PuppetSnips

From Custard
Jump to: navigation, search

Contents

Fixing Certificate Hostname errors

hostname was not match with the server certificate

  • sudo puppet master --configprint certname
  • sudo /etc/init.d/puppetmaster stop
  • sudo find $(puppet master --configprint ssldir) -name "$(puppet master --configprint certname).pem" -delete
  • sudo vi /etc/puppet/puppet.conf
    • add certname=
    • add dns_alt_names=
  • sudo puppet master --no-daemonize --verbose
  • sudo /etc/init.d/puppetmaster restart


Installation

Install on OSX

sudo puppet resource group puppet ensure=present
sudo puppet resource user puppet ensure=present gid=puppet shell='/sbin/nologin'
sudo chown root:wheel /Library/LaunchDaemons/com.puppetlabs.puppet.plist
sudo chmod 644 /Library/LaunchDaemons/com.puppetlabs.puppet.plist
sudo chown root:wheel /Library/LaunchDaemons/com.puppetlabs.puppetmaster.plist
sudo chmod 644 /Library/LaunchDaemons/com.puppetlabs.puppetmaster.plist
sudo launchctl load -w /Library/LaunchDaemons/com.puppetlabs.puppet.plist
sudo launchctl load -w /Library/LaunchDaemons/com.puppetlabs.puppetmaster.plist

Install on Ubuntu/Debian

  • apt-get install puppet

Config

Puppet is configured to look for a puppet master server called 'puppet' by default. For my network I configured a DNS alias to point to the puppet master.

You can also set /etc/hosts to have an entry pointing to the puppet master.

Start on bootup

Ubuntu/Debian

  • vi /etc/default/puppet
    • START=yes
  • /etc/init.d/puppet start

Signing certificates

Before an agent can apply manifests it must have its certificate signed by the master. When the agent first tries to run it tries to connect to the master and its certificate will be available for viewing with puppet cert --list. Use puppet sign to allow the agent to connect.

On Agent

  • puppet agent --test

On Master

  • puppet cert --list
  • puppet cert sign --all


Example Manifest

/etc/puppet/manifests/site.pp

jamesb@eschaton:~$ ssh octopus cat /etc/puppet/manifests/site.pp
package { 'git':
      ensure => present,
}

package { 'subversion':
      ensure => present,
}

exec { "git init; git add *; git commit -am Initial":
  cwd     => "/etc",
  creates => "/etc/.git",
  path    => ["/usr/bin", "/usr/sbin"],
  require => Package['git']
}

notify{"Hello":}

Modules

/etc/puppet

|-- auth.conf
\-- manifests
    |-- site.pp
    \-- modules
        |-- git
        |   \-- manifests
        |       \-- init.pp
        \-- perl
            \-- manifests
                \-- init.pp
|-- ssl

/etc/puppet/manifests/site.pp

class vms {
    node "eschaton" {
        notify{"Hello Eschaton":}
        class{'git':}
    }
}

/etc/puppet/modules/git/manifests/init.pp

class git {
    package { 'git':
          ensure => present,
    }

    exec { "git init; git add *; git commit -am Initial":
      cwd     => "/etc",
      creates => "/etc/.git",
      path    => ["/usr/bin", "/usr/sbin"],
      require => Package['git']
    }
}
Personal tools