Puppet : installation & test with AWS EC2 instances

From kraba notes
Jump to: navigation, search


Idea

Installing and configuring for first time Puppet with two Amazon AWS EC2 instances.

Reference: @ youtube

AWS EC2 Setup

Create 2 instances on AWS, ubuntu 16.04 at the moment, one for puppet-master and one for puppet-agent and create a security groups on AWS with Inbound : TCP ports 22+80+8140 to source 0.0.0.0/0 , Associate this security group to the two new instances and now the situation is:

Instance Private IP Hostname on hosts Hostname Name below
puppet-master 123.123.123.1 puppetm.us-west-2.compute.internal puppetm M
puppet-agent 123.123.123.2 puppeta.us-west-2.compute.internal puppeta S

Puppet Master setup

Run this commads:

sudo hostname puppetm
sudo su
apt-get update && apt-get install puppetmaster


Edit /etc/puppet/puppet.conf and add the server:

vi /etc/puppet/puppet.conf 

	[main] 
	logdir=/var/log/puppet 
	vardir=/var/lib/puppet
	ssldir=/var/lib/puppet/ssl
	rundir=/run/puppet
	factpath=$vardir/lib/facter
	prerun_command=/etc/puppet/etckeeper-commit-pre
	postrun_command=/etc/puppet/etckeeper-commit-post
	server=puppetm.us-west-2.compute.internal

	[master]
	# These are needed when the puppetmaster is run by passenger
	# and can safely be removed if webrick is used.
	ssl_client_header = SSL_CLIENT_S_DN
	ssl_client_verify_header = SSL_CLIENT_VERIFY


Edit /etc/hosts :

vi /etc/hosts
123.123.123.1 puppetm.us-west-2.compute.internal puppetm 
123.123.123.2 puppeta.us-west-2.compute.internal puppeta


Puppet Agent setup

Run this commads:

sudo hostname puppeta
sudo su
apt-get update && apt-get install puppet

Edit /etc/hosts :

vi /etc/hosts
123.123.123.1 puppetm.us-west-2.compute.internal puppetm 
123.123.123.2 puppeta.us-west-2.compute.internal puppeta 


Setup key exchange

Run on puppet-agent:

puppet agent --no-daemonize --verbose --onetime

Info: Creating a new SSL key for puppeta.us-west-2.compute.internal
Error: Could not request certificate: Failed to open TCP connection to puppet:8140 (getaddrinfo: Name or service not known)
xiting; failed to retrieve certificate and waitforcert is disabled


Now on master list all certificates to sign

puppet cert list

"puppeta.us-west-2.compute.internal" (SHA256)  57:EC:A1.....:6B:88:67:29


and sign it

puppet cert sign  "puppeta.us-west-2.compute.internal" 

Notice: Signed certificate request for puppeta.us-west-2.compute.internal
Notice: Removing file Puppet::SSL::CertificateRequest puppeta.us-west-2.compute.internal at '/var/lib/puppet/ssl/ca/requests/puppeta.us-west-2.compute.internal.pem'


Relaunch the command on puppet-agent:

puppet agent --no-daemonize --verbose --onetime

Info: Caching certificate_revocation_list for ca
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: undefined method `include?' for nil:NilClass
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppeta.us-west-2.compute.internal
Info: Applying configuration version '1511099931'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.01 seconds

puppet agent --no-daemonize --verbose --onetime

Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppeta.us-west-2.compute.internal
Info: Applying configuration version '1511099931' 
Notice: Finished catalog run in 0.01 seconds


Now master/server and agent are connected with the certificate.

First step with Puppet

Create the necessary site.pp file with some stupid/small info on puppet-master:

vi /etc/puppet/manifests/site.pp

class toolbox {
        file { '/usr/local/sbin/puppetsimple.sh':
        owner => root, group => root, mode => 0755,
        content => "#!/bin/sh\npuppet agent --onetime --no-daemonize --verbose $1\n",
        } 
}
node 'puppeta.us-west-2.compute.internal' {
        include toolbox
}


Launch agent on puppet-agent:

puppet agent --no-daemonize --verbose --onetime

Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppeta.us-west-2.compute.internal
Info: Applying configuration version '1511100355' 
Notice: /Stage[main]/Toolbox/File[/usr/local/sbin/puppetsimple.sh]/ensure: defined content as '{md5}84b176ab1a9a868f7d99d6d8248013ea'
Notice: Finished catalog run in 0.02 seconds


Test if Puppet works fine...

On puppet-agent launch:

chmod 0123 /usr/local/sbin/puppetsimple.sh
ls -ltr /usr/local/sbin/puppetsimple.sh

---x-w--wx 1 root root 59 Nov 19 14:05 /usr/local/sbin/puppetsimple.sh


And relaunch agent...

puppet agent --no-daemonize --verbose --onetime
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppeta.us-west-2.compute.internal
Info: Applying configuration version '1511100355'
Notice: /Stage[main]/Toolbox/File[/usr/local/sbin/puppetsimple.sh]/mode: mode changed '0123' to '0755'
Notice: Finished catalog run in 0.02 seconds


It works! File /usr/local/sbin/puppetsimple.sh have the correct permission (0755) instead of 0123


Puppet and Apache + simple Website Puppet

On puppet-master create a new tree for an apache manifest:

cd /etc/puppet/manifests/; mkdir classes
cd classes 
vi apache.pp

class apache {
	package { 'apache2':
		ensure => installed 
	}
}


Modify site.pp with two update (import classes and include apache):

cd /etc/puppet/manifests/
vi site.pp

import 'classes/*.pp'
class toolbox {
	file { '/usr/local/sbin/puppetsimple.sh':
	owner => root, group => root, mode => 0755,
	content => "#!/bin/sh\npuppet agent --onetime --no-daemonize --verbose $1\n",
	}
}
node 'puppeta.us-west-2.compute.internal' { 
	include toolbox
	include apache
}


On puppet-agent launch puppet agent (or the puppetsimple.sh generated before):

puppetsimple.sh 

Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppeta.us-west-2.compute.internal
Info: Applying configuration version '1511101212' 
Notice: /Stage[main]/Apache/Package[apache2]/ensure: ensure changed 'purged' to 'present'
Notice: Finished catalog run in 6.08 seconds


Test if apache is installed on puppet-agent:

dpkg -l | grep apache
ii  apache2                          2.4.18-2ubuntu3.5                          amd64        Apache HTTP Server
ii  apache2-bin                      2.4.18-2ubuntu3.5                          amd64        Apache HTTP Server (modules and other binary files)
ii  apache2-data                     2.4.18-2ubuntu3.5                          all          Apache HTTP Server (common files)
ii  apache2-utils                    2.4.18-2ubuntu3.5                          amd64        Apache HTTP Server (utility programs for web servers)


and yes, it's installed! Now remove apache2 and relaunch puppet:

apt-get remove apache2
...
Removing apache2 (2.4.18-2ubuntu3.5) ...
puppetsimple.sh 
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppeta.us-west-2.compute.internal
Info: Applying configuration version '1511101212' 
Notice: /Stage[main]/Apache/Package[apache2]/ensure: created
Notice: Finished catalog run in 3.91 seconds


And apache2 is installed!

On puppet-master create a puppet file for the new website:

vi manifests/classes/mysyte.pp

class mysite {
        include apache
        file { '/etc/apache2/sites-enabled/mysite.conf':
                owner => root, group => root, mode => 0644,
                source => "puppet:///files/mysite/mysite_apache.conf",
                notify => Service['apache2'],
}
        file { '/home/www/mysite.example.org':
                ensure => directory,
        }
        file { '/home/www':
              ensure => directory,
        }
}


and modify the site.pp, including mysite e deleting only apache:

vi manifests/site.pp 

import 'classes/*.pp' 
class toolbox {
	file { '/usr/local/sbin/puppetsimple.sh':
	owner => root, group => root, mode => 0755,
	content => "#!/bin/sh\npuppet agent --onetime --no-daemonize --verbose $1\n",
	}
}
node 'puppeta.us-west-2.compute.internal' {
	include toolbox
	include mysite
}


Create a simpe apache.conf:

mkdir files/mysite
vi files/mysite/mysite_apache.conf

<VirtualHost *:80>
        ServerName mysite.example.org
        DocumentRoot /home/www/mysite.example.org
        <Directory />
                Require all granted
         </Directory>
</VirtualHost>


We restart the puppetmaster, mount have some errors:

Nov 19 13:58:50 ip-172-31-32-10 puppet-master[12849]: Removing mount "files": /etc/puppet/files does not exist or is not a directory
service puppetmaster restart


Adding to fileserver the allow string (agent can't fetch the file without it):

vi /etc/puppet/fileserver.conf 

[files]
  path /etc/puppet/files
  allow *
[plugins]


On puppet-agent :

puppetsimple.sh 

Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppeta.us-west-2.compute.internal
Info: Applying configuration version '1511104197'
Info: Computing checksum on file /etc/apache2/sites-enabled/mysite
Info: /Stage[main]/Mysite/File[/etc/apache2/sites-enabled/mysite]: Filebucketed /etc/apache2/sites-enabled/mysite to puppet with sum 88a0293bef75514ba0c643a24279e205 
Notice: /Stage[main]/Mysite/File[/etc/apache2/sites-enabled/mysite]/content: content changed '{md5}88a0293bef75514ba0c643a24279e205' to '{md5}2a79ae45adf298b00e97 d9f8cf71c0ab'
Info: /Stage[main]/Mysite/File[/etc/apache2/sites-enabled/mysite]: Scheduling refresh of Service[apache2]
Notice: /Stage[main]/Apache/Service[apache2]: Triggered 'refresh' from 1 events
Notice: /Stage[main]/Mysite/File[/home/www/mysite.example.org]/ensure: created
Notice: Finished catalog run in 2.26 seconds


echo "this is a test page" > /home/www/mysite.example.org/index.html


Now it works whit a small/stupid website. Test it with:

curl -H'host: mysite.example.org' http://123.123.123.2

this is a test page

Comments

blog comments powered by Disqus