SlideShare a Scribd company logo

PuppetCamp SEA 1 - Use of Puppet

Walter Heck, profile picture
Walter Heck

The document provides a comprehensive guide on setting up and using Puppet and PuppetDB, including installation, configuration, and management of nodes within a Puppet environment. It highlights the use of open-source modules, establishing repositories, and managing SSL certificates, while also showcasing the integration of Git for version control. The author discusses training and consulting services provided by Olindata, emphasizing their experience in Puppet deployment across various infrastructures.

Technology
1 of 25
Downloaded 15 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Hands-on: getting your feet wet with puppet PuppetDB, Exported Resources, 3rd party open source modules, git submodules, inventory service June 5th, 2012 Puppet Camp Southeast Asia Kuala Lumpur, Malaysia Walter Heck, OlinData
Overview •  Introduction OlinData •  Checkup •  Set up puppet & puppetdb •  Set up a 2nd node •  Add an open source puppet module •  Implement it and show exported resources usage •  Future of Puppet in South East Asia
Introduction OlinData •  OlinData ▫  MySQL Consulting ▫  Tribily Server Monitoring as a Service (http://tribily.com) ▫  Puppet training and consulting •  Founded in 2008 ▫  Setup to be run remotely and location independent •  Started using Puppet in 2010 ▫  Official puppetlabs partner since 02-2012 ▫  Experience with large, medium and small infrastructures
Checkup • Who is using puppet? Who's going to? Haven't decided yet? • Who is using puppet in production? ▫ Stored configs? Open source modules? Exported resources? Inventory service?
Prerequisites • Good mood for tinkering • VirtualBox Debian 6.0.4 64bit VM • Internet connection (preferrably > 28k8)
Doing the minimum prep • Get repository .deb package and install it ▫  This should be automated into your bootstrapping of course! # wget http://apt.puppetlabs.com/puppetlabs-release_1.0-3_all.deb # dpkg -i puppetlabs-release_1.0-3_all.deb # aptitude update # aptitude install puppetmaster-passenger puppet puppetdb puppetdb-terminus
Adjust puppet config files •  /etc/puppet/puppetdb.conf [main] server = debian-puppetcamp.example.com port = 8081 •  /etc/puppet/puppet.conf [master] storeconfigs = true storeconfigs_backend = puppetdb •  /etc/puppet/routes.yaml master: facts: terminus: puppetdb cache: yaml
Add permissions for inventory service •  Add permissions to auth.conf #NOTE: refine this on a production server! path /facts auth any method find, search allow *
Set up SSL certs •  Run the ssl generating script #/usr/sbin/puppetdb-ssl-setup •  Set the generated password in jetty config file #cat /etc/puppetdb/ssl/puppetdb_keystore_pw.txt #vim /etc/puppetdb/conf.d/jetty.ini [..] key-password=tP35htAMH8PUcYVtCAmSVhYbf trust-password=tP35htAMH8PUcYVtCAmSVhYbf •  Set ownership for /etc/puppetdb/ssl #chown -R puppetdb:puppetdb /etc/puppetdb/ssl
Check ssl certs •  Check ssl certs for puppetdb against puppet # keytool -list -keystore /etc/puppetdb/ssl/ keystore.jks Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry debian-puppetcamp.example.com, Jun 4, 2012, PrivateKeyEntry, Certificate fingerprint (MD5): D7:F1:03:5F:E0:1A:C3:DB:E1:23:C4:CE:43:FA:24:24 # puppet cert fingerprint debian- puppetcamp.example.com --digest=md5 debian-puppetcamp.example.com D7:F1:03:5F:E0:1A:C3:DB:E1:23:C4:CE:43:FA:24:24
Restart •  Restart apache/passenger & puppetdb # /etc/init.d/puppetdb restart && apache2ctl restart •  Sit back and watch puppetdb log 2012-06-04 18:02:22,154 WARN [main] [bonecp.BoneCPConfig] JDBC username was not set in config! 2012-06-04 18:02:22,154 WARN [main] [bonecp.BoneCPConfig] JDBC password was not set in config! 2012-06-04 18:02:23,050 INFO [BoneCP-pool-watch-thread] [HSQLDB37B6BA305B.ENGINE] checkpointClose start 2012-06-04 18:02:23,109 INFO [BoneCP-pool-watch-thread] [HSQLDB37B6BA305B.ENGINE] checkpointClose end 2012-06-04 18:02:23,160 INFO [main] [cli.services] Starting broker 2012-06-04 18:02:24,890 INFO [main] [journal.Journal] ignoring zero length, partially initialised journal data file: db-1.log number = 1 , length = 0 2012-06-04 18:02:25,051 INFO [main] [cli.services] Starting 1 command processor threads 2012-06-04 18:02:25,063 INFO [main] [cli.services] Starting query server 2012-06-04 18:02:25,064 INFO [main] [cli.services] Starting database compactor (60 minute interval) 2012-06-04 18:02:25,087 INFO [clojure-agent-send-off-pool-1] [mortbay.log] Logging to org.slf4j.impl.Log4jLoggerAdapter(org.mortbay.log) via org.mortbay.log.Slf4jLog 2012-06-04 18:02:25,090 INFO [clojure-agent-send-off-pool-1] [mortbay.log] jetty-6.1.x 2012-06-04 18:02:25,140 INFO [clojure-agent-send-off-pool-1] [mortbay.log] Started SocketConnector@debian-puppetcamp.example.com:8080 2012-06-04 18:02:25,885 INFO [clojure-agent-send-off-pool-1] [mortbay.log] Started SslSocketConnector@debian-puppetcamp.example.com:8081
Test run! •  Check for listening connections #netstat -ln | grep 808 tcp6 0 0 127.0.1.1:8080 :::* LISTEN tcp6 0 0 127.0.1.1:8081 :::* LISTEN •  Run puppet # puppet agent -t No LSB modules are available. info: Caching catalog for debian- puppetcamp.example.com info: Applying configuration version '1338804503' notice: Finished catalog run in 0.09 seconds
Create git repo/get submodule •  Create a git repo of our puppet repository # git init Initialized empty Git repository in /etc/puppet/.git/ # git add * # git commit -m 'initial commit' [master (root-commit) bf0eff5] initial commit Committer: root <root@debian-puppetcamp.example.com> 6 files changed, 157 insertions(+), 0 deletions(-) create mode 100755 auth.conf create mode 100644 fileserver.conf create mode 100644 puppet.conf create mode 100644 puppetdb.conf create mode 100644 routes.yaml
The first beginnings of a new world •  Add 2 nodes to /etc/puppet/manifests/site.pp node 'debian-puppetcamp.example.com' { file { '/tmp/puppet.txt': ensure => present, content => "This is host ${::hostname}n" } } node 'debian-node.example.com' { file { '/tmp/puppet.txt': ensure => present, content => "This is host ${::hostname}n" } }
Adding a node •  Install puppet # aptitude install puppet •  Point to puppetmaster # vim /etc/hosts <ip_of_puppetmaster> puppet
Signing the node •  Run puppet once to generate cert request # puppetd -t info: Creating a new SSL key for debian-node.example.com warning: peer certificate won't be verified in this SSL session info: Caching certificate for ca warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session info: Creating a new SSL certificate request for debian-node.example.com info: Certificate Request fingerprint (md5): 17:E0:87:45:F7:05:44:EE:F2:65:89:7B:56:62:CA:A9 warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session Exiting; no certificate found and waitforcert is disabled •  Sign the request on the master # puppet cert --list --all debian-node.example.com (17:E0:87:45:F7:05:44:EE:F2:65:89:7B:56:62:CA:A9) + debian-puppetcamp.example.com (64:A6:C8:9F:FC:50:3E:79:9D:0D:19:04:4B:29:68:D1) (alt names: DNS:debian-puppetcamp.example.com, DNS:puppet, DNS:puppet.example.com) # puppet cert --sign debian-node.example.com notice: Signed certificate request for debian-node.example.com notice: Removing file Puppet::SSL::CertificateRequest debian-node.example.com at '/var/lib/puppet/ ssl/ca/requests/debian-node.example.com.pem'
Run puppet and check result •  Run puppet on node # puppetd -t warning: peer certificate won't be verified in this SSL session info: Caching certificate for debian-node.example.com No LSB modules are available. info: Caching certificate_revocation_list for ca info: Caching catalog for debian-node.example.com info: Applying configuration version '1338822174' notice: /Stage[main]//Node[debian-node.example.com]/File[/tmp/puppet.txt]/ensure: created info: Creating state file /var/lib/puppet/state/state.yaml notice: Finished catalog run in 0.06 seconds •  Check result # cat /tmp/puppet.txt This is Host debian-node •  Say “YEAH!”
Adding a git submodule •  Clone the firewall submodule from github # git submodule add https://github.com/puppetlabs/puppetlabs- firewall.git modules/firewall Cloning into modules/firewall... remote: Counting objects: 1065, done. remote: Compressing objects: 100% (560/560), done. remote: Total 1065 (delta 384), reused 1012 (delta 341) Receiving objects: 100% (1065/1065), 158.69 KiB | 117 KiB/s, done. Resolving deltas: 100% (384/384), done. •  Commit it to the main repo # git add * && git commit -m 'Added 2 node defs and firewall submodule' [master d0bab6f] Added 2 node defs and firewall submodule Committer: root <root@debian-puppetcamp.example.com> 3 files changed, 17 insertions(+), 0 deletions(-) create mode 100644 .gitmodules create mode 100644 manifests/site.pp create mode 160000 modules/firewall
Using the new firewall submodule •  Adjust manifests/site.pp node 'basenode' { @@firewall { "200 allow conns to the puppetmaster from ${::fqdn}": chain => 'INPUT', action => 'accept', proto => 'tcp', dport => 8140, source => $::ipaddress_eth1, tag => 'role:puppetmaster' } } #Our puppet master node 'debian-puppetcamp.example.com' inherits basenode { # Gather all Firewall rules here Firewall<<| tag == 'role:puppetmaster' |>> } # Our sample node node 'debian-node.example.com' inherits basenode { }
Running puppet agent •  Execute puppet runs on both nodes root@debian-puppetcamp:/etc/puppet# puppetd -t info: Loading facts in /etc/puppet/modules/firewall/lib/facter/iptables.rb No LSB modules are available. info: Caching catalog for debian-puppetcamp.example.com info: Applying configuration version '1338825096' notice: /Firewall[200 allow conns to the puppetmaster from debian- puppetcamp.example.com]/ensure: created notice: Finished catalog run in 0.47 seconds root@debian-node:~# puppetd -t No LSB modules are available. info: Caching catalog for debian-node.example.com info: Applying configuration version '1338825096' notice: Finished catalog run in 0.03 seconds root@debian-puppetcamp:/etc/puppet# puppetd -t info: Loading facts in /etc/puppet/modules/firewall/lib/facter/iptables.rb No LSB modules are available. info: Caching catalog for debian-puppetcamp.example.com info: Applying configuration version '1338825096' notice: /Firewall[200 allow conns to the puppetmaster from debian- node.example.com]/ensure: created notice: Finished catalog run in 0.22 seconds
Checking results •  Iptables on puppetmaster # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 192.168.0.111 anywhere multiport dports 8140 /* 200 allow conns to the puppetmaster from debian-node.example.com */ ACCEPT tcp -- 192.168.0.109 anywhere multiport dports 8140 /* 200 allow conns to the puppetmaster from debian-puppetcamp.example.com */ [..]
Inventory service •  Query for all nodes having debian squeeze root@debian-puppetcamp:/etc/puppet# curl -k -H "Accept: yaml" https://puppet: 8140/production/facts_search/search?facts.lsbdistcodename=squeeze &facts.operatingsystem=Debian --- - debian-puppetcamp.example.com - debian-node.example.com •  Query for facts about a certain node root@debian-puppetcamp:/etc/puppet# curl -k -H "Accept: yaml" https://puppet:8140/production/facts/debian-puppetcamp.example.com --- !ruby/object:Puppet::Node::Facts expiration: 2012-06-04 18:38:21.174542 +08:00 name: debian-puppetcamp.example.com values: productname: VirtualBox Kernelmajversion: "2.6" ipaddress_eth0: 10.0.2.15 kernelversion: 2.6.32 [..]
PuppetCamp SEA 1 - Use of Puppet
OlinData and Puppet •  Training ▫  Upcoming trainings: –  Singapore – August 6-8 –  Hyderabad – July 11-14 ▫  Cheaper then in the West (50% or more discount!) ▫  Expanding to 5 countries in 5 months •  Consulting ▫  Remote consulting worldwide ▫  Ongoing hands-on engineering ▫  Start from scratch or improve existing environment
Walter Heck (walterheck@olindata.com) @walterheck / @olindata #PuppetCampSEA http://www.olindata.com Like us on Facebook: http://fb.me/olindata

More Related Content

PDF
PuppetCamp SEA 1 - Puppet Deployment at OnApp
Walter Heck
 
PDF
Puppet at Opera Sofware - PuppetCamp Oslo 2013
Cosimo Streppone
 
PDF
rake puppetexpert:create - Puppet Camp Silicon Valley 2014
nvpuppet
 
PDF
How we use and deploy Varnish at Opera
Cosimo Streppone
 
PDF
From Dev to DevOps
Agile Spain
 
PDF
“warpdrive”, making Python web application deployment magically easy.
Graham Dumpleton
 
PDF
Using Puppet to Create a Dynamic Network - PuppetConf 2013
Puppet
 
KEY
From Dev to DevOps - ApacheCON NA 2011
Carlos Sanchez
 
PuppetCamp SEA 1 - Puppet Deployment at OnApp
Walter Heck
 
Puppet at Opera Sofware - PuppetCamp Oslo 2013
Cosimo Streppone
 
rake puppetexpert:create - Puppet Camp Silicon Valley 2014
nvpuppet
 
How we use and deploy Varnish at Opera
Cosimo Streppone
 
From Dev to DevOps
Agile Spain
 
“warpdrive”, making Python web application deployment magically easy.
Graham Dumpleton
 
Using Puppet to Create a Dynamic Network - PuppetConf 2013
Puppet
 
From Dev to DevOps - ApacheCON NA 2011
Carlos Sanchez
 

What's hot (18)

PDF
VUG5: Varnish at Opera Software
Cosimo Streppone
 
KEY
From Dev to DevOps - Apache Barcamp Spain 2011
Carlos Sanchez
 
KEY
From Dev to DevOps - FOSDEM 2012
Carlos Sanchez
 
PPTX
Nagios Conference 2012 - Nathan Vonnahme - Writing Custom Nagios Plugins in Perl
Nagios
 
KEY
Puppet for Java developers - JavaZone NO 2012
Carlos Sanchez
 
PDF
Beaker: Automated, Cloud-Based Acceptance Testing - PuppetConf 2014
Puppet
 
PDF
How to Develop Puppet Modules: From Source to the Forge With Zero Clicks
Carlos Sanchez
 
PDF
Puppet fundamentals
Murali Boyapati
 
PDF
Isolated development in python
Andrés J. Díaz
 
PDF
PuppetCamp SEA 1 - Using Vagrant, Puppet, Testing & Hadoop
Walter Heck
 
PDF
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Carlos Sanchez
 
PDF
Django로 만든 웹 애플리케이션 도커라이징하기 + 도커 컴포즈로 개발 환경 구축하기
raccoony
 
KEY
PyCon AU 2010 - Getting Started With Apache/mod_wsgi.
Graham Dumpleton
 
ODP
LPW 2007 - Perl Plumbing
lokku
 
PDF
Puppet: Eclipsecon ALM 2013
grim_radical
 
PDF
Puppet modules for Fun and Profit
Alessandro Franceschi
 
PPT
Scalable Systems Management with Puppet
Puppet
 
PDF
DevOps(4) : Ansible(2) - (MOSG)
Soshi Nemoto
 
VUG5: Varnish at Opera Software
Cosimo Streppone
 
From Dev to DevOps - Apache Barcamp Spain 2011
Carlos Sanchez
 
From Dev to DevOps - FOSDEM 2012
Carlos Sanchez
 
Nagios Conference 2012 - Nathan Vonnahme - Writing Custom Nagios Plugins in Perl
Nagios
 
Puppet for Java developers - JavaZone NO 2012
Carlos Sanchez
 
Beaker: Automated, Cloud-Based Acceptance Testing - PuppetConf 2014
Puppet
 
How to Develop Puppet Modules: From Source to the Forge With Zero Clicks
Carlos Sanchez
 
Puppet fundamentals
Murali Boyapati
 
Isolated development in python
Andrés J. Díaz
 
PuppetCamp SEA 1 - Using Vagrant, Puppet, Testing & Hadoop
Walter Heck
 
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Carlos Sanchez
 
Django로 만든 웹 애플리케이션 도커라이징하기 + 도커 컴포즈로 개발 환경 구축하기
raccoony
 
PyCon AU 2010 - Getting Started With Apache/mod_wsgi.
Graham Dumpleton
 
LPW 2007 - Perl Plumbing
lokku
 
Puppet: Eclipsecon ALM 2013
grim_radical
 
Puppet modules for Fun and Profit
Alessandro Franceschi
 
Scalable Systems Management with Puppet
Puppet
 
DevOps(4) : Ansible(2) - (MOSG)
Soshi Nemoto
 
Ad

Similar to PuppetCamp SEA 1 - Use of Puppet (20)

PDF
DevOps Braga #6
DevOps Braga
 
PPT
Puppet
csrocks
 
PDF
Writing and Publishing Puppet Modules - PuppetConf 2014
Puppet
 
ODP
Puppet slides for intelligrape
Sharad Aggarwal
 
KEY
Puppet for dummies - PHPBenelux UG edition
Joshua Thijssen
 
PPTX
Troubleshooting Puppet
Thomas Howard Uphill
 
PPTX
Puppet Troubleshooting
Puppet
 
PPTX
Puppet
Seenaah Seenaahzadeh
 
PPT
Scalable systems management with puppet
Puppet
 
PDF
Writing and Publishing Puppet Modules
Puppet
 
PPTX
Puppet quick start guide
Suhan Dharmasuriya
 
PDF
SCM Puppet: from an intro to the scaling
Stanislav Osipov
 
PDF
20090514 Introducing Puppet To Sasag
garrett honeycutt
 
PPTX
Introduction to puppet - Hands on Session at HPI Potsdam
Christoph Oelmüller
 
PDF
From SaltStack to Puppet and beyond...
Yury Bushmelev
 
PDF
June 2014 PDX PUG: Writing and Publishing Puppet Modules
Puppet
 
PDF
Portland Puppet User Group June 2014: Writing and publishing puppet modules
Puppet
 
KEY
Stanford Hackathon - Puppet Modules
Puppet
 
PPTX
Puppet_training
Afroz Hussain
 
PDF
Unix Automation using centralized configuration management tool
Torrid Networks Private Limited
 
DevOps Braga #6
DevOps Braga
 
Puppet
csrocks
 
Writing and Publishing Puppet Modules - PuppetConf 2014
Puppet
 
Puppet slides for intelligrape
Sharad Aggarwal
 
Puppet for dummies - PHPBenelux UG edition
Joshua Thijssen
 
Troubleshooting Puppet
Thomas Howard Uphill
 
Puppet Troubleshooting
Puppet
 
Puppet
Seenaah Seenaahzadeh
 
Scalable systems management with puppet
Puppet
 
Writing and Publishing Puppet Modules
Puppet
 
Puppet quick start guide
Suhan Dharmasuriya
 
SCM Puppet: from an intro to the scaling
Stanislav Osipov
 
20090514 Introducing Puppet To Sasag
garrett honeycutt
 
Introduction to puppet - Hands on Session at HPI Potsdam
Christoph Oelmüller
 
From SaltStack to Puppet and beyond...
Yury Bushmelev
 
June 2014 PDX PUG: Writing and Publishing Puppet Modules
Puppet
 
Portland Puppet User Group June 2014: Writing and publishing puppet modules
Puppet
 
Stanford Hackathon - Puppet Modules
Puppet
 
Puppet_training
Afroz Hussain
 
Unix Automation using centralized configuration management tool
Torrid Networks Private Limited
 
Ad

More from Walter Heck (11)

PDF
PuppetCamp Ghent - What Not to Do with Puppet
Walter Heck
 
PDF
PuppetCamp SEA @ Blk 71 - Cloud Management with Puppet
Walter Heck
 
PDF
PuppetCamp SEA @ Blk 71 - Nagios in under 10 mins with Puppet
Walter Heck
 
PDF
PuppetCamp SEA @ Blk 71 - What's New in Puppet DB
Walter Heck
 
PDF
PuppetCamp SEA @ Blk 71 - Puppet: The Year That Was
Walter Heck
 
PDF
PuppetCamp SEA 1 - Puppet & FreeBSD
Walter Heck
 
PDF
PuppetCamp SEA 1 - Version Control with Puppet
Walter Heck
 
PDF
PuppetCamp SEA 1 - The State of Puppet
Walter Heck
 
PDF
OlinData Puppet Presentation for DevOps Singapore meet-up
Walter Heck
 
PDF
OlinData Puppet Presentation for MOSC 2012
Walter Heck
 
PDF
Puppet User Group Presentation - 15 March 2012
Walter Heck
 
PuppetCamp Ghent - What Not to Do with Puppet
Walter Heck
 
PuppetCamp SEA @ Blk 71 - Cloud Management with Puppet
Walter Heck
 
PuppetCamp SEA @ Blk 71 - Nagios in under 10 mins with Puppet
Walter Heck
 
PuppetCamp SEA @ Blk 71 - What's New in Puppet DB
Walter Heck
 
PuppetCamp SEA @ Blk 71 - Puppet: The Year That Was
Walter Heck
 
PuppetCamp SEA 1 - Puppet & FreeBSD
Walter Heck
 
PuppetCamp SEA 1 - Version Control with Puppet
Walter Heck
 
PuppetCamp SEA 1 - The State of Puppet
Walter Heck
 
OlinData Puppet Presentation for DevOps Singapore meet-up
Walter Heck
 
OlinData Puppet Presentation for MOSC 2012
Walter Heck
 
Puppet User Group Presentation - 15 March 2012
Walter Heck
 

Recently uploaded (20)

PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
A Presentation on Artificial Intelligence
memembruh336
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Encapsulation theory and applications.pdf
gurumoop
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Teaching material agriculture food technology
LiaRayya
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Cloud computing and distributed systems.
kkkkkhan
 

PuppetCamp SEA 1 - Use of Puppet

  • 1. Hands-on: getting your feet wet with puppet PuppetDB, Exported Resources, 3rd party open source modules, git submodules, inventory service June 5th, 2012 Puppet Camp Southeast Asia Kuala Lumpur, Malaysia Walter Heck, OlinData
  • 2. Overview •  Introduction OlinData •  Checkup •  Set up puppet & puppetdb •  Set up a 2nd node •  Add an open source puppet module •  Implement it and show exported resources usage •  Future of Puppet in South East Asia
  • 3. Introduction OlinData •  OlinData ▫  MySQL Consulting ▫  Tribily Server Monitoring as a Service (http://tribily.com) ▫  Puppet training and consulting •  Founded in 2008 ▫  Setup to be run remotely and location independent •  Started using Puppet in 2010 ▫  Official puppetlabs partner since 02-2012 ▫  Experience with large, medium and small infrastructures
  • 4. Checkup • Who is using puppet? Who's going to? Haven't decided yet? • Who is using puppet in production? ▫ Stored configs? Open source modules? Exported resources? Inventory service?
  • 5. Prerequisites • Good mood for tinkering • VirtualBox Debian 6.0.4 64bit VM • Internet connection (preferrably > 28k8)
  • 6. Doing the minimum prep • Get repository .deb package and install it ▫  This should be automated into your bootstrapping of course! # wget http://apt.puppetlabs.com/puppetlabs-release_1.0-3_all.deb # dpkg -i puppetlabs-release_1.0-3_all.deb # aptitude update # aptitude install puppetmaster-passenger puppet puppetdb puppetdb-terminus
  • 7. Adjust puppet config files •  /etc/puppet/puppetdb.conf [main] server = debian-puppetcamp.example.com port = 8081 •  /etc/puppet/puppet.conf [master] storeconfigs = true storeconfigs_backend = puppetdb •  /etc/puppet/routes.yaml master: facts: terminus: puppetdb cache: yaml
  • 8. Add permissions for inventory service •  Add permissions to auth.conf #NOTE: refine this on a production server! path /facts auth any method find, search allow *
  • 9. Set up SSL certs •  Run the ssl generating script #/usr/sbin/puppetdb-ssl-setup •  Set the generated password in jetty config file #cat /etc/puppetdb/ssl/puppetdb_keystore_pw.txt #vim /etc/puppetdb/conf.d/jetty.ini [..] key-password=tP35htAMH8PUcYVtCAmSVhYbf trust-password=tP35htAMH8PUcYVtCAmSVhYbf •  Set ownership for /etc/puppetdb/ssl #chown -R puppetdb:puppetdb /etc/puppetdb/ssl
  • 10. Check ssl certs •  Check ssl certs for puppetdb against puppet # keytool -list -keystore /etc/puppetdb/ssl/ keystore.jks Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry debian-puppetcamp.example.com, Jun 4, 2012, PrivateKeyEntry, Certificate fingerprint (MD5): D7:F1:03:5F:E0:1A:C3:DB:E1:23:C4:CE:43:FA:24:24 # puppet cert fingerprint debian- puppetcamp.example.com --digest=md5 debian-puppetcamp.example.com D7:F1:03:5F:E0:1A:C3:DB:E1:23:C4:CE:43:FA:24:24
  • 11. Restart •  Restart apache/passenger & puppetdb # /etc/init.d/puppetdb restart && apache2ctl restart •  Sit back and watch puppetdb log 2012-06-04 18:02:22,154 WARN [main] [bonecp.BoneCPConfig] JDBC username was not set in config! 2012-06-04 18:02:22,154 WARN [main] [bonecp.BoneCPConfig] JDBC password was not set in config! 2012-06-04 18:02:23,050 INFO [BoneCP-pool-watch-thread] [HSQLDB37B6BA305B.ENGINE] checkpointClose start 2012-06-04 18:02:23,109 INFO [BoneCP-pool-watch-thread] [HSQLDB37B6BA305B.ENGINE] checkpointClose end 2012-06-04 18:02:23,160 INFO [main] [cli.services] Starting broker 2012-06-04 18:02:24,890 INFO [main] [journal.Journal] ignoring zero length, partially initialised journal data file: db-1.log number = 1 , length = 0 2012-06-04 18:02:25,051 INFO [main] [cli.services] Starting 1 command processor threads 2012-06-04 18:02:25,063 INFO [main] [cli.services] Starting query server 2012-06-04 18:02:25,064 INFO [main] [cli.services] Starting database compactor (60 minute interval) 2012-06-04 18:02:25,087 INFO [clojure-agent-send-off-pool-1] [mortbay.log] Logging to org.slf4j.impl.Log4jLoggerAdapter(org.mortbay.log) via org.mortbay.log.Slf4jLog 2012-06-04 18:02:25,090 INFO [clojure-agent-send-off-pool-1] [mortbay.log] jetty-6.1.x 2012-06-04 18:02:25,140 INFO [clojure-agent-send-off-pool-1] [mortbay.log] Started SocketConnector@debian-puppetcamp.example.com:8080 2012-06-04 18:02:25,885 INFO [clojure-agent-send-off-pool-1] [mortbay.log] Started SslSocketConnector@debian-puppetcamp.example.com:8081
  • 12. Test run! •  Check for listening connections #netstat -ln | grep 808 tcp6 0 0 127.0.1.1:8080 :::* LISTEN tcp6 0 0 127.0.1.1:8081 :::* LISTEN •  Run puppet # puppet agent -t No LSB modules are available. info: Caching catalog for debian- puppetcamp.example.com info: Applying configuration version '1338804503' notice: Finished catalog run in 0.09 seconds
  • 13. Create git repo/get submodule •  Create a git repo of our puppet repository # git init Initialized empty Git repository in /etc/puppet/.git/ # git add * # git commit -m 'initial commit' [master (root-commit) bf0eff5] initial commit Committer: root <root@debian-puppetcamp.example.com> 6 files changed, 157 insertions(+), 0 deletions(-) create mode 100755 auth.conf create mode 100644 fileserver.conf create mode 100644 puppet.conf create mode 100644 puppetdb.conf create mode 100644 routes.yaml
  • 14. The first beginnings of a new world •  Add 2 nodes to /etc/puppet/manifests/site.pp node 'debian-puppetcamp.example.com' { file { '/tmp/puppet.txt': ensure => present, content => "This is host ${::hostname}n" } } node 'debian-node.example.com' { file { '/tmp/puppet.txt': ensure => present, content => "This is host ${::hostname}n" } }
  • 15. Adding a node •  Install puppet # aptitude install puppet •  Point to puppetmaster # vim /etc/hosts <ip_of_puppetmaster> puppet
  • 16. Signing the node •  Run puppet once to generate cert request # puppetd -t info: Creating a new SSL key for debian-node.example.com warning: peer certificate won't be verified in this SSL session info: Caching certificate for ca warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session info: Creating a new SSL certificate request for debian-node.example.com info: Certificate Request fingerprint (md5): 17:E0:87:45:F7:05:44:EE:F2:65:89:7B:56:62:CA:A9 warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session Exiting; no certificate found and waitforcert is disabled •  Sign the request on the master # puppet cert --list --all debian-node.example.com (17:E0:87:45:F7:05:44:EE:F2:65:89:7B:56:62:CA:A9) + debian-puppetcamp.example.com (64:A6:C8:9F:FC:50:3E:79:9D:0D:19:04:4B:29:68:D1) (alt names: DNS:debian-puppetcamp.example.com, DNS:puppet, DNS:puppet.example.com) # puppet cert --sign debian-node.example.com notice: Signed certificate request for debian-node.example.com notice: Removing file Puppet::SSL::CertificateRequest debian-node.example.com at '/var/lib/puppet/ ssl/ca/requests/debian-node.example.com.pem'
  • 17. Run puppet and check result •  Run puppet on node # puppetd -t warning: peer certificate won't be verified in this SSL session info: Caching certificate for debian-node.example.com No LSB modules are available. info: Caching certificate_revocation_list for ca info: Caching catalog for debian-node.example.com info: Applying configuration version '1338822174' notice: /Stage[main]//Node[debian-node.example.com]/File[/tmp/puppet.txt]/ensure: created info: Creating state file /var/lib/puppet/state/state.yaml notice: Finished catalog run in 0.06 seconds •  Check result # cat /tmp/puppet.txt This is Host debian-node •  Say “YEAH!”
  • 18. Adding a git submodule •  Clone the firewall submodule from github # git submodule add https://github.com/puppetlabs/puppetlabs- firewall.git modules/firewall Cloning into modules/firewall... remote: Counting objects: 1065, done. remote: Compressing objects: 100% (560/560), done. remote: Total 1065 (delta 384), reused 1012 (delta 341) Receiving objects: 100% (1065/1065), 158.69 KiB | 117 KiB/s, done. Resolving deltas: 100% (384/384), done. •  Commit it to the main repo # git add * && git commit -m 'Added 2 node defs and firewall submodule' [master d0bab6f] Added 2 node defs and firewall submodule Committer: root <root@debian-puppetcamp.example.com> 3 files changed, 17 insertions(+), 0 deletions(-) create mode 100644 .gitmodules create mode 100644 manifests/site.pp create mode 160000 modules/firewall
  • 19. Using the new firewall submodule •  Adjust manifests/site.pp node 'basenode' { @@firewall { "200 allow conns to the puppetmaster from ${::fqdn}": chain => 'INPUT', action => 'accept', proto => 'tcp', dport => 8140, source => $::ipaddress_eth1, tag => 'role:puppetmaster' } } #Our puppet master node 'debian-puppetcamp.example.com' inherits basenode { # Gather all Firewall rules here Firewall<<| tag == 'role:puppetmaster' |>> } # Our sample node node 'debian-node.example.com' inherits basenode { }
  • 20. Running puppet agent •  Execute puppet runs on both nodes root@debian-puppetcamp:/etc/puppet# puppetd -t info: Loading facts in /etc/puppet/modules/firewall/lib/facter/iptables.rb No LSB modules are available. info: Caching catalog for debian-puppetcamp.example.com info: Applying configuration version '1338825096' notice: /Firewall[200 allow conns to the puppetmaster from debian- puppetcamp.example.com]/ensure: created notice: Finished catalog run in 0.47 seconds root@debian-node:~# puppetd -t No LSB modules are available. info: Caching catalog for debian-node.example.com info: Applying configuration version '1338825096' notice: Finished catalog run in 0.03 seconds root@debian-puppetcamp:/etc/puppet# puppetd -t info: Loading facts in /etc/puppet/modules/firewall/lib/facter/iptables.rb No LSB modules are available. info: Caching catalog for debian-puppetcamp.example.com info: Applying configuration version '1338825096' notice: /Firewall[200 allow conns to the puppetmaster from debian- node.example.com]/ensure: created notice: Finished catalog run in 0.22 seconds
  • 21. Checking results •  Iptables on puppetmaster # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 192.168.0.111 anywhere multiport dports 8140 /* 200 allow conns to the puppetmaster from debian-node.example.com */ ACCEPT tcp -- 192.168.0.109 anywhere multiport dports 8140 /* 200 allow conns to the puppetmaster from debian-puppetcamp.example.com */ [..]
  • 22. Inventory service •  Query for all nodes having debian squeeze root@debian-puppetcamp:/etc/puppet# curl -k -H "Accept: yaml" https://puppet: 8140/production/facts_search/search?facts.lsbdistcodename=squeeze &facts.operatingsystem=Debian --- - debian-puppetcamp.example.com - debian-node.example.com •  Query for facts about a certain node root@debian-puppetcamp:/etc/puppet# curl -k -H "Accept: yaml" https://puppet:8140/production/facts/debian-puppetcamp.example.com --- !ruby/object:Puppet::Node::Facts expiration: 2012-06-04 18:38:21.174542 +08:00 name: debian-puppetcamp.example.com values: productname: VirtualBox Kernelmajversion: "2.6" ipaddress_eth0: 10.0.2.15 kernelversion: 2.6.32 [..]
  • 24. OlinData and Puppet •  Training ▫  Upcoming trainings: –  Singapore – August 6-8 –  Hyderabad – July 11-14 ▫  Cheaper then in the West (50% or more discount!) ▫  Expanding to 5 countries in 5 months •  Consulting ▫  Remote consulting worldwide ▫  Ongoing hands-on engineering ▫  Start from scratch or improve existing environment
  • 25. Walter Heck (walterheck@olindata.com) @walterheck / @olindata #PuppetCampSEA http://www.olindata.com Like us on Facebook: http://fb.me/olindata