Wednesday, October 28, 2009

Configuration management: Puppet with Ubuntu 9.04

When you have a lot of machines to configure and manage, Configuration management tools like (Cfengine or Puppet)  becomes very handy.  The following procedure shows you how to have your Puppet Server installed and one client using Ubuntu 9.04.


For Server
#apt-get install puppetmaster

For Client

#apt-get install puppet


On Puppet server:

Edit /etc/puppet/puppet.conf

pluginsync=false

and add certname

[puppetmasterd]
templatedir=/var/lib/puppet/templates
certname = puppetserver.example.com

certname will guarantee that the cert is created right.


Edit /etc/puppet/fileserver.conf

This file will configure the path for files stored on the servers and who is allowed
to take them.


[files]
  path /etc/puppet/files
  allow *

Copy /etc/sudoers to /etc/puppet/files/etc/ so clients can take the file.

Now you have to make sure that on directory /etc/puppet/, you have all this directories.

root@puppetserver:/etc/puppet# ls
files  fileserver.conf  manifests  puppet.conf
root@puppetserver:/etc/puppet#

then go manifests and create a directory called classes.

Create a file /etc/puppet/manifests/classes/sudo.pp


# /etc/puppet/manifests/classes/sudo.pp


class sudo {
    file { "/etc/sudoers":
        owner => "root",
        group => "root",
        mode  => 440,
        source => "puppet://puppetserver.example.com/files/etc/sudoers"
    }
}

Create a file /etc/puppet/manifests/site.pp



import "classes/*"




# tell puppet on which client to run the class
node puppetclient {
    include sudo
}

Start puppet master /etc/init.d/puppetmasterd start


Note: You will get an error with xmlsimple.rb file. You will basically go to
/usr/lib/ruby/1.8/ and move xmlsimple.rb file to /usr/lib/ruby/1.8/lib/.


On Puppet client

Edit /etc/puppet/puppet.conf
Add

pluginsync=false


[puppetd]
certname = puppetclient.example.com
server = puppetserver.example.com
runinterval = 60   

runinterval will check puppet server every 60 seconds (Default 1800)

Then run the following command so the Puppet Server can issue a certificate.


# puppetd --test
warning: peer certificate won't be verified in this SSL session
notice: Did not receive certificate
notice: Set to run 'one time'; exiting with no certificate

GO TO PUPPET SERVER


#puppetca --list
puppetcliet.example.com

Then sign it.

# puppetca --sign puppetcliet.example.com
Signed puppetcliet.example.com

Now your client can talk with the master.

#/etc/init.d/puppet start


Enjoy it

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)