Part 2: Puppet 2.6.1, configure puppetmaster and puppetd

Configure Puppetmaster

For installing puppetmaster 2.4.1 on CentOS please click here for Part 1

In Part 1 we covered installing the Puppetmaster and Puppetd packages on Centos 5.5. We will now configure a very basic client/server model to serve the /etc/resolv.conf file to our client. Simple enough!

Create your first module

Our first module will be called networking::resolver, it’s job will be to push out a resolve.conf file to clients.

Create the directory structure under /etc/puppet

punch# cd /etc/puppet punch# mkdir modules punch# mkdir modules/networking punch# mkdir modules/networking/files punch# mkdir modules/networking/manifests punch# mkdir files

Create your resolv.conf file

punch# vi modules/networking/files/resolv.conf

Create your module manifest

punch# vi modules/networking/manifests/init.pp
class networking { # Here you can add stuff to be inhereted by your networking classes # We won’t bother for this demonstration, but just for show! }   class networking::resolver inherits networking { file { “/etc/resolv.conf”: ensure => present, source => “puppet:///modules/networking/resolv.conf”, group => “root”, owner => “root”, mode => “0755” } }

Configure your site and nodes

Create a minimal site.pp

punch# vi manifests/site.pp
import “nodes” import “templates”   filebucket { main: server => puppet }

Create a tempates file

punch# vi manifests/templates.pp
class baseclass { include networking::resolver }   node default { include baseclass }

Create your node file

Don’t forget to replace judy.craigdunn.org with the fqdn of your client server

punch# vi manifests/nodes.pp
node ‘basenode’ { include baseclass }   node ‘judy.craigdunn.org’ inherits basenode { }

Set up puppetmaster parameters

Create default configuration

This is a minimal puppet.conf file, a more detailed file can be produced with puppetmasterd –genconfig

The autosign will automatically sign certs for new clients, this is discouraged in a production environment but useful for testing. For information on running puppetmaster without autosign see the puppetca documentation.

punch# vi puppet.conf
[main] # The Puppet log directory. # The default value is ‘$vardir/log’. logdir = /var/log/puppet   # Where Puppet PID files are kept. # The default value is ‘$vardir/run’. rundir = /var/run/puppet   # Where SSL certificates are kept. # The default value is ‘$confdir/ssl’. ssldir = $vardir/ssl  

[agent]

# The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate “puppet“ executable using the “–loadclasses“ # option. # The default value is ‘$confdir/classes.txt’. classfile = $vardir/classes.txt   # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is ‘$confdir/localconfig’. localconfig = $vardir/localconfig report = true  

[master]

autosign = true

Set permissions for your fileserver.
Note that this allows everything, you should restrict this in a production environment.

punch# vi fileserver.conf
[files] path /etc/puppet/files allow *  

[modules]

allow *  

[plugins]

allow *

Start puppetmaster

punch# service puppetmaster start Starting puppetmaster: [ OK ]

The puppet client

Configure puppetd
On your client, edit puppet.conf and add the following in the [agent] section, remembering to change punch.craigdunn.org to the fqdn of your Puppetmaster.

judy# vi /etc/puppet/puppet.conf
[agent] server = punch.craigdunn.org report = true listen = true

Allow puppetrunner

Create a file called namespaceauth.conf and add the following, note in a production environment this should be restricted to the fqdn of your puppet master

judy# vi /etc/puppet/namespaceauth.conf
[puppetrunner] allow *

Start puppetd

judy# service puppet start

View pending changes

Use –test along with –noop to do a dry run to view the changes that puppetd will make

judy# puppetd –noop –test […] notice: /Stage[main]/Networking::Resolver/File[/etc/resolv.conf]/content: is {md5}e71a913327efa3ec8dae8c1a6df09b43, should be {md5}24b6444365e7e012e8fdc5f302b56e9c (noop) […]

Now you can run puppetd without –noop to pull in your new resolv.conf file

This is a very basic demonstration of creating a server/client pair with puppet. There is much more documentation on configuring and managing puppet here

Next: Installing Puppet Dashboard

Subscribe to Craig Dunn

Sign up now to get access to the library of members-only issues.
Jamie Larson
Subscribe