This is a guest post written by Alex Rodriguez.
About the Author
Alex Rodriguez is a Linux dev-ops administrator, running Puppet to manage a SaaS platform of approximately 70 Linux servers. The great majority of them are virtualized hosts running CentOS 6.3-6.5 on XenServer 6.2.0 hypervisor; meaning he had approximately 15 bare metal XenServers to be manage manually; a sacrilege, once you get used to Puppet 😉
Contact the Author: alex@mengano.net
Prerequisites
Requirements, not covered on this article:
- Puppet server installed and configured, including proper manifests, plug-ins, etc.
- XenServer 6.2.0 hypervisor properly configured and optionally a member of a Xen Pool.
Environment
Puppet server: “puppet01”
[root@puppet01:/tmp]# uname -a Linux puppet01 2.6.32-358.14.1.el6.x86_64 #1 SMP Tue Jul 16 23:51:20 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux [root@puppet01:/tmp]# [root@puppet01:/tmp]# cat /etc/redhat-release CentOS release 6.4 (Final) [root@puppet01:/tmp]# [root@puppet01:/tmp]# facter $serverversion architecture => x86_64 … kernel => Linux kernelmajversion => 2.6 kernelrelease => 2.6.32-358.14.1.el6.x86_64 … puppetversion => 3.2.3
XenServer 6.2.0 hypervisor: “xen01”
[root@xen01 ~]# xe host-list params=name-description,software-version name-description ( RW) : Default install of XenServer software-version (MRO): product_version: 6.2.0; product_version_text: 6.2; product_version_text_short: 6.2; platform_name: XCP; platform_version: 1.8.0; product_brand: XenServer; build_number: 70446c; hostname: othone-2; date: 2013-06-21; dbv: 2013.0621; xapi: 1.3; xen: 4.1.5; linux: 2.6.32.43-0.4.1.xs1.8.0.839.170780xen; xencenter_min: 2.0; xencenter_max: 2.0; network_backend: openvswitch; xs:xenserver-transfer-vm: XenServer Transfer VM, version 6.2.0, build 70314c; xs:main: XenServer Pack, version 6.2.0, build 70446c; xcp:main: Base Pack, version 1.8.0, build 70446c [root@xen01 ~]#
Procedure
Install Puppet client On XenServer:
Install dependent EPEL and PuppetLabs YUM repos:
[root@xen01 tmp]# wget http://dl.fedoraproject.org/pub/epel/5/$(uname -i)/epel-release-5-4.noarch.rp [root@xen01 tmp]# [root@xen01 tmp]# rpm -Uvh epel-release-5-4.noarch.rpm Preparing... ########################################### [100%] 1:epel-release [root@xen01 tmp]# wget https://yum.puppetlabs.com/el/5/products/i386/puppetlabs-release-5-7.noarch.rpm [root@xen01 tmp]# rpm -Uvh /tmp/ puppetlabs-release-5-7.noarch.rpm Preparing... ########################################### [100%] 1:puppetlabs-release ########################################### [100%] [root@xen01 tmp]#
XenServer 6.2.0 is based on CentOS, thus is has CentOS yum repository configuration, it just needs to be enabled
[root@xen01 tmp]# sed -i 's/enabled=1/enabled=0/g' /etc/yum.repos.d/CentOS-Base.repo
Install puppet client:
[root@xen01 tmp]# yum install puppet-3.2.3-1.el5 … Dependencies Resolved ============================================================================================================================================================================= Package Arch Version Repository Size ============================================================================================================================================================================= Installing: puppet noarch 3.2.3-1.el5 puppetlabs-products 1.0 M Installing for dependencies: augeas-libs i386 0.10.0-4.el5 puppetlabs-deps 373 k facter i386 1:1.7.5-1.el5 puppetlabs-products 87 k hiera noarch 1.3.2-1.el5 puppetlabs-products 23 k libX11 i386 1.0.3-11.el5_7.1 base 797 k libXau i386 1.0.1-3.1 base 18 k libXdmcp i386 1.0.1-2.1 base 19 k libselinux-ruby i386 1.33.4-5.7.el5 base 60 k ruby i386 1.8.7.374-2.el5 puppetlabs-deps 379 k ruby-augeas i386 0.4.1-3.el5 puppetlabs-deps 22 k ruby-irb i386 1.8.7.374-2.el5 puppetlabs-deps 343 k ruby-libs i386 1.8.7.374-2.el5 puppetlabs-deps 2.2 M ruby-rdoc i386 1.8.7.374-2.el5 puppetlabs-deps 411 k ruby-rgen noarch 0.6.5-2.el5 puppetlabs-deps 349 k ruby-shadow i386 1:2.2.0-2.el5 puppetlabs-deps 13 k rubygem-json i386 1.5.5-2.el5 puppetlabs-deps 772 k rubygems noarch 1.3.7-1.el5 puppetlabs-deps 217 k tk i386 8.4.13-5.el5_1.1 base 888 k virt-what i386 1.11-2.el5 base 23 k xorg-x11-filesystem noarch 7.1-2.fc6 base 5.4 k Transaction Summary ============================================================================================================================================================================= Install 20 Package(s) Upgrade 0 Package(s) Total download size: 7.9 M Is this ok [y/N]: (20/20): ruby-libs-1.8.7.374-2.el5.i386.rpm | 2.2 MB 00:01 --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 1.1 MB/s | 7.9 MB 00:07 warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 signature: NOKEY, key ID 4bd6ec30 puppetlabs-products/gpgkey | 1.7 kB 00:00 Importing GPG key 0x4BD6EC30 "Puppet Labs Release Key (Puppet Labs Release Key) <info@puppetlabs.com>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs Is this ok [y/N]: y Installed: puppet.noarch 0:3.2.3-1.el5 Dependency Installed: augeas-libs.i386 0:1.1.0-1.el5 facter.i386 1:2.0.1-1.el5 hiera.noarch 0:1.3.2-1.el5 libX11.i386 0:1.0.3-11.el5_7.1 libXau.i386 0:1.0.1-3.1 libXdmcp.i386 0:1.0.1-2.1 libselinux-ruby.i386 0:1.33.4-5.7.el5 ruby.i386 0:1.8.7.374-2.el5 ruby-augeas.i386 0:0.4.1-3.el5 ruby-irb.i386 0:1.8.7.374-2.el5 ruby-libs.i386 0:1.8.7.374-2.el5 ruby-rdoc.i386 0:1.8.7.374-2.el5 ruby-rgen.noarch 0:0.6.5-2.el5 ruby-shadow.i386 1:2.2.0-2.el5 rubygem-json.i386 0:1.5.5-2.el5 rubygems.noarch 0:1.3.7-1.el5 tk.i386 0:8.4.13-5.el5_1.1 virt-what.i386 0:1.11-2.el5 xorg-x11-filesystem.noarch 0:7.1-2.fc6 Complete! [root@xen01 tmp]#
Configure new Puppet node
On Puppet server, define the new node.
NOTE: Here I’m sub-classing a couple of puppet classes we have. I will include needed excerpts of each at the bottom.
Add node definition on Puppet server’s site.pp file or main manifest file.
node xenserver {
include common_xen
}
…
node xen01 inherits xenserver {
}
On XenServer, add Puppet server configuration to /etc/puppet/puppet.conf, like so:
[root@xen01 ~]# grep server /etc/puppet/puppet.conf # Puppet server server = puppet01 [root@xen01 ~]#
On XenServer, set auto start puppet on boot-up:
[root@xen01 ~]# chkconfig puppet on [root@xen01 ~]#
… and start the Puppet client:
[root@xen01 ~]# /etc/init.d/puppet start Starting puppet agent: [ OK ] [root@xen01 ~]#
A few seconds after you start Puppet client on XenServer, you should see a certificate sign request on Puppet server. Confirm receipt of such request and sign certificate like so:
[root@puppet01:/etc/puppet]# puppet cert --list "xen01 " (SHA256) B5:2C:87:D1:C9:D0:BE:42:F0:26:A5:CB:73:61:DA:43:C9:00:BA:21:C7:CA:5E:5A:BC:9D:9F:47:5F:61:2E:81 [root@puppet01:/etc/puppet]# [root@puppet01:/etc/puppet]# puppet cert --sign xen01 Notice: Signed certificate request for xen01 Notice: Removing file Puppet::SSL::CertificateRequest xen01 at '/var/lib/puppet/ssl/ca/requests/1xen01.pem' [root@puppet01:/etc/puppet]#
Verification
Run Puppet client manually to verify Puppet server logs client request and client properly downloads its catalog:
[root@xen01 ~]# puppet agent --verbose --onetime --no-daemonize --splaylimit 1 Info: Retrieving plugin Info: Loading facts in /var/lib/puppet/lib/facter/fstab.rb Info: Caching catalog for xen01 Info: Applying configuration version '1396311876' … Notice: /Group[atlassian]/ensure: created Notice: /Group[staging]/ensure: created Notice: /Group[production]/ensure: created … Notice: Finished catalog run in 2.51 seconds [root@xen01 ~]#
Verify Puppet server logs XenServer node receiving its catalog:
Mar 31 17:19:39 puppet01 puppet-master[30395]: (Scope(Node[default])) xen01 - XenServer 2.6.32.43-0.4.1.xs1.8.0.839.170780xen - puppet: 3.2.3 Mar 31 17:20:01 puppet01 puppet-master[30395]:
Excerpts of needed Puppet manifests
common_xen.pp manifest
class common_xen {
include postfix
# Packages
package { "epel-release": ensure => "installed" }
package { "puppetlabs-release": ensure => installed }
package { "yum-utils": ensure => installed }
package { "facter": ensure => installed }
package { "puppet": ensure => "3.2.3-1.el5" }
exec { "mta-alternative":
command => "/usr/sbin/alternatives --set mta /usr/sbin/sendmail.postfix",
#unless => "/usr/bin/test -f /usr/sbin/sendmail.postfix",
path => "/bin/:/usr/bin",
require => Package[ "postfix" ],
}
# Puppet
service { "puppet":
ensure => running,
enable => true,
hasrestart => true,
hasstatus => true,
}
}
postfix.pp manifest
class postfix {
package { "sendmail-cf": ensure => absent }
package { "sendmail": ensure => absent }
package { "postfix": ensure => installed }
package { "mailx": ensure => installed }
service { "postfix":
ensure => running,
enable => true,
hasrestart => true,
hasstatus => true,
require => [ File["main.cf"], Package["postfix"] ]
}
}
Cheers!
