lost and found ( for me ? )

Install puppet master and agent on Ubuntu 14.04

Here are trial and error logs when installing puppet master and agent.

Reference
http://terokarvinen.com/2012/puppetmaster-on-ubuntu-12-04

Prepare two Ubuntu 14.04 boxes, one is for puppet master and the other is for agent.

# tail -1 /etc/lsb-release ;uname -ri
DISTRIB_DESCRIPTION="Ubuntu 14.04.1 LTS"
3.13.0-34-generic x86_64

Before installing puppet master and agent, edit /etc/hosts so that each machine can communicate with the other with hostname.

on the master
root@puppet-master:/home/hattori# domainname
(none)
root@puppet-master:/home/hattori# cat /etc/hosts
127.0.0.1       localhost
127.0.1.1       puppet-master

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

192.168.122.56 puppet-master
192.168.122.197 puppet-agent01

root@puppet-master:/home/hattori# ping -c 1 puppet-agent01
PING puppet-agent01 (192.168.122.197) 56(84) bytes of data.
64 bytes from puppet-agent01 (192.168.122.197): icmp_seq=1 ttl=64 time=0.775 ms

--- puppet-agent01 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.775/0.775/0.775/0.000 ms

on the agent
root@puppet-agent01:/home/hattori# hostname
puppet-agent01
root@puppet-agent01:/home/hattori# domainname
(none)
root@puppet-agent01:/home/hattori# cat /etc/hosts
127.0.0.1       localhost
127.0.1.1       puppet-agent01

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

192.168.122.56 puppet-master
192.168.122.197 puppet-agent01

root@puppet-agent01:/home/hattori# ping -c 1 puppet-master
PING puppet-master (192.168.122.56) 56(84) bytes of data.
64 bytes from puppet-master (192.168.122.56): icmp_seq=1 ttl=64 time=0.330 ms

--- puppet-master ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.330/0.330/0.330/0.000 ms

Install puppet master
On the master box
root@puppet-master:/home/hattori# apt-get install puppetmaster –y

root@puppet-master:/home/hattori# service puppetmaster status
* master is running

start puppetmaster when booting the OS
root@puppet-master:/home/hattori# update-rc.d puppetmaster enable

Install puppet agent
On the agent box
root@puppet-agent01:/home/hattori# apt-get install puppet –y

root@puppet-agent01:/home/hattori# service puppet status
* agent is running

Start puppet agent when booting the OS
root@puppet-agent01:/home/hattori# update-rc.d puppet enable

[ configure puppet master ]

create a certificate file

root@puppet-master:/home/hattori# service puppetmaster stop

root@puppet-master:/home/hattori# rm -fr /var/lib/puppet/ssl/

edit /etc/puppet/puppet.conf and add puppetmaster hostname in dns_alt_names statement.
root@puppet-master:~# cat /etc/puppet/puppet.conf
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post

[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
dns_alt_names = puppet-master

root@puppet-master:~#  service puppetmaster start

confirm that there is the string of master’s hostname (puppet-master) in the SSL cert file.
puppet agent check this.
root@puppet-master:~# openssl x509 -in /var/lib/puppet/ssl/certs/puppet-master.pem  -text | grep -i dns
               DNS:puppet-master
root@puppet-master:~#

[ agent ]

on the agent
edit /etc/puppet/puppet.conf
root@puppet-agent01:~# grep -v ^# /etc/puppet/puppet.conf
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post

[master]
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY

[agent]
server = puppet-master

restart puppet
root@puppet-agent01:~# service puppet restart
* Restarting puppet agent
  ...done.

on the master
root@puppet-master:~# puppet cert --list
root@puppet-master:~#

nnn, can’t see the agent on the master.

on the agent. delete SSL files and restart puppet.
root@puppet-agent01:~# service puppet stop
* Stopping puppet agent
  ...done.
root@puppet-agent01:~# rm -r /var/lib/puppet/ssl/

root@puppet-agent01:~# service puppet start
* Starting puppet agent
  ...done.

on the master.
Okay, I was able to see the agent on the master
root@puppet-master:~# puppet cert –list
 "puppet-agent01" (SHA256) xx:xx:xx

sign the agent certificate on the master.
root@puppet-master:~# puppet cert --sign puppet-agent01
Notice: Signed certificate request for puppet-agent01
Notice: Removing file Puppet::SSL::CertificateRequest puppet-agent01 at '/var/lib/puppet/ssl/ca/requests/puppet-agent01.pem'

[ create site manifests and modules ]
create the manifest

on the master
root@puppet-master:~# cd /etc/puppet/
root@puppet-master:/etc/puppet# mkdir -p manifests/ modules/helloworld/manifests

root@puppet-master:/etc/puppet# echo 'include helloworld' > manifests/site.pp
root@puppet-master:/etc/puppet# cat manifests/site.pp
include helloworld

create the module
root@puppet-master:/etc/puppet# vi modules/helloworld/manifests/init.pp

root@puppet-master:/etc/puppet# cat modules/helloworld/manifests/init.pp
class helloworld {
       file { '/tmp/helloFromMaster':
               content => "Hello from Puppet Master\n"
       }
}

on the agent, restart puppet agent.
root@puppet-agent01:~# service puppet restart
* Restarting puppet agent
  ...done.

on the agent, check whether or not /tmp/helloFromMaster file exits.
nnn, no file exist..
root@puppet-agent01:~# ls /tmp/
root@puppet-agent01:~#

let’s run puppet as verbose mode to find the problem.
root@puppet-agent01:~# service puppet stop
* Stopping puppet agent
  ...done.
root@puppet-agent01:~# puppet agent --verbose --no-daemonize --onetime
Info: Retrieving plugin
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not parse for environment production: Syntax error at 'file' at /etc/puppet/manifests/site.pp:3 on node puppet-agent01
Notice: Using cached catalog
Error: Could not retrieve catalog; skipping run

Seen from the errors, something is wrong with the manifests and the modules
let’s re-create manifests by following instructions as below.


on the master
root@puppet-master:~# cat /etc/puppet/manifests/site.pp
node "puppet-agent01" {

 file { "/root/helloworld.txt":
   ensure => file,
   owner  => "root",
   group  => "root",
   mode   => 0644
 }
}

on the agent, run puppet as verbose mode.
Okay, the agent created the file.
root@puppet-agent01:~# service puppet stop

root@puppet-agent01:~# puppet agent --verbose --no-daemonize --onetime
Info: Retrieving plugin
Info: Caching catalog for puppet-agent01
Info: Applying configuration version '1408594607'
Notice: /Stage[main]/Main/Node[puppet-agent01]/File[/root/helloworld.txt]/ensure: created
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.04 seconds

root@puppet-agent01:~# ls /root/helloworld.txt
/root/helloworld.txt

change permissions of this file on the agent
root@puppet-agent01:~# chmod 0444 /root/helloworld.txt

run puppet
permission has been changed based on manifests
root@puppet-agent01:~# puppet agent --verbose --no-daemonize --onetime
Info: Retrieving plugin
Info: Caching catalog for puppet-agent01
Info: Applying configuration version '1408594607'
Notice: /Stage[main]/Main/Node[puppet-agent01]/File[/root/helloworld.txt]/mode: mode changed '0444' to '0644'
Notice: Finished catalog run in 0.05 seconds

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.