Ticket ID #138 ‐ Set Up Configuration Management System with Puppet - GriffinKat/group-a GitHub Wiki
Install and configure Puppet Master on Management Server
-
Step 1- Use the following command to update the server to ensure proper network connectivity.
sudo apt update && sudo apt upgradeFollow the prompts on the screen to upgrade. Click OK on the screen below.
-
Step 2- Add host entries to /etc/hosts file on all the servers to map private IP's to the hostname.
Use the following command to get the private IP of the management server.
ip addr showNOTE: Follow the same command to get the private IP of all the servers.
Now, edit the /etc/hosts file on the server and add the following lines under the first entry(for localhost):
-
Step 3- Test connectivity by pinging Database server form the management server by pinging using hostname.
-
Step 4- Setup the PuppetMaster.
-
1. Add the puppet repository:
wget https://apt.puppetlabs.com/puppet7-release-jammy.debsudo dpkg -i puppet7-release-jammy.debsudo apt update -
2. Install the Puppet server package:
sudo apt install puppetserver -yNOTE: The puppet server was already installed on the server, but just follow the instructions on the prompt for restarting services and puppet master will be installed.
-
3. Configure the Puppet server:
Edit the Puppet server configuration file /etc/puppetlabs/puppet/puppet.conf
Add the following lines under the [main] section marker:
[main]
certname = mgmt-a.oe2.org.nz
server = mgmt-a
runinterval = 1h
strict_variables = true
-
4. Navigate to the directory /etc/puppetlabs/code/environments/production/manifests/. In this directory, create the file site.pp. It should be empty for now.
cd /etc/puppetlabs/code/environments/production/manifests/Create the file site.pp using the following command
sudo touch site.pp -
5. Restart puppetmaster with the following command:
sudo systemctl restart puppetserver -
6. Start and enable the Puppet server:
sudo systemctl start puppetserversudo systemctl enable puppetserver -
7. Verify the Puppet server is running:
sudo systemctl status puppetserver -
8. Execute the puppet agent test command
sudo /opt/puppetlabs/bin/puppet agent --testNOTE: We will have to make an entry into the site.pp file for this command to work. The details of which are mentioned later in the document.
-
-
Step 5- Certificate Management
-
1. View pending certificate requests on the master using:
sudo puppetserver ca list --all -
2. Sign a specific agent’s certificate:
sudo puppetserver ca sign --certname backup-a.oe2.org.nzsudo puppetserver ca sign --certname apps-a.oe2.org.nzNOTE: Here I signed the requested certificates for two servers, backup and application respectively.
-
-
Step 6- Sample agent configuration
NOTE: The following documentation is for the application server. We have to follow the same for the other agent servers.
Now we will try to achieve configurations pulled from the master to the agent. To begin, make sure that vim is not installed on the application server by running the following command.
sudo apt remove vim.Next, edit the site.pp created earlier on the management server and put the following text in it:
node 'apps-a.oe2.org.nz' {
package { 'vim': ensure => present }
}
NOTE: The above screenshot shows the entry for application server only. Do the same for all the servers in the site.pp file.
Now, re-run the agent on the application server using the following command.
sudo /opt/puppetlabs/puppet/bin/puppet agent --server=mgmt-a --no-daemonize --verbose --onetimeThe above screenshot confirms the configuration from Master was applied to the application server and the screenshot below confirms that vim was installed.