Open main menu

CDOT Wiki β

Changes

User:Prathapan

6,265 bytes added, 09:51, 15 March 2011
no edit summary
'''Puppet'''Project Release 0.1
'''What is puppet?'''Project-SETUP PUPPET
It is an automated system configuration toolsRelease 0.1
Makes administrative task easyPuppet
It supports linuxPuppet is an open source automated system configuration management framework, unix which provides administrators a simplified platform for flexible and windowsconsistent administration.
'''Puppet element includes'''
1) Puppet master: It it is the a centralized system that has the configuration of the other clientsnodes that is to be applied on the client system.
2) Puppet client: it is installed in the clients that are to be managed by puppetmaster.
How puppet works
'''how All clients will communicate with puppet works'''master periodically to see if there are any changes for respective configuration, and download the latest configuration and make sure it is synchronize with that configuration. Once the configuration applied, it will report to the puppet master asking if there is anything needs to be changed.
Configuration (manifest) Usually, the changes on the configuration in puppet master is done in , it will be applied every 30 minutes on the puppet masterclients.
Note: Puppet master then it passes will only make any changes to the manifest to system if the system state does not match the clientconfigured state.
Puppet client applies the configurationLets look at technically, how puppet works by step by step.
1) Puppet client sends generates the report to certificate using the system’s FQDN, when puppet masterstarts first time.
puppet waits for next 30 min by default for next run2) Puppet submits the generated certificate to the puppetmaster. The puppetmaster will will need to sign the certificate before clients can be considered authenticated.
All 3)Puppet waits for 300 seconds for the signed certificate. If the puppet does not get the certificate with on 300 seconds(can be configured for different value), it will quit. 4)Puppetmaster signs the certificate. It can be configured such a way to automaticall sign the certificate, but it is NOT good idea. Other way is to manually sign the certificate. To manually sign the certificate #puppetca –sign <certificate CN> note: it is done in puppet master. To list the requsete certificate, issu the commad #puppetca –list 5)Puppet receives the signed certificate. Once the puppet receives the certificate, it will start configuration run immediately. Note: Make sure the time on the puppetmaster and puppet to be same. 6) The puppet generates all the facts. Most configurations rely on client information to make decisions. When the Puppet client starts, it loads the Facter Ruby library, collects all the facts it can, and passes those facts to the interpreter. When you use Puppet over a network, these facts are passed over the network to the server and the server uses them to compile the client’s configuration. 7) Puppetmaster parses it’s manifests. Puppet receives the manifests. 9) The puppets applies it’s manofests. 10) While the puppet applies the manifest, it pulls files from the puppetmaster’s fileserver after checking the local checksum against the remote checksum. 11) puppet sends the copy of the configuration file it replace to the puppet master. 12) puppet will send the report to the puppetmaster. 13) puppet waits for next 30 minutes by default for the next run. Note: the files and templates are transferred using SSL communication . Supported system platform Linux Fedora 7 and late r SuSE linux 8 and later RHEL 3 and later Ubuntu 7 and later Debian 3.1 and later Unix Macintosh OS X and later Sun solaris 7 and later HP-UX Windows Installing puppet. Since I will be installing on fedora system, I will be writing the post based on the fedora related configuration. Installing can be done in many ways whether downloading tarballs and then install or using yum. I would prefer using yum because it will install all the needed repository. I installed on the fedora11 on my system, believe be it gave huge pain tying to get it working. There was lot missing necessary files and folder left not installed on the system. I tried many times to consult what the problems were behind this installations, even I consulted on #puppet on IRC chat, was not able get problem fixed. I will write about the problem were later on my post. Eventually I gave up installing on fedora11, and that where Fedora 13 comes on the task. I had to install Fedora13 and then I Installed puppet on the fedora13 system, and it all went very well so far. The entire initial configuration is done through SSL connectionon my fedora 13. Therefore, any what I refer here will refer as Fedora13. This installations were done in fedora 12 systems that are Hongkong & Ireland systems in proximity.on.ca domain. 1) Install puppetmaste and puppet. On server, In this case it will be Hongkong.proximity.on.ca # yum install puppet-server it will install puppetmaster and puppet on the server which is to be as puppetmaster. # yum install mysql-server ruby-mysql # yum install ruby-RRDtool it will install ruby library. On client, in this case it will be Ireland.proximity.on.ca # yum install puppet it will install puppet client on the client system.2) the puppetmaster/puppet configuration file is /etc/puppet/puppet.conf in this file there are four most important section which are main: Primarily file locations, directory settings and other globals applicable to both the puppet as well as the puppetmaster. Puppetca: Puppet Certificate Authority (puppetca) settings Puppetd: puppet client daemon setting. Puppetmasterd: puppetmaster daemon setting. 3) Make sure all the needed files and folders are created by the installation process. On the server, Hongkong #ls /etc/puppet shoul have auto.conf , fileserver.conf, manifest puppet.conf 4) Create a simple manifest. a) carete sudo.pp, vi /etc/puppet/manifests/class/sudo.pp # /etc/puppet/manifests/classes/sudo.pp class sudo { file { "/etc/sudoers": owner => "root", group => "root", mode => 440, } }  b) create site.pp, vi /etc/puppet/manifests/site.pp # /etc/puppet/manifests/site.pp  import "classes/*" node default { include sudo } c) start the puppet master. #puppetmasterd –mkusers this option will create the puppet user that is needed. Once the puppetmaster daemon is stated, it will create the necessary files and folders under /var/lib/puppet. #ls /var/lib/puppet should have bucket, clientsbucket, facts, reports, ssl, yaml, class.txt, client_yaml, l ib, rrd, state all the details information about these files and folder will be included in the next blog. # service puppetmaster start d) start the puppet client. On the client, Ireland #puppetd –verbose when the puppet client daemon starts, it creates the necessary certificate and waits for the certificate to be signed by the puppetmaster.3)sign the certificate. On the server #puppetca –list this will list the all the requested certificate that are to be signed by puppetmaster. #puppetca –-sign ireland.proximity.on.ca   == '''Release 0.2''' ==  1) file server configuration2) Some of the manifest
1
edit