1
edit
Changes
no edit summary
To manually sign the certificate
<pre>'''#puppetca –sign <certificate CN>'''</pre>
note: it is done in puppet master. To list the requsete certificate, issu the commad
<pre>'''#puppetca –list'''</pre>
5)Puppet receives the signed certificate. Once the puppet receives the certificate, it will start configuration run immediately.
On server, In this case it will be Hongkong.proximity.on.ca
<pre> '''#yum install puppet-server'''</pre>
it will install puppetmaster and puppet on the server which is to be as puppetmaster.
<pre> '''#yum install mysql-server ruby-mysql'''</pre>
<pre> '''#yum install ruby-RRDtool'''</pre>
it will install ruby library.
On client, in this case it will be Ireland.proximity.on.ca
it will install puppet client on the client system.
On the server, Hongkong
<pre>
#ls /etc/puppet
</pre>
a) carete sudo.pp, vi /etc/puppet/manifests/class/sudo.pp
<pre>
# /etc/puppet/manifests/classes/sudo.pp
class sudo {
mode => 440, }
}
</pre>
b) create site.pp, vi /etc/puppet/manifests/site.pp
<pre>
# /etc/puppet/manifests/site.pp
import "classes/*"
include sudo
}
</pre>
c) start the puppet master.
<pre>'''#puppetmasterd –mkusers'''</pre>
this option will create the puppet user that is needed.
Once the puppetmaster daemon is stated, it will create the necessary files and folders under /var/lib/puppet.
should have bucket, clientsbucket, facts, reports, ssl, yaml, class.txt, client_yaml, l ib, rrd, state
all the details information about these files and folder will be included in the next blog.
<pre> '''#'''service puppetmaster start'''</pre>
d) start the puppet client.
On the client, Ireland
<pre>'''#puppetd –verbose'''</pre>
when the puppet client daemon starts, it creates the necessary certificate and waits for the certificate to be signed by the puppetmaster.
On the server
<pre>'''#puppetca –list'''</pre>
this will list the all the requested certificate that are to be signed by puppetmaster.
== '''Release 0.2''' ==
'''Functional with file server'''
1) file server configuration: For the the configuration to be saved
[http://projects.puppetlabs.com/projects/puppet/wiki puppet wiki page]
'''File server configuration'''
The last release 0.1 was installing the basic puppet installation and gets the puppet working. In the puppet master there should be service that should store and deliver the needed configuration files. Puppet can be act as the file server.
Puppet has the server and client function in file serving. The server function is configured and initiated by the puppet master daemon. The client function is embedded into the puppet client daemon and retrieves files from the puppet master file server.
Lets see how to specify the puppet file server. It is done by file type resource and using the source attribute
Ex:
<pre>
file { “resolv.conf”:
Source => “puppet://puppetmaster/etc/resolv.conf”
}
</pre>
The fileserver configuration is managed by the fileserver.conf that is located in the /etc/puppet directory by default. But using the following command can change the location.
In the puppet master
<pre>
#puppetmasterd --fsconfig /usr/local/etc/puppet/fileserver.conf
</pre>
The fileserver.conf file defines paths to serve files from and it has the access control that specifying which nodes can access these files.
Here is an example
<pre>
[configuration]
path /var/lib/puppet/files/configuration
allow *.senecac.on.ca
deny *
</pre>
Here the each path being served is called a module. For example , configuration is a module. The use of modules allows puppet to abstract and simplify file system configuration and paths. The path statement specifies the location on the puppet master server where the files being served are located.
Lets see if we want to get the resolv.conf file from the configuration module in the file server, we simply specify as follows
<pre>
file { “/etc/resolv.conf”:
source => “puppet://puppetmaster/configuration/resolv.conf”
}
</pre>
what happens above is that, the file resource type need the titled /etc/resolv.conf file that is saved in the configuration module( /var/lib/puppet/files/configurtion/resolv.conf) is retrieved by the puppet.
This is the format for specifying the source:
Puppet://puppetmaster/module/files
Ex:
<pre>
source => “puppet://puppetmaster/configuration/resolv.conf”
</pre>
This is for only single file is being down loaded by puppet and applied to the nodes. But if we want to download the full directory, there is a small changed needs to be done when specify the source.
<pre>
file { “/etc/pam.d”:
source => “puppet://puppetmaster/configuration/pam.d”
recurse => “true”
}
</pre>
What we have done here is that instead of just specifying the file resource type, we specify the directory /etc/pam.d. Therefore, the puppet will download pam.d directory and applied to the nodes. The recurse attribute and value true tells the puppet server that it should download all the files from the directory.
source:Turnbull, James.Pulling strings with puppet.firstpress
== ''' Release 0.3 ''' ==
2) install the puppet client in the arm farm
<pre>
#yum install puppet
</pre>
for further any detail see the release 0.1
4) start the client
<pre>
#service puppet start
</pre>
this create the necessary certificate itself for the secure communication.
5) In puppetmaster issue the folling command
<pre>
#puppetca --list
</pre>
it will the client that need to be signed.
6) In the puppetmaster issue the folling command to sign the above listed client.
<pre>
#puppetca --sign cdot-guru-1-2
</pre>
this will sign the certificate.
For example:
<pre>
'''file {“/etc/resolv.conf”:
}'''
</pre>
The resource type is file, the resource type tells the puppet what type of the resource is managed.
For example if you want to manage the “ypbind” in the node1
<pre>
node ‘node1.example.com’{
}
</pre>
This is configuration is applied to the node1.exapmle.com. Imagine if there are 100 of node to be managed, this configuration has to done again and again. This does not scale well. To reduce this configuration effort in every nodes, wed can group this in to a class instead and then include the class with each node.
For example:
<pre>
# /etc/puppet/manifest/classes/yp.pp
}
</pre>
<pre>
# /etc/puppet/manifest.pp
include yp::client
}
</pre>
what I have done is that I group the recourses type into class. Then I call the class in to each node. By doing this eliminate the configuring each resources in each node. Just call the class into each node.
But sill it cab be made to scale more. Think if there are few more classes to be applied then each classes has to be called into. For example,
<pre>
# /etc/puppet/manifest/site.pp
}
</pre>
This again brings little bit more configuration over head. There to over come from this we can do it such a way,
<pre>
#/etc/puppet/manifest/group/desktop.pp
}
</pre>
<pre>
#/etc/puppet/manifest/site.pp
include desktop
}
</pre>
What I did was group the classes into another class and apply that group into the nodes. This configuration method pretty scale well.
