Sunday, August 18, 2013

A Simple Puppet 3.1 Setup

Recently I got the notion of setting up a puppetized configuration system for my computers at home. I have two machines:
  • earth - a Linux desktop, which will be the puppet client
  • halo - a Linux server, which will be the puppet server as well as a client

My biggest frustration, though, was find a simple tutorial that would help me get Puppet up and running, the two machines talking, and a configuration pushing down onto the client.

So after pulling from a few separate sources, here's what I found works. In a future post I'll write about how, after more frustration, I was able to get configurations pushing down onto the systems and how I setup version control on the puppet configurations themselves.

Step 1: Install Puppet (Fedora 19)

Not the hardest part, but you do need to be aware of what packages are out there. The two packages are puppet and puppet-server. The former is what you need on any system that will act as a client or agent, the latter on any system that will be offering up puppetized data.

So, obviously, I installed puppet on halo, and puppet and puppet-server on earth.

Step 2: Configuring The Puppet Master

This is the first part that gave me headaches. Since I don't want to deal with external certificates, I just wanted something that would work for me in my private network.

What I did was to configure earth to be it's own certificate authority with the following in /etc/puppet/puppet.conf:
    logdir = /var/log/puppet
    rundir = /var/run/puppet
    ssldir = $vardir/ssl

    # self-signing certificates
    server =
    certname =

    reports = store, http

    classfile = $vardir/classes.txt
    localconfig = $vardir/localconfig

Step 3: Exchanging SSL Certificates With The Agent

Here is where there was a decided lack of examples online. And the Puppet website didn't help at all, especially with recovering things after a failure occurred.

The steps to follow are:
  1. unless you have your own DNS, add the fully qualified hostnames of each machine in the other's /etc/hosts file; i.e., for me I had to put in halo's file, and in earth's, then
  2. open two terminals on your puppet master (in my case, on earth) and one on your puppet agent (in my case, on halo), then
  3. start up in one puppet master terminal a master using the command line:
    1. puppet master --no-daemonize --verbose
  4. on the puppet agent terminal start an agent using the command line:
    1. puppet agent -t --no-daemonize --verbose
  5. you'll see some messages about exchanging the SSL credentials and then a note that no certificate is waiting, at which point in the other puppet master terminal window you'll do:
    1. puppet cert sign
At this point your machines will have shared SSL credentials and will be able to talk to each other.

Step 4: How To Recover If Something Goes Wrong

If you start getting messages about the keys being wrong on the agent side, the easiest thing to do is to delete the /var/lib/puppet/ssl/ directories on BOTH machines. This way you no longer have any data about the other system and can start over with a clean slate.

No comments:

Post a Comment