- We'll get started with puppet by visiting http://www.debian-administration.org/articles/526.
- Next, we'll attempt a tutorial involving ntp at http://bitfieldconsulting.com/puppet-tutorial.
- After that, we'll attempt a tutorial involving user accounts at https://www.linux.com/learn/introduction-puppet-streamlined-system-configuration
1. Stop the puppetmaster.
/etc/init.d/puppetmaster stop
2. Remove any existing master certificates by running
find $(puppet master --configprint ssldir) -name "$(puppet master --configprint certname).pem" -delete
3. Edit /etc/puppet/puppet.conf and append these lines to the end of the file, substituting your virtual Linux machine's fully qualified domain name for “belushi.monmouth.edu”: (If you don't know what your “fully qualified domain name” is, ask me.)
# jchung setting dns_alt_names for puppetmaster # per https://docs.puppet.com/puppet/3.8/post_install.html # 3/2018 # Change "belushi.monmouth.edu" below to match your virtual machine's fully qualified domain name. # dns_alt_names = belushi.monmouth.edu certname = belushi.monmouth.edu
4. Restart the puppetmaster.
/etc/init.d/puppetmaster start
1. Stop the puppet agent.
sudo /etc/init.d/puppet stop
2. Remove any existing agent certificates by running
sudo find $(puppet master --configprint ssldir) -name "$(puppet master --configprint certname).pem" -delete
3. Edit the /etc/puppet/puppet.conf file and append these lines to the end of the file, while making the needed substitutions on the server and certname lines:
[agent] # Settings for agent (client) nodes # jchung, per https://docs.puppet.com/puppet/3.8/post_install.html # 3/2018 # Change "belushi.monmouth.edu" below to match your VM's fully qualified domain name. # Change "wilder.monmouth.edu" below to match the puppet agent machine's FQDN (your container). # server = belushi.monmouth.edu report = true pluginsync = true certname = wilder.monmouth.edu
4. Restart the puppet agent.
sudo /etc/init.d/puppet start
See https://docs.puppet.com/puppet/3.8/post_install.html.
After the steps taken above, when you run on your puppet master (Linux virtual machine),
puppet cert list
you should see a list of incoming certificate requests from the puppet agent machines. At that point, you can run either
puppet cert sign <NAME> or puppet cert sign --all
Until this step is completed, there will be no puppetmaster-to-puppet communication.
A recommended approach to using puppet is to use task modules. For us, this involves creating module subdirectories under the /etc/puppet/modules directory. Each module subdirectory under /etc/puppet/modules also contains a manifests subdirectory into which we put our puppet manifests.
Do parts A, B, and C below ONLY on the puppetmaster machine (Linux virtual machine):
Create the following subdirectory tree under the /etc/puppet/modules directory:
modules
|-- ntp
| `-- manifests
|-- sudo
| `-- manifests
`-- users
`-- manifests
by running the following commands:
cd /etc/puppet/modules
mkdir -p ntp/manifests sudo/manifests users/manifests
In the special manifest file init.pp, put manifests in class definitions that match each module name.
/etc/puppet/modules/ntp/manifests/init.pp file, save the following:# copied from http://bitfieldconsulting.com/puppet-tutorial
# jchung, 3/2018
# /etc/puppet/modules/ntp/manifests/init.pp
class ntp {
package { "ntp":
ensure => installed
}
service { "ntp":
ensure => running,
}
}
/etc/puppet/modules/sudo/manifests/init.pp file, save the following:# Following instructions that used to be at
# http://projects.puppetlabs.com/projects/puppet/wiki/Simplest_Puppet_Install_Pattern
# jchung, 3/2018
# /etc/puppet/modules/sudo/manifests/init.pp
class sudo {
file { "/etc/sudoers":
owner => 'root',
group => 'root',
mode => '0440',
}
}
/etc/puppet/modules/users/manifests/init.pp file, save the following:# User manifest from
# https://www.linux.com/learn/introduction-puppet-streamlined-system-configuration
# jchung, 3/2018
# /etc/puppet/modules/users/manifests/init.pp
class users {
user { 'norm':
uid => '1003',
ensure => 'present',
gid => '100',
home => '/home/norm',
shell => '/bin/bash'
}
}
site.pp master manifest is where we define nodes (puppet agent nodes) and which puppetmaster modules will apply to those nodes./etc/puppet/manifests/site.pp file, erase everything and save the following:# Following instructions that used to be at
# http://projects.puppetlabs.com/projects/puppet/wiki/Simplest_Puppet_Install_Pattern
# jchung, 3/2018
# /etc/puppet/manifests/site.pp
# All puppet agent nodes that pull from this puppetmaster will run the following modules:
node default {
include sudo
include ntp
include users
}
$ sudo puppet agent --enable
# Substitute your puppetmaster host for belushi.monmouth.edu below:
$ sudo puppet agent --test --noop --server=belushi.monmouth.edu
puppet agent --test... command will give indications of whether manifests would be applied successfully, whether manifests would be rejected due to syntax errors, or whether manifests would not be applied because no changes are needed on the puppet agent. --noop option, no manifest-directed changes would actually be made on the puppet agent.--noop option: # Substitute your puppetmaster host for belushi.monmouth.edu below:
$ sudo puppet agent --test --server=belushi.monmouth.edu