Pages

Thursday, October 25, 2012

Installing Puppet

Introduction

Puppet is an open source configuration management tool written in Ruby. With puppet you can bootstrap and maintain the configurations of computer systems using manifests. It's possible to use puppet as a standalone application or in a master/client configuration. This tutorial is about installing puppet in a master/client configuration on Ubuntu LTS. I'm going to show how to install the master and the client. In the tutorial replace "example.com" with your domain name.

Puppet Labs repository

The default Ubuntu repository already contains packages for puppet, but if you want the latest version you can use the packages from Puppet Labs. If you want the default distributions packages you can skip this part and go directly to "Installing master and client".
To use the Puppet Labs' packages you have to download the puppetlabs-release package:

Ubuntu lucid:
$ wget http://apt.puppetlabs.com/puppetlabs-release-lucid.deb
$ sudo dpkg -i puppetlabs-release-lucid.deb
$ sudo aptitude update

Ubuntu precise:
$ wget http://apt.puppetlabs.com/puppetlabs-release-precise.deb
$ sudo dpkg -i puppetlabs-release-precise.deb
$ sudo aptitude update

Installing master and client

The client runs in daemon mode and has a default run interval of 30 minutes. This means the client agent is going to check for new configuration at the master every 30 minutes and applies it to the client. The default host it connects to is 'puppet'. The easiest setup is to name the master "puppet.example.com". Setup your dns to point "puppet.example.com" to the ip of your master server. Make sure that on the client your resolv.conf contains "search example.com".

/etc/resolv.conf:
nameserver <ip1>
nameserver <ip2>
search example.com
...

Installing puppetmaster

On the machine that serves as the puppet master:
sudo aptitude install puppetmaster
 
To have the master start at boot we have to change /etc/default/puppetmaster:
$ sudo sed -i 's/START=no/START=yes/' /etc/default/puppetmaster
$ /etc/init.d/puppetmaster start

Installing puppetclient

On the nodes we install the puppet-agent:
$ sudo aptitude install puppet

To have the agent start at boot we have to change /etc/default/puppet:
$ sudo sed -i 's/START=no/START=yes/' /etc/default/puppet
$ /etc/init.d/puppet start

Certificates

To authorize the agent to the master, we have to sign the clients certificates. On the master:
$ puppet cert list
client1.example.com
$ puppet cert sign client1.example.com
Or if you have multiple clients you want to sign at once:
$ puppet cert list
client1.example.com
client2.example.com
client3.example.com
$ puppet cert sign --all

You can also choose to auto-sign the certificates, but be aware of the security risk this may present. On the master add the following line to the file /etc/puppet/autosign.conf:
*.example.com

First manifest

Now you have a working master/client puppet installation and we can start to write our first manifest. Edit the file /etc/puppet/manifests/site.pp and add your first node:
node 'client1.example.com' {
   file { "/tmp/test-file":
       replace => "no",
       ensure  => "present",
       content => "Example file from Puppet\n",
       mode    => 644,
   }
}

This is just a really simple example that adds the file /tmp/test-file to client1.example.com.