forked from awvdk/Articles-and-Tutorials
-
Notifications
You must be signed in to change notification settings - Fork 0
/
puppet_install.html
14 lines (14 loc) · 22.2 KB
/
puppet_install.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
<h1>Why and HowTo Install Puppet on a DigitalOcean Cloud Server</h1><h3>Introduction</h3>This article, is the first in a series of instructional-guides on the popular configuration-management tool: Puppet. However, this article provides only a cursory and simplistic overview of the benefits of automated provisioning tools, such as Puppet – and focuses the balance of your valuable time on providing a walk-through on deploying Puppet on your system. The many benefits of configuration-management tools can not be captured in a short-read, as this article strives to be. To determine (i.) whether <i>any</i> configuration-management tool would be of benefit to you and/or (ii.) which one, e.g. <a title="From Wikipedia | The free encyclopedia" href="http://en.wikipedia.org/wiki/Chef_(software)" target="_blank">Chef</a>, <a title="From Wikipedia | The free encyclopedia" href="http://en.wikipedia.org/wiki/Puppet_(software)" target="_blank">Puppet</a>, <a title="From Wikipedia | The free encyclopedia" href="http://en.wikipedia.org/wiki/Salt_(software)" target="_blank">Salt</a>, among others, you'll be better served by additional research on your own. With that...<br/><br/>If you manage more than one server, your life can be made much easier by employing a configuration-management tool to provision, configure and manage your servers and the applications they host. Using Puppet, or Chef, you can easily automate repetitive tasks, quickly deploy critical applications, and proactively manage change: from scaling 2, 5 or 10s of servers to 1000s, on-premise or in the cloud. Puppet is available as both open source and commercial software. While Puppet Enterprise is the commercially supported, packaged release of Puppet, you can manage up to 10 nodes free. This article focuses on deploying the open-source release within a client-server framework.<h2>Benefits</h2><hr>Puppet is a cross-platform framework enabling system administrators to perform common tasks. It is a model-driven solution that requires little coding knowledge to use. While Chef calls its models <i>recipes</i>, Puppet refers to them as <i>manifests</i>. A group of manifests is called a <i>module</i>. There are modules to configure packages like Apache, Nginx, and MySQL. You can also use manifests and modules to alter file permissions, users and groups, and more. As one can see, these models, or manifests and modules, can carry out a variety of tasks; making Puppet helpful not only during the initial installation of a server, but also throughout the server's entire life cycle; and useful in both large and small deployments. In addition, Puppet has an amazing and active community whose members share modules and other useful information in two main repositories (referenced below).<br /><br />At first glance, a system administrator might dismiss the idea of a configuration-management tool. Some believe that the same results can be achieved with machine images, i.e. snapshots, and shell scripts. As one author so eloquently put it: This is equivalent to a lumberjack who has just heard about chainsaws, but doesn't see why anyone would ever want more than an ax. What many system admins fail to recognize, is the value of the limited time on their hands. One of the strengths that a configuration-management tool brings to the table is automating repetitive tasks, freeing up system admins so they can focus on more important matters.<h2>Planning</h2><hr>Puppet allows for centralized management by employing a client-server, or agent-master, model. The central, or administrative, server is commonly referred to as the Puppet <i>master</i> which services Puppet <i>clients</i>. While only one server is needed to function as the Puppet master, you can have a nearly infinite number of Puppet client, or agent, nodes. However, it <i>is</i> possible to deploy Puppet in such a way where each individual server acts as both the Puppet master and client. You must decide on a deployment type before installing:<h3>Agent/ Master a/k/a Client/ Server</h3>Agent nodes, or Puppet clients, pull their configurations from a Puppet master server. Admins must manage node certificates, but will only have to maintain manifests and modules on the Puppet master server, and can more easily take advantage of features like reporting and external data sources.<br /><br />You must decide in advance which server will be the master and install <b>puppetmaster</b> on it before installing <b>puppet</b> on any agents or clients. The master should be a <a title="Puppet Components & Requirements" href="https://puppetlabs.com/puppet/requirements/" target="_blank">dedicated machine with a fast processor, lots of RAM, and a fast disk</a>.<h3>Standalone</h3>Every node compiles its own configuration from manifests. Admins must regularly sync Puppet manifests and modules to every node.<h2>Preparing</h2><hr>By default, Puppet clients look for the Puppet master server by contacting the host with the name <b>puppet</b>, via DNS: <ul><li>Identify, or <a title="How to Create Your First DigitalOcean Droplet Virtual Server" href="https://www.digitalocean.com/community/articles/how-to-create-your-first-digitalocean-droplet-virtual-server" target="_blank">create</a>, a server to act as the Puppet <i>master</i> and make a note of its IP address;</li><li>Identify, or <a title="How to Create Your First DigitalOcean Droplet Virtual Server" href="https://www.digitalocean.com/community/articles/how-to-create-your-first-digitalocean-droplet-virtual-server" target="_blank">create</a>, the server(s) that will act as the Puppet client(s);</li><li>Check that each server has (i.) a unique hostname (in Ubuntu, the relevant commands are):<pre>hostname</pre><br/>and (ii.) a fully qualified domain name (FQDN):<pre>hostname -f</pre><br/>If modifications are needed, the hostname can be set by executing:<pre>sudo vim /etc/hostname</pre><br/><i>See</i> <a href="https://www.digitalocean.com/community/articles/installing-and-using-the-vim-text-editor-on-an-cloud-server" target="_blank">Installing and Using the Vim Text Editor on a DigitalOcean Cloud Server</a>. Then, tap the <kbd>i</kbd> key on your keyboard, and add (or edit):<pre>[hostname]</pre><br/>(While not mandatory, it's advisable to name the host that will act as the master server: <code>puppet</code>.) To save your changes, tap the <kbd>Esc</kbd> key on your keyboard, followed by the following keystrokes: <kbd>:</kbd> then <kbd>w</kbd> then <kbd>q</kbd> and, finally <kbd>Enter</kbd>. Next, execute the following commands:<pre>sudo vim /etc/hosts</pre><br/>and add a line below the initial <code>127.0.0.1 localhost.localdomain localhost</code> line, that reads:<pre>127.0.1.1 [hostname].yourdomain.tld [hostname]</pre><br/>Finally, execute the following commands:<pre>sudo /etc/init.d/hostname restart</pre><br/><li><a title="How to Set Up a Host Name with DigitalOcean" href="https://www.digitalocean.com/community/articles/how-to-set-up-a-host-name-with-digitalocean" target="_blank">Create a DNS A record or a CNAME</a> for the hostname <b>puppet</b> within your domain, pointing to the node that will serve as the Puppet master, i.e. <b>puppet.yourdomain.tld.</b></li></ul>If you do not wish to use DNS, you can add entries to the respective servers' <b>/etc/hosts</b> files. However, doing so is a tedious process <b>and goes against what we want to accomplish with <i>automated</i>, configuration management</b>. For example, let's assume that your central, or Puppet <i>master</i>, server will be <b>ny1.yourdomain.tld</b> at IP address: 1.2.3.4. On Ubuntu, you should execute the following command:<br /><pre>sudo vim /etc/hosts</pre><br /><br /><table><tr><td>127.0.0.1</td><td> localhost.localdomain</td><td> localhost</td><td> puppet</td></tr><tr><td>127.0.1.1</td><td> ny1.yourdomain.tld</td><td> ny1</td></tr><tr><td>1.2.3.4</td><td> ny1.yourdomain.tld</td><td> ny1</td><td> puppet</td></tr></table><br /><br />On each Puppet <i>client</i>, add an entry in the client's <b>/etc/hosts</b> file for the Puppet master (below, we assume that one of your Puppet clients is <b>sf1.yourdomain.tld</b> at IP address: 1.2.3.5):<br /><br /><table><tr><td>127.0.0.1</td><td> localhost.localdomain</td><td> localhost</td></tr><tr><td>127.0.1.1</td><td> sf1.yourdomain.tld</td><td> sf1</td></tr><tr><td>1.2.3.5</td><td> sf1.yourdomain.tld</td><td> sf1</td></tr><tr><td>1.2.3.4</td><td> ny1.yourdomain.tld</td><td> ny1</td><td> puppet</td></tr></table><h3>Avoiding Firewall Issues</h3>CentOS ships with extremely restrictive <b>iptables</b> rules, which may need to be modified. If you previously deployed an <b>iptables</b> firewall on your server (or have some servers in a NAT environment), ensure that your <b>master server</b> is <b>allow</b>ing incoming, <b>TCP</b> connections on <b>port 8140</b>.<h3>Update Your Packages</h3>Once the servers are built and the appropriate ports have been opened in the firewall, update all your packages:<br /><pre>sudo apt-get update && sudo apt-get -y upgrade && sudo apt-get -y dist-upgrade && sudo apt-get -y autoremove && sudo reboot</pre><h2>Install <i>puppetmaster</i> on Central Server</h2><hr> You have several options for installing <b>puppetmaster</b>. You can either use the package available in your operating system's repository or you can use Puppet Labs' apt repository. Because some OS repositories are slow to update their packages, it is recommended to install <b>puppetmaster</b> from the Puppet Labs repository, so that you do not end up with out-dated releases. To enable the Puppet Labs repository:<br /><ol><li>Download the "puppetlabs-release" package for your <a title="Puppet Labs maintains official package repositories for several of the more popular Linux distributions" href="http://docs.puppetlabs.com/guides/puppetlabs_package_repositories.html" target="_blank">OS version</a>. You can see a full list of these packages on the front page of <a href="http://apt.puppetlabs.com" target="_blank">http://apt.puppetlabs.com/</a>. They are all named <b>puppetlabs-release-[CODE NAME].deb</b>;</li><li>Install the package by running <b>dpkg -i <PACKAGE NAME></b>.</li></ol>For example, to install <b>puppetmaster</b> on your central, or administrative, server running Ubuntu 12.04 LTS (nicknamed Precise Pangolin), from the Puppet Labs repo, execute the following commands in a terminal:<br /><pre>sudo wget http://apt.puppetlabs.com/puppetlabs-release-precise.deb
sudo dpkg -i puppetlabs-release-precise.deb
sudo apt-get update && sudo apt-get -y install puppetmaster</pre><br />Installation instructions for other Linux distros, OS X, Windows, the BSDs or Solaris are available, here: <a href="http://docs.puppetlabs.com/guides/installation.html#installing-puppet-1" target="_blank">Installing Puppet</a><h3>Configuring <i>puppetmaster</i> on Central Server</h3>Next, execute the following commands:<br /><pre>sudo mkdir -p /etc/puppet/{manifests,modules/{profiles,roles}}
sudo touch /etc/puppet/manifests/{site.pp,templates.pp,nodes.pp}</pre><br />Puppet's behavior can be customized with a <a title="Puppet Labs | Docs: Configuration Reference" href="http://docs.puppetlabs.com/references/stable/configuration.html" target="_blank">rather large collection of settings</a>. Most of these can be safely ignored, but you'll almost definitely have to modify some of them. Puppet's main configuration file is found at <b>/etc/puppet/puppet.conf</b> and is ordered with the following headers, or blocks: <b>[main]</b>, <b>[agent]</b> and <b>[master]</b>.<br /><br />Settings for agent nodes, or Puppet clients, should go in the <b>[agent]</b> or <b>[main]</b> blocks of <b>puppet.conf</b>. Along the same lines, settings for the Puppet master server should go in the <b>[master]</b> or <b>[main]</b> blocks of <b>puppet.conf</b>.<br/><br/><b>NOTE:</b> Puppet masters are usually also agent nodes, or Puppet clients, themselves. Settings in <b>[main]</b> will be available to both services and settings in the <b>[master]</b> and <b>[agent]</b> blocks will override the settings in <b>[main]</b>.<h3>Standalone Nodes</h3>Settings for standalone Puppet nodes should go in the <b>[main]</b> block of <b>puppet.conf</b>. Puppet's default settings are generally appropriate for standalone nodes. No additional configuration is necessary unless you intend to use centralized reporting or an <a title="An external node classifier is an arbitrary script or application which can tell Puppet which classes a node should have." href="http://docs.puppetlabs.com/guides/external_nodes.html" target="_blank">external node classifier</a>.<h3>Avoiding DNS Pitfalls</h3>At this point, we need to provide <b>puppetmaster</b> its fully qualified domain name (FQDN), so that it can properly format SSL certficates. First, you need to assess your current environtment:<br /><ul><li>Does the node that's going to function as the Puppet master have only one (1) hostname--that is, <b>NO</b> aliases?</li></ul>If (i) the answer is "yes" to that question AND (ii) you created a DNS <i>A record</i> for your Puppet master, execute the following commands and edits:<br /><pre>sudo service puppetmaster stop
sudo rm -rf /var/lib/puppet/ssl
sudo vim /etc/puppet/puppet.conf</pre><br/>and add the following line, under the <b>[main]</b> header/ block:<br /><pre>server = puppet.yourdomain.tld</pre><br />If you created a DNS CNAME for your Puppet master AND/OR your master server has hostname aliases, then execute the following steps:<br /><pre>sudo service puppetmaster stop
sudo rm -rf /var/lib/puppet/ssl
sudo vim /etc/puppet/puppet.conf</pre><br/>Under the <b>[master]</b> header/block, add a comma-separated list of all of your master server's aliasas, e.g.:<br /><pre>dns_alt_names = puppet, [alias1], [alias2], puppet.yourdomain.tld</pre><br />Now, execute:<br /><pre>sudo service puppetmaster start</pre><h3>Install <b>puppetmaster</b>'s Dependencies</h3>Before moving on to installing <b>puppet</b> on agent/ client nodes, update all your packages on the master server one last time:<br /><pre>sudo apt-get update && sudo apt-get -y upgrade && sudo apt-get -y dist-upgrade && sudo apt-get -y autoremove && sudo reboot</pre><h2>Install <i>puppet</i> on Client Server(s)</h2><hr>Again, we're going to install <b>puppet</b> from the Puppet Labs repository. On client nodes running Ubuntu 12.04 LTS, execute:<br /><pre>sudo wget http://apt.puppetlabs.com/puppetlabs-release-precise.deb
sudo dpkg -i puppetlabs-release-precise.deb
sudo apt-get update && sudo apt-get -y install puppet</pre>Click here, for: <a title="Puppet Labs maintains official package repositories for several of the more popular Linux distributions" href="http://docs.puppetlabs.com/guides/puppetlabs_package_repositories.html" target="_blank">Instructions on enabling Puppet Labs' repos for other Linux distros</a>.<br/><br/><b>REMEMBER:</b> One of Puppet's best features is that it is cross-platform; thus, your clients are NOT required to run the same OS as the Puppet master. From a practical perspective, this flexibility is amazing because it will allow a developer to quickly and efficiently spin up new DigitalOcean droplets of varying OSes, to test and debug their apps. When the staging server is no longer needed, it can be destroyed (to save on monthly costs) with confidence, because Puppet, coupled with DigitalOcean's API and snapshot support, can deploy a new droplet (literally) within seconds the next time a staging environment is needed.<h3>Configure <i>puppet</i> on Client Server(s)</h3>Once <b>puppet</b> is installed, we need to configure the Puppet client so that it can connect to the Puppet master. We do this with the following command and edits:<br /><pre>sudo vim /etc/puppet/puppet.conf</pre><br />and add the following:<br /><pre>[agent]
server = puppet.yourdomain.tld
report = true
pluginsync = true
certname = [hostname of Puppet client].yourdomain.tld</pre><br/>Now, we need to configure the Puppet client to start automatically, with the following command:<br /><pre>sudo vim /etc/default/puppet</pre><br />and edit the line that begins with <b>START</b>, so that it reads:<br /><pre>START=yes</pre><br />Then, start the service:<br /><pre>sudo service puppet start</pre><br />Repeat these steps for every Puppet client.<h2>Configure Secure Communications</h2><hr>Every time you deploy a new Puppet client, log in to the Puppet <i>master</i> and execute the following command to view a list of SSL certificates waiting to be signed:<br /><pre>sudo puppet cert --list</pre><br />Then, on the Puppet <i>master</i>, sign the client certificate in queue by executing the following command:<br /><pre>sudo puppet cert --sign [hostname of Puppet client]</pre><br />Congratulations! The new Puppet client will now be able to successfully connect to, and securely communicate with, the Puppet master.<h2>Installing Puppet Modules</h2><hr>Modules are self-contained bundles of code and data. You can <a href="http://docs.puppetlabs.com/puppet/2.7/reference/modules_fundamentals.html#module-layout" target="_blank">write your own modules</a> or you can download pre-built modules. As stated earlier, there are repositories of pre-existing modules, written and contributed by users, that solve a wide variety of problems. Instead of recreating the proverbial 'wheel,' you can use Puppet's integrated Module Tool, which allows you to execute Puppet subcommands to find and manage modules from the <a href="https://forge.puppetlabs.com" target="_blank">Puppet Forge</a>. Its interface is similar to several common package managers, and makes it easy to search for and install new modules from the command line. For information and examples on the various Module Tool subcommands, refer to Puppet Labs' <a href="http://docs.puppetlabs.com/puppet/2.7/reference/modules_installing.html" target="_blank">Docs: Installing Modules</a>. In addition to <a href="https://forge.puppetlabs.com" target="_blank">Puppet Forge</a>, another popular repository with user-submitted manifests & modules that solve common problems is available on <a href="https://github.com/puppetlabs" target="_blank">GitHub</a>.<br /><br />Nearly all Puppet manifests belong in modules. The sole exception is the main <b>site.pp</b> manifest, which contains site-wide and node-specific code. To make a module available to Puppet, place it in one of the directories in Puppet's <a href="http://docs.puppetlabs.com/references/stable/configuration.html#modulepath" target="_blank">modulepath</a>. The <b>modulepath</b> is a list of directories separated by the system path-separator character. On 'nix systems, this is the colon (:),while Windows uses the semi-colon (;). The most common default modulepaths are:<ul><li><b>/etc/puppetlabs/puppet/modules:/opt/puppet/share/puppet/modules</b> (for Puppet Enterprise); or</li><li><b>/etc/puppet/modules:/usr/share/puppet/modules</b> (for open source Puppet);</li></ul>To see your currently configured modulepath, execute the following command:<br /><pre>sudo puppet config print modulepath</pre><br />If you want both the Puppet master and Puppet agents to have access to modules, set the modulepath in <a title="Puppet's behavior can be customized with a rather large collection of settings. Most of these can be safely ignored, but you'll almost definitely have to modify some of them." href="http://docs.puppetlabs.com/guides/configuring.html" target="_blank">puppet.conf</a> under the <b>[main]</b> block, i.e.<br/><pre>modulepath = /etc/puppet/modules:/usr/share/puppet/modules</pre><br />Modulepath is a setting, among others, that can be different per <a title="Manage your module releases by dividing your site into environments." href="http://docs.puppetlabs.com/guides/environment.html" target="_blank">environment</a>.<h2>Learn to Use Puppet</h2><hr>You can <a title="Puppet Labs | Docs: Learning Puppet - Index" href="http://docs.puppetlabs.com/learning" target="_blank">learn</a>, and practice using, Puppet in a safe and convenient virtual environment, by downloading the <a href="http://info.puppetlabs.com/download-learning-puppet-VM.html" target="_blank"> Learning Puppet VM</a> (free) for VMware or VirtualBox. Although the VM and examples use Puppet Enterprise, the lessons also apply to the open source release of Puppet. Any new Puppet user should start at the <a title="Puppet Labs | Docs: Learning Puppet - Index" href="http://docs.puppetlabs.com/learning" target="_blank">Learning Puppet - Index</a>.<h2>What's Next?</h2><hr>Additional articles on practical uses of Puppet are forthcoming. Check <h3>Revision Control</h3>Before we get too far along though, you'll notice we've got a couple of configuration, <code>.pp</code>, files. As you configure more and more resources you'll find yourself adding to this collection of files. This collection of files also needs to be managed and we strongly recommend you implement a revision control system, such as Subversion or Git. You should place all your manifests and potentially other aspects of your Puppet configuration under revision control and preferably host your repository on another system. The repository should be regularly backed up. This will allow you to make changes to your manifests and configuration and know you can safely roll them back or recreate an earlier state without needing to re-write or edit a large number of files.<h2>Additional Resources</h2><hr><ul><li><a href="http://docs.puppetlabs.com/guides/installation.html" target="_blank">Puppet Labs | Open Source Release Installation Guide</a>;</li><li><a href="http://docs.puppetlabs.com/pe/latest/install_basic.html" target="_blank">Puppet Labs | Puppet Enterprise Installation Guide</a>;</li><li><a href="http://docs.puppetlabs.com/" target="_blank">Puppet Labs Documentation</a>;</li><li><a href="http://docs.puppetlabs.com/puppet_core_types_cheatsheet.pdf" target="_blank">Puppet Core Types Cheat Sheet</a>;</li><li><a href="https://puppetlabs.com/community/overview" target="_blank">The Puppet Community</a>.</li></ul>As always, if you need help with the basic setup & configuration of Puppet, look to the DigitalOcean Community for assistance by posing your question(s), below.<br/><br/><div style="text-align: right; font-size:smaller;">Article submitted by: <a href="https://plus.google.com/107285164064863645881?rel=author" target="_blank">Pablo Carranza</a> • Updated 8/06/2013</div></body></html>