Puppet is a tool to manage the configuration of Unix-like systems declaratively. The developer provides Puppet templates to describe parts of the system, and, when these templates are deployed, the runtime puts the managed systems into the declared state.
Puppet consists of a custom declarative language to describe system configuration, distributed using the client–server paradigm (using a REST API), and a library to realize the configuration. The resource abstraction layer enables administrators to describe the configuration in high-level terms, such as users, services and packages.
Built to be cross-platform, it works on most Linux operating systems (including Red Hat, CentOS, Fedora, Debian, Ubuntu, and SUSE), as well as multiple Unix systems (Solaris, BSD, Mac OS X), and has basic Microsoft Windows support. It is a model driven solution that requires no coding knowledge to use.
Suppose we have 2 machines:
Master puppet with IP 192.168.58.153 and hostname : puppetmaster
Puppet client with IP 192.168.58.150 and hostname : puppetclient
Now add these 2 lines to /etc/hosts on both machines
192.168.58.150 puppetclient.example.com puppetclient 192.168.58.153 puppetmaster.example.com puppetmaster
save and exit
Install Puppet packages (Client and Master server) :
- Client
sudo apt-get install puppet
- Master server
apt-get install puppet puppetmaster
Now Define the manifest on The server
view /etc/puppet/manifests/site.pp
{codecitation}package {
‘apache2’:
ensure => installed
}
service {
‘apache2’:
ensure => true,
enable => true,
require => Package[‘apache2’]
}
package {
‘vim’:
ensure => installed
}
# Create “/tmp/testfile” if it doesn’t exist.
class test_class {
file { “/tmp/testfile”:
ensure => present,
mode => 600,
owner => root,
group => root
}
}
# tell puppet on which client to run the class
node puppetclient {
include test_class
}
{/codecitation}
From this configuration the pupprtmaster will deploy the installation of apache and will create /tmp/testfile with the above ownership.
Now start the Puppet master:
sudo /etc/init.d/puppetmaster start
Define the Server in the Puppet Client :
edit /etc/puppet/puppetd.conf and add
{codecitation}[puppetd]
server = puppetmaster.example.com
# Make sure all log messages are sent to the right directory
# This directory must be writable by the puppet user
logdir=/var/log/puppet
vardir=/var/lib/puppet
rundir=/var/run
{/codecitation}
root@puppetclient:~# puppetd –server puppetmaster.example.com –waitforcert 60 –test
warning: peer certificate won’t be verified in this SSL session
warning: peer certificate won’t be verified in this SSL session
info: Creating a new SSL certificate request for puppetclient.example.com
info: Certificate Request fingerprint (md5): 9E:3A:CB:C4:50:6D:42:CD:4E:EE:57:07:FB:AA:98:1B
warning: peer certificate won’t be verified in this SSL session
warning: peer certificate won’t be verified in this SSL session
warning: peer certificate won’t be verified in this SSL session
back to The Server and check who is waiting
root@puppetmaster:~# puppetca --list
you see that the client puppetclient.example.com is waiting
Now Sign the certificaat from the Master with :
sudo puppetca --sign puppetclient.example.com
Output
notice: Signed certificate request for puppetclient.example.com
notice: Removing file Puppet::SSL::CertificateRequest puppetclient.example.com at ‘/var/lib/puppet/ssl/ca/requests/puppetclient.example.com.pem’
Now back to The Client you will see this :
info: Caching certificate for puppetclient.example.com
info: Caching catalog for puppetclient.example.com
info: Applying configuration version ‘1301055447’
notice: /Stage[main]/Test_class/File[/tmp/testfile]/ensure: created
notice: Finished catalog run in 0.79 seconds
Check from the Client that the Test files has been created with the same ownership 600 defined on the Master
ls -ltr /tmp/testfile -rw------- 1 root root 0 2011-03-25 05:17 /tmp/testfile
check if the apache is running with
ps -ef | grep apache2
Reload the puppet client
#puppetd -v -o
check now if apache is installed and running
ps -ef | grep apache2 root 6097 1 0 05:37 ? 00:00:00 /usr/sbin/apache2 -k start
Enjoy
