Linuxwall

User Tools

Site Tools

Trace: puppet
en:ressources:dossiers:puppet

Table of Contents

Puppet

Some notes on setting up puppetmaster and agents.

- base setup

Debian Jessie has version 3.2 of puppet. 

apt-get install puppetmaster

this will start the server and open a socket on tcp/8140.

An agent can be installed with the puppet package 

apt-get install puppet

The agent configuration in /etc/puppet/puppet.conf is barebone but functional. You do need to add the location of the puppet server. 

[main]
	server = mozpm.jaffanet
	logdir=/var/log/puppet
	vardir=/var/lib/puppet
	ssldir=/var/lib/puppet/ssl
	rundir=/var/run/puppet
	factpath=$vardir/lib/facter
	templatedir=$confdir/templates
	prerun_command=/etc/puppet/etckeeper-commit-pre
	postrun_command=/etc/puppet/etckeeper-commit-post

[master]
	# These are needed when the puppetmaster is run by passenger
	# and can safely be removed if webrick is used.
	ssl_client_header = SSL_CLIENT_S_DN 
	ssl_client_verify_header = SSL_CLIENT_VERIFY

- Agent enrollment

The puppet agent needs a SSL certificate signed by the puppetmaster. The first run of the agent on a barebone install will contact the puppetmaster to obtain this certificate. And it will fail to continue until the puppetmaster validates the registration.

On the agent: 

root@pa1:/# puppet agent --test
Info: Caching certificate for ca
Info: Creating a new SSL certificate request for pa1.jaffanet
Info: Certificate Request fingerprint (SHA256): 18:B4:C4:22:48:91:F2:DC:1E:BF:20:4B:D5:4D:65:3E:67:F1:23:33:3F:0D:1E:65:92:73:53:03:FA:F4:A8:3D
Exiting; no certificate found and waitforcert is disabled

The certificate will be waiting for approval on the puppetmaster: 

root@mozpm:/# puppet cert list
  "pa1.jaffanet" (SHA256) 18:B4:C4:22:48:91:F2:DC:1E:BF:20:4B:D5:4D:65:3E:67:F1:23:33:3F:0D:1E:65:92:73:53:03:FA:F4:A8:3D
root@mozpm:/# puppet cert sign pa1.jaffanet
Notice: Signed certificate request for pa1.jaffanet
Notice: Removing file Puppet::SSL::CertificateRequest pa1.jaffanet at '/var/lib/puppet/ssl/ca/requests/pa1.jaffanet.pem'

The resulting certificate is stored in /var/lib/puppet/ssl.

Now we can rerun puppet agent again: 

root@pa1:/# puppet agent --no-daemonize --onetime --verbose
Info: Caching certificate for pa1.jaffanet
Info: Caching certificate_revocation_list for ca
Info: Retrieving plugin
Could not retrieve selinux: Invalid argument - /proc/self/attr/current
Could not retrieve selinux: Invalid argument - /proc/self/attr/current
Could not retrieve selinux: Invalid argument - /proc/self/attr/current
Could not retrieve selinux: Invalid argument - /proc/self/attr/current
Could not retrieve selinux: Invalid argument - /proc/self/attr/current
Could not retrieve selinux: Invalid argument - /proc/self/attr/current
Could not retrieve selinux: Invalid argument - /proc/self/attr/current
Info: Caching catalog for pa1.jaffanet
Info: Applying configuration version '1376941222'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.03 seconds
en/ressources/dossiers/puppet.txt · Last modified: 2024/04/17 10:19 by 127.0.0.1