[ Lab 2.2 ] Configuration Management - smitja21/group-a-oe2 GitHub Wiki

[!NOTE] Ticket #21: Deploy Puppet Infrastructure and Implement Initial Configuration
Referred to by:
Ticket #27: Configuring puppet on mgmt server

[!IMPORTANT] This page needs formatting.

Section 1

  1. Verify Ubuntu Version

db-a on Ubuntu 24.04.3 LTS

Task 2: Verify and Set Hostnames

Set hostname on mgmt server

Set hostname on db server

Set hostname on backup server

Set hostname on app server

Section 2: Installing and Configuring the Puppet Server

Installed putty

Had to set a symbolic link to allow the command to be able to be ran.

Setup config:

Task 8: Create the Initial site.pp Manifest

Run ls-laR /etc/puppetlabs/code/environments/production/ and document the directory structure. What is the purpose of the environments/production/ path? What does the word “production” signify in Puppet’s environment model?

The purpose of the path is where we will save the production config, production is the default location for the config.

Task 9: Start and Enable the Puppet Server

Appears to be working fine

Task 10: Test the Server’s Local Agent

I did have issues due to a copy and paste issue but was fine after typed out command

a line with the SSL key and CSR lines didn't appear below shows the certificate, and this time we signed the db-a cert.

Section 3

  1. Install the Puppet Agent on the db-x Server
  1. Configure the db-a Agent
  1. Trigger the First Agent Run and Generate the Certificate Signing Request
  1. Sign the Agent Certificate on the Management Server
  1. Verify the Agent Connects Successfully
  • Explain in your own words what happens between the agent generating a private key and the first successful catalog application. What is the role of the Puppet CA?
    • The agent will generate the private key and sends a request (certificate signing request) to the server with its FQDN.
    • Either manually through a human's action or the autosign policy on the master, the request will be verified before it is signed.
    • The Puppet CA (certificate authority) authorises certificates.
  • Why does the puppet require manual certificate signing by default? What are the risks of enabling autosigning for all agents?
    • It is a security precaution. The person can verify the certificate request by the fingerprint as an extra precaution, in case an attacker has a legitimate certname, where autosigning would overlook this as it is only verifying the certname.
  • What command would you run to revoke the certificate of a node that has been decommissioned? Why is revoking (not just deleting) the certificate important?
    • sudo puppetserver ca revoke --certname [certname]
    • Revoking returns that certname back to no longer trusted
  1. Connect remaining agents

Section 4: Writing Your First Manifest — Package Management

Removed Vim on db-a

Installed Vim:

(a) Run the agent a second time on db-x without removing vim again. Paste the output. How many resources were changed? What does this tell you about idempotency in Puppet?

Didn't change any resources, means it must know that vim is already installed so doesn't install it again

(b) What happens if you manually remove vim again between agent runs? Does Puppet detect and correct this without any human intervention? Demonstrate this.

Yes, after removing vim and rerunning the command, it syncs the catalogue and adds vim back after it is removed.