Friday, January 10, 2014

Puppet Configuration ( Setting up Master Server and Client Servers )

Setting up Master Puppet Server and Client Puppet Servers



Puppet as per dictionary means " a movable model of a person or animal that is typically moved either by strings controlled from above or by a hand inside it. "

To setup Puppet Master and Client, we would be taking an example, wherein our Master server will on CentOS and clients on Ubuntu

Master - server.puppet.com
Client 1 - client1.puppet.com 
Client 2 - client2.puppet.com

Configurations, that need to be set before installing any packages.

On master server : CentOS

Edit file /etc/sysconfig/network


HOSTNAME=server.puppet.com



service network restart
hostname server.puppet.com


Edit file /etc/hosts


127.0.0.1   server.puppet.com localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6

192.168.1.28 server.puppet.com
192.168.1.10 client1.puppet.com
192.168.1.19 client2.puppet.com


On client server : Ubuntu

 Edit file /etc/hostname


client1.puppet.com



/etc/init.d/hostname restart
hostname client1.puppet.com




Edit file /etc/hosts


127.0.0.1       client1.puppet.com localhost

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
192.168.1.10 client1.puppet.com
192.168.1.28 server.puppet.com


Now, lets move onto installing necessary packages on both the servers.

On master server : CentOS


yum install puppet-server
/etc/init.d/puppetmaster start

On client server : Ubuntu
  
apt-get install puppet
/etc/init.d/puppet start

telnet server.puppet.com 8140
Trying 192.168.1.28...
Connected to server.puppet.com.
Escape character is '^]'.
^]q

telnet> q
Connection closed.



Lets, move onto configuration, generating and signing of certificates.


On client server : Ubuntu

Configuration - Edit file  /etc/puppet/puppet.conf


In [main] section add the mentioned parameter


[main]
server=server.puppet.com


/etc/init.d/puppet restart


puppet agent  --waitforcert 60 --test
info: Caching certificate for ca
info: Creating a new SSL certificate request for client2.puppet.com
info: Certificate Request fingerprint (md5): 72:B7:5B:78:46:BF:DA:6A:8F:8C:CF:62:11:93:CD:F1


The above command will send a certificate signing request (csr) to master server, and as csr is delivered to master, we need execute commands on master server simultaneously after we see above info i.e.

info: Certificate Request fingerprint (md5): 72:B7:5B:78:46:BF:DA:6A:8F:8C:CF:62:11:93:CD:F1

The above client will not exit to terminal prompt until it receives an acknowledgement of the signed certificate by master server.

On master server : CentOS


puppetca --list
"client1.puppet.com" (72:B7:5B:78:46:BF:DA:6A:8F:8C:CF:62:11:93:CD:F1)


puppetca --sign client1.puppet.com
notice: Signed certificate request for client1.puppet.com
notice: Removing file Puppet::SSL::CertificateRequest client1.puppet.com at '/var/lib/puppet/ssl/ca/requests/client1.puppet.com.pem'


On client server : Ubuntu

As the certificate is signed from the master, complete output of previously executed commands on server will display info as,


puppet agent  --waitforcert 60 --test
info: Caching certificate for ca
info: Creating a new SSL certificate request for client2.puppet.com
info: Certificate Request fingerprint (md5): 72:B7:5B:78:46:BF:DA:6A:8F:8C:CF:62:11:93:CD:F1
info: Caching certificate for client2.puppet.com
info: Caching certificate_revocation_list for ca
info: Caching catalog for client2.puppet.com
info: Applying configuration version '1389337083'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.04 seconds


2 comments:

  1. Great post that sums it all up. We created a portable shell script to automate the puppet install / setup process on the client side called puppet bootstrap if interested: https://workshop.avatarnewyork.com/project/puppet-bootstrap/

    ReplyDelete