Puppet is a Configuration Management Tool, which is in the market since 2005. Puppet is used for deploying a particular application, configuring nodes and managing servers.
Fig: Puppet Master and Agent |
- Defining distinct configurations for each and every host, and continuously checking and confirming whether the required configuration is in place and is not altered (if altered Puppet will revert back to the required configuration) on the host.
- Dynamic scaling-up and scaling-down of machines.
- Providing control over all your configured machines, so a centralized (master-server or repo-based) change gets propagated to all, automatically.
Puppet Master-Slave Architecture:
Puppet Master:Puppet Master is the key mechanism which handles all the configuration related stuff. It applies the configuration to nodes using the Puppet agent.
Puppet Agent:
Puppet Agents are the actual working machines which are managed by the Puppet Master. They have the Puppet agent daemon service running inside them. Puppet Agent or the puppet node sends facts to the Puppet Master.
Fig: Puppet Master-Slave Architecture |
Facts:
These facts are basically key-value data-pair that represent some aspect of Puppet slave. That aspect can be IP address, OS or VM and then Factor gathers some basic information about Puppet Slave, such as hardware details, network settings, OS, IP addresses, MAC addresses etc.
On the basis of facts, changes are done on any target machine. There are pre-defined and custom facts in Puppet. These Facts are available in Puppet master's manifest as variables. Puppet Master uses those Facts that have received from Puppet Agent to compile a Catalog. That Catalog defines how the slave should be configured.
Catalog:
The Catalog is a document that describes the desired state for each resource that Puppet Master manages in a slave. The catalog is compiled by the Puppet Master and then it is sent back to the node.
Report:
The node reports back to Puppet indicating the configuration is implemented successfully, which is visible in the Puppet Dashboard.
So, the connection between node, Puppet Master and Puppet Slave happens with the help of SSL.
Puppet Master-Slave Connection:
First, Puppet Slave requests for Puppet Master Certificate. Once Puppet Master receives the request, it will send the Master Certificate.
These facts are basically key-value data-pair that represent some aspect of Puppet slave. That aspect can be IP address, OS or VM and then Factor gathers some basic information about Puppet Slave, such as hardware details, network settings, OS, IP addresses, MAC addresses etc.
On the basis of facts, changes are done on any target machine. There are pre-defined and custom facts in Puppet. These Facts are available in Puppet master's manifest as variables. Puppet Master uses those Facts that have received from Puppet Agent to compile a Catalog. That Catalog defines how the slave should be configured.
Catalog:
The Catalog is a document that describes the desired state for each resource that Puppet Master manages in a slave. The catalog is compiled by the Puppet Master and then it is sent back to the node.
Report:
The node reports back to Puppet indicating the configuration is implemented successfully, which is visible in the Puppet Dashboard.
So, the connection between node, Puppet Master and Puppet Slave happens with the help of SSL.
Puppet Master-Slave Connection:
First, Puppet Slave requests for Puppet Master Certificate. Once Puppet Master receives the request, it will send the Master Certificate.
Fig: Puppet Master-Slave Connection |
Once Puppet Slave receives the Master Certificate, Puppet Master will again send a request for Slave Certificate. Now, Puppet Slave will generate its own certificate and send it to the Puppet Master.
Now, Puppet Master need to sign that certificate, and once when the certificate has signed, Puppet Slave can request for the data. Then, finally Puppet Master will send the data to the Puppet Slave.
Resources: Resources are the fundamental unit. This can be anything like a user or a file etc.
Syntax:
resource_type { 'resource_name'
attribute => value
…
}
Now, Puppet Master need to sign that certificate, and once when the certificate has signed, Puppet Slave can request for the data. Then, finally Puppet Master will send the data to the Puppet Slave.
Resources: Resources are the fundamental unit. This can be anything like a user or a file etc.
Syntax:
resource_type { 'resource_name'
attribute => value
…
}
Example:
file { '/etc/inetd.conf':
ensure => '/etc/inet/inetd.conf',
}
Classes: A class is a group of resources and we can declare a class among multiple manifests.
Syntax:
class example_class {
---
code
---
}
Manifest: Manifests are basically Puppet programs. Manifests are composed of puppet code with .pp extension.
Example:
class { 'apache' } //use apache module
apache::vhost { 'example.com': //define vhost resource
port => '80',
docroot => '/var/www/html',
}
}
Puppet - Installation
Pre-requisites:
- Puppet master server should have minimum two processor cores and at least 1 GB of RAM and its recommended that Puppet master server should have 2-4 processor cores and at least 4 GB of RAM.
- If you are installing Puppet version 5 of below, then make sure hostname should be 'puppet'.
- Install NTP
- Install Java
- Install Puppet Server
Steps we need to follow:
1. Update Hostname if using Puppet 5
2. Install NTP
3. Install Puppet Server (you may need to install Java and puppet-agent >=5.5.0 as dependencies)
4. Verify the version of Puppet Server
5. Create a soft link for puppet
Step 1: Update Hostname:
1. hostnames can contain letters (from a to z) and digits (from 0 to 9).
2. hostnames can contain hyphen ( - ) and dot ( . ) special characters.
3. hostnames must contain between 2 and 63 characters long.
4. hostnames letters are case-insensitive.
Know what is current hostname:
$ hostname
Update hostname temporary. In last use command bash:
$ hostname puppet
$ bash
Update hostname permanently. Open file /etc/hostname and put hostname as 'puppet' and save:
$ sudo vi /etc/hostname
Puppet
:wq
Step 2: Install NTP:
It acts as a certificate authority for agent nodes, the Puppet master server must maintain accurate system time to avoid potential problems when it issues agent certificates. Certificates can appear to be expired if there are time discrepancies.
List time zone of linux machine (CentOS-7):
$ timedatectl | grep "Time zone"
List all time zones:
$ timedatectl list-timezones
Set appropriate time zone:
$ sudo timedatectl set-timezone Asia/Kolkata
$ sudo yum -y update
$ sudo yum install -y ntp
Open ntp.conf for editing, that is located at /etc/ntp.conf
$ sudo vi /etc/ntp.conf
Add the time servers from the NTP Pool Project page to the top of the file (replace these with the servers of your choice):
server 2.in.pool.ntp.org
server 1.asia.pool.ntp.org
server 2.asia.pool.ntp.org
Start NTP to add the new time servers:
$ sudo service ntpd restart
Enable Configuration:
$ systemctl enable ntpd
Step 3: Install Puppet Server:
Open link is browser: http://yum.puppetlabs.com ➔ puppet5 ➔ el ➔ 7 ➔ x86_64 ➔ Right click on latest version of puppetserver and click on Copy link address:
$ sudo rpm -ivh rpm -ivh http://yum.puppetlabs.com/puppet5/el/7/x86_64/puppetserver-5.3.8-1.el7.noarch.rpm
Error: Failed dependencies:
java-1.8.0-openjdk-headless is needed by puppetserver-6.4.0-1.el8.noarch
puppet-agent >= 5.5.0 is needed by puppetserver-6.4.0-1.el8.noarch
So, first, we need to install Java:
$ sudo yum install -y java
Now, we are going to install the second dependency, which is puppet-agent >=5.5.0
Navigate to: http://yum.puppetlabs.com ➔ puppet5 ➔ el ➔ 5 ➔ x86_64 ➔ Right click on the latest version of puppet-agent and click on Copy link address ➔ go to the terminal and use the command:
Now, finally, install Puppet Server:
$ sudo rpm -ivh rpm -ivh http://yum.puppetlabs.com/puppet5/el/7/x86_64/puppetserver-5.3.8-1.el7.noarch.rpm
Step 4: Verify the version of Puppet Server:
To verify the version of Puppet Server use command:$ puppet -V
This puppet command may not be working right now. So, try:
$ /opt/puppetlabs/bin/puppetserver -V
In my case, it's puppet 5.5.8. To use 'puppet' command we need to create a soft link.
Step 5: Create a soft link for puppet:
If we run puppet command, normally this will not work. For this we need to create a soft link:$ ln -s /opt/puppetlabs/bin/puppet /usr/bin/puppet
Now, you can use 'puppet -V' apart from '/opt/puppetlabs/bin/puppetserver -V'.
Tks very much for your post. DevOps Training in Bangalore | Certification | Online Training Course institute | DevOps Training in Hyderabad | Certification | Online Training Course institute | DevOps Training in Coimbatore | Certification | Online Training Course institute | DevOps Online Training | Certification | Devops Training Online
ReplyDelete