comon and regional
modules(and their respective manifests) for the respective clients
mentioned in the 'node' line of the file.
Note that the sequence of statements matters. The common module is executed first, followed by the regional module. Comments start with a #
Note that the sequence of statements matters. The common module is executed first, followed by the regional module. Comments start with a #
d) Configure a Production-Ready Web Server
Puppet includes a basic puppet master web server, but you cannot use it for real-life loads. You must configure a production quality web server before you start managing your nodes with Puppet. Any Rack-based application server stack will work with a puppet master, I have use Passenger combined with Apache.
What is Passenger?
Passenger
(AKA mod_rails or mod_rack) is an Apache 2.x module which lets you run
Rails or Rack applications inside a general purpose web server, like Apache httpd or nginx.
puppet master has been run at least once, so that all required SSL certificates are in place.Install Apache 2
Install Rack/Passenger
Configure Apache
Install the puppet master Rack application, by creating a directory for it and copying theconfig.ru file from the Puppet source.Create and Enable the Puppet Master Vhost
Create a VHost .conf file. Call it puppetmaster.conf. Copy this file to /etc/httpd/conf.d/Start or Restart the Apache service
And Bingo! Your Puppet setup is complete. If all is well, the automation should work and all the steps mentioned above should be automatically carried out on the client nodes.
0 comments