dracoblue.net

Setup Puppet Host with Git

I want to share the way, how I manage hosts with puppet. Let's say we have a new box, which runs ubuntu.

First of all I install latest puppet and configure a hostname.

We have to check if puppet is properly installed (e.g. 3.4):

# puppet --version
3.4.0

Then we have to check if the hostname looks good with puppet's facter:

# facter fqdn
hans.example.org

As you can see I don't use the final domain name as hostname, but a subdomain (in this example hans). This helps if the machine is used for a different purpose or if the domain is used for multiple domains afterwards.

Since the puppet configuration will be managed and hosted on a private github.com or bitbucket.org repository, I need a ssh public key on the machine (I do not use a password here):

# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:

Afterwards we add the content of the resulting /root/.ssh/id_rsa.pub as deploy key to the repository on github/bitbucket.

Now we need to install git:

# apt-get install git

Commit the content of the file /etc/puppet/puppet.conf to the newly created git repository. In my case the file looked like this:

[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates

[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY

Additionally I add a folder manifests and a file in it called default.pp with the following contents:

package { 'wget':
}

package { 'curl':
}

package { 'htop':
}

package { 'vim':
}

package { 'tree':
}

package { 'unzip':
}

Your repository looks like this now:

puppet.conf
manifests\
  default.pp

If you committed thepuppet.conf file, you can now safely remove the existing /etc/puppet directory. It should be nearly empty anyways (only empty folders and a puppet.conf)!

# rm /etc/puppet

Now clone the git repository into the folder /etc/puppet (e.g. user ExampleOrg with repository hans-box on github):

# git clone [email protected]:ExampleOrg/hans-box.git /etc/puppet
Cloning into '/etc/puppet'...
remote: Counting objects: 7, done.
remote: Compressing objects: 100% (5/5), done.
remote: Total 7 (delta 1), reused 3 (delta 0)
Receiving objects: 100% (7/7), done.
Resolving deltas: 100% (1/1), done.

So our /etc/puppet config is now version controlled. Since we added the keys only as deploy keys, we can't be tempted to fix things on the live machine, since we can't commit them anyways.

To update the machine, I run the following command (as root):

# cd /etc/puppet/ && git pull origin master && puppet apply /etc/puppet/manifests/default.pp

If you run this for the first time:

From github.com:ExampleOrg/hans-box
 * branch            master     -> FETCH_HEAD
Already up-to-date.
Notice: Compiled catalog for hans.example.org in environment production in 0.05 seconds
Notice: /Stage[main]/Main/Package[tree]/ensure: ensure changed 'purged' to 'present'
Notice: /Stage[main]/Main/Package[curl]/ensure: ensure changed 'purged' to 'present'
Notice: /Stage[main]/Main/Package[htop]/ensure: ensure changed 'purged' to 'present'
Notice: /Stage[main]/Main/Package[vim]/ensure: ensure changed 'purged' to 'present'
Notice: /Stage[main]/Main/Package[unzip]/ensure: ensure changed 'purged' to 'present'
Notice: Finished catalog run in 9.82 seconds

then you will have htop and vim installed, finally!

Next run will be much faster:

From github.com:ExampleOrg/hans-box
 * branch            master     -> FETCH_HEAD
Already up-to-date.
Notice: Compiled catalog for hans.example.org in environment production in 0.05 seconds
Notice: Finished catalog run in 0.10 seconds

Happy administrating!

In open source, puppet, ubuntu by @ 23 Dec 2013

comments powered by Disqus

Recent Files

Advertisement

Recent Dev-Articles

Read recently

About

Blogroll