Part 2: Puppet 2.6.1, configure puppetmaster and puppetd
Configure Puppetmaster
For installing puppetmaster 2.4.1 on CentOS please click here for Part 1
In Part 1 we covered installing the Puppetmaster and Puppetd packages on Centos 5.5. We will now configure a very basic client/server model to serve the /etc/resolv.conf file to our client. Simple enough!
Create your first module
Our first module will be called networking::resolver, it’s job will be to push out a resolve.conf file to clients.
Create the directory structure under /etc/puppet
| punch# cd /etc/puppet punch# mkdir modules punch# mkdir modules/networking punch# mkdir modules/networking/files punch# mkdir modules/networking/manifests punch# mkdir files |
Create your resolv.conf file
| punch# vi modules/networking/files/resolv.conf |
Create your module manifest
| punch# vi modules/networking/manifests/init.pp |
| class networking { # Here you can add stuff to be inhereted by your networking classes # We won’t bother for this demonstration, but just for show! } class networking::resolver inherits networking { file { “/etc/resolv.conf”: ensure => present, source => “puppet:///modules/networking/resolv.conf”, group => “root”, owner => “root”, mode => “0755” } } |
Configure your site and nodes
Create a minimal site.pp
| punch# vi manifests/site.pp |
| import “nodes” import “templates” filebucket { main: server => puppet } |
Create a tempates file
| punch# vi manifests/templates.pp |
| class baseclass { include networking::resolver } node default { include baseclass } |
Create your node file
Don’t forget to replace judy.craigdunn.org with the fqdn of your client server
| punch# vi manifests/nodes.pp |
| node ‘basenode’ { include baseclass } node ‘judy.craigdunn.org’ inherits basenode { } |
Set up puppetmaster parameters
Create default configuration
This is a minimal puppet.conf file, a more detailed file can be produced with puppetmasterd –genconfig
The autosign will automatically sign certs for new clients, this is discouraged in a production environment but useful for testing. For information on running puppetmaster without autosign see the puppetca documentation.
| punch# vi puppet.conf |
| [main] # The Puppet log directory. # The default value is ‘$vardir/log’. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is ‘$vardir/run’. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is ‘$confdir/ssl’. ssldir = $vardir/ssl |
[agent]
# The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate “puppet“ executable using the “–loadclasses“ # option. # The default value is ‘$confdir/classes.txt’. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is ‘$confdir/localconfig’. localconfig = $vardir/localconfig report = true
[master]
autosign = true
Set permissions for your fileserver.
Note that this allows everything, you should restrict this in a production environment.
| punch# vi fileserver.conf |
| [files] path /etc/puppet/files allow * |
[modules]
allow *
[plugins]
allow *
Start puppetmaster
| punch# service puppetmaster start Starting puppetmaster: [ OK ] |
The puppet client
Configure puppetd
On your client, edit puppet.conf and add the following in the [agent] section, remembering to change punch.craigdunn.org to the fqdn of your Puppetmaster.
| judy# vi /etc/puppet/puppet.conf |
| [agent] server = punch.craigdunn.org report = true listen = true |
Allow puppetrunner
Create a file called namespaceauth.conf and add the following, note in a production environment this should be restricted to the fqdn of your puppet master
| judy# vi /etc/puppet/namespaceauth.conf |
| [puppetrunner] allow * |
Start puppetd
| judy# service puppet start |
View pending changes
Use –test along with –noop to do a dry run to view the changes that puppetd will make
| judy# puppetd –noop –test […] notice: /Stage[main]/Networking::Resolver/File[/etc/resolv.conf]/content: is {md5}e71a913327efa3ec8dae8c1a6df09b43, should be {md5}24b6444365e7e012e8fdc5f302b56e9c (noop) […] |
Now you can run puppetd without –noop to pull in your new resolv.conf file
This is a very basic demonstration of creating a server/client pair with puppet. There is much more documentation on configuring and managing puppet here