ARTICLE SERIES ON DEVOPS FOR DUMMIES: POST 4
PUPPET 101 —Basics
Puppet act as a configuration management is a solution which can help in managing IT infrastructure as a code. It can help in deploying softwares, packages, configuration etc on your IT Infra as a scripts and can be reused and automated. Puppet comes with lot of features and supports variety of tasks.
Points to remember -
- Puppet follows client server model for deployment. One server will become master which is basically a Puppet server and other nodes where configuration need to be managed will become client nodes where Puppet Agent will be deployed.
- Master node can only be Linux
- Follows Pull Based model same as Chef
- Puppet uses declarative language to describe the desired state of your system in files called manifests.
- Manifests describe how your network and operating system resources, such as files, packages, and services, should be configured.
- Puppet then compiles those manifests into catalogs, and applies each catalog to its corresponding node to ensure the node is configured correctly, across your infrastructure.
- Uses Facts and Catalogue
- Support heterogeneous environment
- Works in Idempotent way
- Make sure keep the hostname in sync across puppet environment
- Recommends to use NTP service (Time Sync)
Puppet Terms:
In Puppet, all the programs which are written using Ruby programming language and saved with an extension of .pp are called manifests. All the programs written in Puppet follow Puppet coding style.
Puppet manifest components -
Resources — Puppet code is composed primarily of resource declarations.
$ puppet resource --typesManifests: Puppet programs are called manifests.
Classes: In Puppet, classes are code blocks that can be called in a code elsewhere.
Templates: Templates are written in a specialized templating language that generates text from data.
Modules: A module is a collection of manifests and data
Facts: global variables containing information about the system, like network interfaces and operating system
resource_type { 'name':
attribute => value,
}e.g.service { 'ssh':
ensure => running,
}
** puppet supports multiple type of resources. **$ puppet resource --types** to describe a resource **$ puppet describe package** You can validate puppet script before running **$ puppet parser validate <file-name>
In next set of this article we will deploy a small environment on GCP using free credits to perform a hands-on on puppet.
Environment:
Infrastructure → GCP Cloud
OS — Ubuntu 18
VM-1 puppetserver (Puppet master will be deployed)
VM-2 puppetclient (Puppet agent will be deployed )
Before proceeding further please update host file of both nodes with the internal IP. This will help us in creating internal.org fqdn.
<IP> puppetserver.internal.org
<IP> puppetclient.internal.orgInstalling puppet server on first VM(puppetserver)-
# Install NTP and verify the service$ sudo apt-get -y install ntp
$ sudo systemctl restart ntp
$ sudo ntpq -p
# Installing Puppet on Ubuntu 18.x$ wget https://apt.puppetlabs.com/puppet6-release-bionic.deb
$ sudo dpkg -i puppet6-release-bionic.deb
$ sudo apt update
$ sudo apt install -y puppetserverNote: If you face broken package issues.# Add following lines in in file (/etc/apt/sources.list)deb http://archive.ubuntu.com/ubuntu bionic universe
deb http://archive.ubuntu.com/ubuntu bionic-security universe
deb http://archive.ubuntu.com/ubuntu bionic-updates universethen run sudo apt update and sudo apt install -y puppetserver
If you are able to install puppet server, verify the status of service and update the config file as mentioned.
$ systemctl status puppetserver# Edit /etc/puppetlabs/puppet/puppet.conf file for settings[main]
certname = puppetserver.internal.org
server = puppetserver.internal.org
environment = production
runinterval = 15m$ systemctl start puppetserver
$ puppet config print environment
**************************************************************
Important note -
Puppet uses four config sections:main is the global section used by all commands and services. It can be overridden by the other sections.master is used by the Puppet master service and the Puppet cert command.agent is used by the Puppet agent service.user is used by the Puppet apply command
Config Dir — /etc/puppetlabs/puppet
puppet.conf: Puppet’s main config filecsr_attributes.yaml : Optional data to be inserted into new certificate req. auth.conf : Access control rules for the master’s network servicesfileserver.conf : Configuration for additional fileserver mount pointsautosign.conf : List of pre-approved certificate requests.
More Details — https://puppet.com/docs/puppet/5.5/dirs_confdir.html
**************************************************************
Now Start the service.
Verify the installation of Puppet CLI -
Move to other node and install puppet agent.
$ apt install -y puppet-agent# Update the file /etc/puppetlabs/puppet/puppet.conf[main]certname = puppetclient.internal.org
server = puppetserver.internal.org
environment = production
runinterval = 15m$ /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true
Now that the puppet agent is running run the below command on the master node to check if it has received any certificate signing request.
$ /opt/puppetlabs/bin/puppetserver ca list
Sign it.
$ /opt/puppetlabs/bin/puppetserver ca sign --certname puppetclient.internal.org##### If you want to sign them all$ /opt/puppetlabs/bin/puppetserver ca sign --certname all
$ /opt/puppetlabs/bin/puppet agent --test# puppet agent - Its job is to retrieve the local machine's configuration from a remote server and apply it.
Seems we are good to go. Let’s test some configuration with this setup.
In this example we will create a puppet manifest file. This file will create a directory on puppet agent nodes as per the instructions after execution.
node 'puppetclient.internal.org' { # Node Namefile { '/tmp/test': ensure => 'directory',
owner => 'root',
group => 'root',
mode => '0755', }}
Let’s run this file. We know the puppet works on pull model so agent node will look for any instructions.
Run this on node on Puppet Clients
$ /opt/puppetlabs/bin/puppet agent --test
If you see the above screenshot it confirms that puppet agent running on node has acted swiftly and created a directory.
Happy Learning !
