Differences

This shows you the differences between two versions of the page.

Link to this comparison view

en:ressources:dossiers:puppet [2013/08/19 20:04] (current)
Line 1: Line 1:
 +====== Puppet ======
 +
 +Some notes on setting up puppetmaster and agents.
 +
 +===== - base setup =====
 +
 +Debian Jessie has version 3.2 of puppet.
 +<​code>​
 +apt-get install puppetmaster
 +</​code>​
 +this will start the server and open a socket on tcp/8140.
 +
 +An agent can be installed with the puppet package
 +<​code>​
 +apt-get install puppet
 +</​code>​
 +The agent configuration in /​etc/​puppet/​puppet.conf is barebone but functional. You do need to add the location of the puppet server.
 +<​file>​
 +[main]
 + server = mozpm.jaffanet
 + logdir=/​var/​log/​puppet
 + vardir=/​var/​lib/​puppet
 + ssldir=/​var/​lib/​puppet/​ssl
 + rundir=/​var/​run/​puppet
 + factpath=$vardir/​lib/​facter
 + templatedir=$confdir/​templates
 + prerun_command=/​etc/​puppet/​etckeeper-commit-pre
 + postrun_command=/​etc/​puppet/​etckeeper-commit-post
 +
 +[master]
 + # These are needed when the puppetmaster is run by passenger
 + # and can safely be removed if webrick is used.
 + ssl_client_header = SSL_CLIENT_S_DN ​
 + ssl_client_verify_header = SSL_CLIENT_VERIFY
 +</​file>​
 +
 +==== - Agent enrollment ====
 +The puppet agent needs a SSL certificate signed by the puppetmaster. The first run of the agent on a barebone install will contact the puppetmaster to obtain this certificate. And it will fail to continue until the puppetmaster validates the registration.
 +
 +On the agent:
 +<​code>​
 +root@pa1:/# puppet agent --test
 +Info: Caching certificate for ca
 +Info: Creating a new SSL certificate request for pa1.jaffanet
 +Info: Certificate Request fingerprint (SHA256): 18:​B4:​C4:​22:​48:​91:​F2:​DC:​1E:​BF:​20:​4B:​D5:​4D:​65:​3E:​67:​F1:​23:​33:​3F:​0D:​1E:​65:​92:​73:​53:​03:​FA:​F4:​A8:​3D
 +Exiting; no certificate found and waitforcert is disabled
 +</​code>​
 +
 +The certificate will be waiting for approval on the puppetmaster:​
 +<​code>​
 +root@mozpm:/#​ puppet cert list
 +  "​pa1.jaffanet"​ (SHA256) 18:​B4:​C4:​22:​48:​91:​F2:​DC:​1E:​BF:​20:​4B:​D5:​4D:​65:​3E:​67:​F1:​23:​33:​3F:​0D:​1E:​65:​92:​73:​53:​03:​FA:​F4:​A8:​3D
 +</​code>​
 +
 +<​code>​
 +root@mozpm:/#​ puppet cert sign pa1.jaffanet
 +Notice: Signed certificate request for pa1.jaffanet
 +Notice: Removing file Puppet::​SSL::​CertificateRequest pa1.jaffanet at '/​var/​lib/​puppet/​ssl/​ca/​requests/​pa1.jaffanet.pem'​
 +</​code>​
 +
 +The resulting certificate is stored in /​var/​lib/​puppet/​ssl.
 +
 +Now we can rerun puppet agent again:
 +<​code>​
 +root@pa1:/# puppet agent --no-daemonize --onetime --verbose
 +Info: Caching certificate for pa1.jaffanet
 +Info: Caching certificate_revocation_list for ca
 +Info: Retrieving plugin
 +Could not retrieve selinux: Invalid argument - /​proc/​self/​attr/​current
 +Could not retrieve selinux: Invalid argument - /​proc/​self/​attr/​current
 +Could not retrieve selinux: Invalid argument - /​proc/​self/​attr/​current
 +Could not retrieve selinux: Invalid argument - /​proc/​self/​attr/​current
 +Could not retrieve selinux: Invalid argument - /​proc/​self/​attr/​current
 +Could not retrieve selinux: Invalid argument - /​proc/​self/​attr/​current
 +Could not retrieve selinux: Invalid argument - /​proc/​self/​attr/​current
 +Info: Caching catalog for pa1.jaffanet
 +Info: Applying configuration version '​1376941222'​
 +Info: Creating state file /​var/​lib/​puppet/​state/​state.yaml
 +Notice: Finished catalog run in 0.03 seconds
 +</​code>​
 +
  
en/ressources/dossiers/puppet.txt ยท Last modified: 2013/08/19 20:04 (external edit)
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0