Setting up Puppetmaster and Puppetd for Automation of Centralized package deployment and repairing of broken packages
Introduction:
Puppet is a concept and is useful for Large Organizations which require automated install,repair,upgrade mass package deployments on all or on some systems that too without any human intervention. You can say that is where Linux offers Automation.
In puppet Architecture we have one Centralized Linux (CDS) server which have one resource location mounted through NFS to all Clients or PuppetD’s.Which contains all compiled packages in the form of e builds repositories.
So whenever we want to deploy any package,application from our CDS to all CLD’s we can do that through following configurations.If by mistake or through manual intervention the deployed package gets corrupt or is uninstalled it is back in system repaired or installed with half an hour.
As CDS Puppet Master does a routine check to all CLD’s connected and mentioned in Manifest.
Puppet Master -Puppetd
# Create a file named puppet in /etc/portage/package.keywords/puppet
# vim /etc/portage/package.keywords/puppet
# Add the following lines in to the file
# app-admin/puppet ~x86
# app-portage/eix ~x86
# app-arch/xz-utils ~x86
# emerge -av =app-admin/puppet-0.25.1-r1
Let it emerge
Do the same on client PC
Now on server after the completion of emerge run eix-update
On server, /etc/init.d/./puppetmaster start
Now to add puppet on startup rc-update add puppetmaster default
Now on server create a file in — vim /etc/puppet/manifests/site.pp
We add politics $todo, we can find the same by eix package name or by going to overlay gentoo site http://gpo.zugaina.org/Search?search=java+6
So following is the Manifest for you that does the trick!!
node "new.vccorp.com", "client" {
include minimal_soft
#include wks_soft
}
node default {
include unix
}
class minimal_soft {
$todo = [ "net-misc/netstat-nat", "app-emulation/wine", "x11-misc/xpad" ]
package { $todo:
ensure => 'present'
}
}
class unix {
file { "/etc/passwd":
owner => "root",
group => "root",
mode => 644,
} }
Note * Nodes should be the name of client host names and save the file as site.pp
I have picked three packages wine, xpad and netstat as an example.
Now move to client Machine
# vim /etc/puppet/puppet.conf
# In [puppetd] section add server = CDS ip
[puppetd]
server = Calculate
and save the file
Note * Client machine should be able to ping calculate.Here Calculate is the domain name of my CDS, Please replace as per yours.
Now on client we will do certificate verification:
# puppetd –verbose –test
# It will give an error saying *Warning peer certificate won’t be verified in this SSL Session
Now on Server we will verify the certificate sent by client , so that in the future that particular pc will not have any problem in downloading the updates.
# puppetca --list *will display the client host name requesting for cert verification)
# puppetca --sign *enter client host name for ex:puppetca --sign client
# It will display Signed certificate request for client
# Notice: Removing file puppet: :SSL : : Certificate Request client at 'var/lib/puppet/ssl/ca/requests/client
# Now on Nfs share that is mounted /usr/calculate/share/ create a folder named pkg32
# Add the following two lines to vim /etc/make.conf
# PKGDIR="/usr/calculate/share/pkg32"
# EMERGE_DEFAULT_OPTS="-k"
# Add the same two lines in the same file in Client as well in /etc/make.conf
Now on Admin client pc that have CLD ,We will compile the package,that will extracted only and save the package in Nfs share that will be available to all clients,Reason for that we don’t do in Server is library files during compilation may get corrupted or not downloaded ,hence it may effect other files and system applications.We will use emerge -B (package name) ,-B is used to compile the build and not to install.
*Note i have used Admin client and have used CLDK so that on my CDS space is not much occupied and if some package gets corrupt or malfunctions my CDS which have many other important things configured is not adversely effected.
# emerge -B x11-misc/xpad
# emerge -B app-emulation/wine
# Politics can be found by eix package name or on site
http://gpo.zugaina.org/Search?search=java+6
Now see whether out nfs share have that package available:
ls /usr/calculate/share/pkg32/
If it have then follow these steps on client
# puppetd –verbose –test
# It will say caching and applying
# In another console type tail -f /var/log/emerge.log to see the deployment in logs to crosscheck
# To have updates synchronized in every 30 minutes ,Puppetd will see if the package is installed or not , If yes it will not do anything and will look for other packages status for installation,else if no then it will install the package.To do so type on CLD, /etc/init.d/./puppet start
# To add the updates installed/checked/verified on every reboot type on CLD ,
rc-update add puppet default
Now our client is verified and ready to download updates.
To check,download,repair and for a routine check for all nodes and system joined in rgcorp domain, Puppetmaster will check all puppetd clients in every half an hour.