Satellite 6 - Pupet Introduction

Migration to Satellite 6
Puppet introduction
Michael Lessard
Senior Solutions Architect, Red Hat
mlessard@redhat.com
michaellessard
November 2015

2 Migration to Satellite 6
Agenda
● Configuration management with Satellite 5.x
● Quick introduction to Satellite 6
● Introduction to Puppet
● Puppet installation (RHEL 6 and 7)
● Demonstration : deploy some files
● Puppet and Satellite 6
● Considerations if you want to move to Satellite 6

3
Satellite 5.x
Configuration management

Satellite 5.x – Configuration management features
● Manage all of your machines configurations from one
central location
● Create configuration channels for a machines or a
group of machines
● Create new files or upload existing config files
● Manage revision, compare versions
● Deploy configuration changes as part of config
management or associate with kickstart process

Row 1 Row 2 Row 3 Row 4
0
2
4
6
8
10
12
Column 1
Column 2
Column 3

Satellite 5.x – Configuration management cli
[r/]# rhncfg-manager create-channel rhel6-prod
Creating config channel rhel6-prod
[r/]# rhncfg-manager add --channel rhel6-prod /etc/hosts
Using server name satellitedemo.mlc.dom
Pushing to channel rhel6-prod
[r/]# rhncfg-manager diff --channel=rhel6-prod /etc/hosts
- 192.168.100.4 vm2.mlc.dom
+ 192.168.100.56 friday.mlc.dom
[r/]# rhncfg-client get /etc/hosts
Deploying /etc/hosts

Satellite 6 – Foundation
Content Management

Red Hat Satellite 5 & 6 Core Capabilities
✔ Provision 10s – 1000s
systems
✔ Configuration Management
✔ Automated Software
Distribution
✔ Lifecycle Management
✔ Administrator Dashboard
✔ Provision 10s – 10,000+ systems
✔ Recipe-Style Configuration
Management
✔ Automated Software Distribution
✔ Refined Lifecycle Management
✔ Customizable Dashboards
✔ Simplified Content Management
✔ Drift Management
✔ Federated Services &
Management
✔ Deploy on VMware, RHEV, EC2,
and OpenStack
Red Hat Satellite 5 Red Hat Satellite 6

13
Introduction to Puppet

What is Puppet ?
● Think of it as infrastructure code
● Describe stats, no step
● Paint a picture of your ideal and most clean system
Puppet does the rest
● Puppet focuses on managing constructs like users,
services and packages
● Puppet can detect the current state of the system
(Facter)
● Won’t make changes unless necessary

Puppet Architecture

PUPPET DSL
Example – managing ntp services with puppet
class ntp {
package { "ntp":
ensure => installed,
}
file { "ntp.conf":
path => '/etc/ntp.conf',
ensure => file,
require => Package[ "ntp" ],
source => "puppet:///modules/ntp/ntp.conf",
}
service { 'ntp':
name => 'ntpd',
ensure => running,
enable => true,
subscribe => File[ "ntp.conf" ],
}
}
PACKAGEPACKAGE
CONFIGURATIONCONFIGURATION
SERVICESERVICE

Example – managing sshd service
class sshd {
augeas { "sshd_config":
context => "/files/etc/ssh/sshd_config",
changes => [
"set PermitRootLogin yes",
"set UsePAM no",
],
notify => Service[ "sshd" ]
}
service { "sshd":
ensure => running,
enable => true,
hasrestart => true,
}
}
CONFIGURATIONCONFIGURATION
SERVICESERVICE

How does Puppet know about your system ?
● Using the Ruby library Facter
● Facter supports a large numbers of predefined facts
● Customs facts can be defined
# facter
architecture => x86_64
bios_vendor => Seabios
bios_version => 0.5.1
blockdevices => vda,vdb
interfaces => eth0,lo
ipaddress => 172.16.27.44
ipaddress_eth0 => 172.16.27.44
is_virtual => true
kernel => Linux
kernelmajversion => 2.6
kernelrelease => 2.6.32-431.el6.x86_64
kernelversion => 2.6.32
etc, ...

19
Installation

Installation Puppet server (RHEL 6 – April 2014)
[r/]# rhn-channel -a -c rhel-x86_64-server-optional-6
[r/]# rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
[r/]# yum install puppet-server puppet
[r/]# puppet --version
3.4.3
[r/]# chkconfig puppetmaster on ; service puppetmaster start
[r/]# chkconfig puppet on ; service puppet start
DON’T FORGET DNS RESOLUTION AND TIME SYNCHRONIZATION

Installation Puppet client (RHEL 6 – april 2014)
[r/]# rhn-channel -a -c rhel-x86_64-server-optional-6
[r/]# yum install puppet
[r/]# vim/etc/puppet/puppet.conf (add the following at the bottom)
server = puppet.example.com
runinterval = 120
[r/]# chkconfig puppet on ; service puppet start
On the puppetmaster server, sign the certs (possible to auto-sign)
[r/]# puppet cert sign puppet-client.example.com

Installation Puppet server (RHEL 7 - nov2015)
[r/]# rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
[r/]# yum install puppet-server puppet
[r/]# puppet --version
3.8.4
[r/]# systemctl start puppetmaster ; systemctl enable puppetmaster
[r/]# systemctl status puppetmaster

Installation Puppet client (RHEL 7 – Nov 2015)
[r/]# yum install puppet
[r/]# vim/etc/puppet/puppet.conf (add the following at the bottom)
server = puppet.example.com
runinterval = 120
[r/]# systemctl start puppet; systemctl enable puppet
On the puppetmaster server, sign the certs (possible to auto-sign)
[r/]# puppet cert list
[r/]# puppet cert sign puppet-client.example.com
DON’T FORGET DNS RESOLUTION AND TIME SYNCHRONISATION

24
Demonstration

Example 1/3 - deploy some files/directory
On the puppetmaster server :
[r/]# cd /etc/puppet/modules
[r/]# puppet module generate michael-specdirs
[r/]# mv michael-specdirs specdirs
[r/]# vim /etc/puppet/modules/specdirs/manifests/init.pp
class specdirs {
file { ['/test/','/test/etc','/test/etc/rc/','/test/etc/rc/shared']:
ensure => "directory",
owner => "root",
group => "root",
mode => "750",
}
}

Example 2/3
[r/]# vim /etc/puppet/manifests/site.pp
#-----------------------------------------------------
# site.pp
#-----------------------------------------------------
include specdirs
[r/]# puppet apply /etc/puppet/manifests/site.pp
Notice: Compiled catalog for puppetmaster.mlc.dom in environment production in 0.05
seconds
Notice: /Stage[main]/Specdirs/File[/test/]/ensure: created
Notice: /Stage[main]/Specdirs/File[/test/etc]/ensure: created
Notice: /Stage[main]/Specdirs/File[/test/etc/rc/]/ensure: created
Notice: /Stage[main]/Specdirs/File[/test/etc/rc/shared]/ensure: created
Notice: Finished catalog run in 0.09 seconds
On the puppet client :
Test the communication with the server
[r/]# puppet agent --test --waitforcert 60

Example 3/3
On the puppetmaster server :
[r/]# cd /etc/puppet/modules
[r/]# puppet module build specdirs
Notice: Building /etc/puppet/modules/mic-test for release
Module built: /etc/puppet/modules/specdirs/pkg/specdirs-0.1.0.tar.gz
You will be able to upload that module in Satellite 6
Red Hat Satellite 6 includes a utility called pulp-puppet-module-builder. This
tool checks out repositories containing a set of modules, builds the modules,
and publishes them in a structure for Satellite 6 to synchronize.

28
PUPPET AND SATELLITE 6

What Puppet does than Satellite 5 doesn’t
● Start/restart services
● Restart a service after a configuration change
● Create users, remove users
● Aware of your systems state
● Enforce something
● Manages BSD/*nix and Windows (2003, 2008, 7)
● Resources relationship
● Modify an existing configuration file

Puppet / Satellite 6 considerations
● Keep Puppet modules as modular as possible and
single tasked
● Using role and profile classes is recommended.
● This will allow users to map the modules or role and
profile classes to Satellite host groups.
● User should consider building module artifacts as
archives as if using Puppet Forge. This will allow
import of modules into Satellite 6 and for it to display
details of the module.
● Define Modulefiles for modules so dependencies are
explicitly declared

Puppet / Satellite 6 considerations
● Manifests inside of modules are supported, but
manifests containing classes outside of modules is
not supported
● The use of node definitions within manifests is not
supported
node vm1.example.com {
file { '/tmp/test.txt' :
content => "Bye bye !!n",
}
}
● Hiera function are supported. (Foreman, alt: smart
variables)

Puppet Forge
● A community driven web service
● A repository of modules
[r/]# puppet module list
[r/]# puppet module search apache
[r/]# puppet module install puppetlabs-apache
[r/]# puppet module upgrade puppetlabs-apach –version -.0.3
http://docs.puppetlabs.com/guides/module_guides/bgtm.html

Puppet debugging notes
● Port 8140
● Cert troubles
● yum remove puppet
● rm -rf /var/lib/puppet
● rm -rf /etc/puppet
● On master
# puppet cert list (to see which ones require a signature)
# puppet cert list --all (show all certificates)
# puppet cert clean vm1.mlc.dom
# puppet cert revoke vm1.mlc.dom

Scaling Puppet
● WEBrick, default webserver, 10 nodes max
● Passenger (sat6) or Mongrel
● Passenger : mod_rail or mod_rack (Apache 2 module)
● Don’t use the deamon, use cronjob
● Puppet agent --onetime
● No central host (rsync, git) - scales infinitely
● More tricks in the puppet documentation

36
Questions ?

37
THANK YOU !
Michael Lessard
Senior Solutions Architect, Red Hat
mlessard@redhat.com
michaellessard

Satellite 6 - Pupet Introduction

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to Satellite 6 - Pupet Introduction (20)

Recently uploaded (20)

Satellite 6 - Pupet Introduction