Difference between revisions of "Setup puppet"
(Created page with "Puppet is a configuration management software which has a server providing the configuration and agents which request configuration from the server. Puppet itself is now (as...") |
|||
| Line 96: | Line 96: | ||
Password must be the one for the puppetdb database entered in postgreSQL before. | Password must be the one for the puppetdb database entered in postgreSQL before. | ||
| − | Check setup with <code>sudo puppetdb ssl-setup</code> | + | Check setup with <code>sudo /opt/puppetlabs/bin/puppetdb ssl-setup</code> |
and add /etc/puppetlabs/puppet/puppetdb.conf with | and add /etc/puppetlabs/puppet/puppetdb.conf with | ||
Latest revision as of 18:29, 5 September 2025
Puppet is a configuration management software which has a server providing the configuration and agents which request configuration from the server.
Puppet itself is now (as of 2023) owned by Perforce and they decided to move it to closed-source. The community did not like that so they came up with a fork called 'openvox' (see [this article] and [the github of the fork]).
For legal reasons the package is renamed to openvox, but all commands and paths including 'puppet' are still kept (as of 2025).
Installing puppet
To install puppet three components are required: The agent, the server, and the database (not really required, but helps to reduce load).
Installing the server
Essentially follow [this page], that is, download the .dep file and install openvox-server. If puppet was installed before on this machine it has to be removed first. I had some issues keeping the old configuration. I think this is due to configuration being stored in some generated files. I was successful by backing only relevant config files and delete all folders related to puppet (/etc/puppetlabs, /opt/puppetlabs, /var/puppetlabs).
Once the server is installed change /etc/puppetlabs/puppet/puppet.conf to
[main] server = cygnus.sternwarte.uni-erlangen.de runtimeout = 10800 [agent] splay=true environment=noble runinterval=1800 number_of_facts_soft_limit=4096 [server] server = cygnus.sternwarte.uni-erlangen.de ca_server = cygnus.sternwarte.uni-erlangen.de vardir = /opt/puppetlabs/server/data/puppetserver logdir = /var/log/puppetlabs/puppetserver rundir = /var/run/puppetlabs/puppetserver pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid codedir = /etc/puppetlabs/code tagmap = $confdir/tagmail.conf reports = tagmail,puppetdb storeconfigs = true storeconfigs_backend = puppetdb allow_duplicate_certs = true
(here 'cygnus' is the server name puppet is supposed to run on, change accordingly).
Normally puppet requires signed certificates so there is control of who accesses the configuration. This is a bit annoying, so we allow auto-signing. For this add /etc/puppetlabs/puppet/autosign.conf with
*.sternwarte.uni-erlangen.de
to allow all hosts matching this pattern to get a config.
A 'systemctl start puppetserver' should spin up the server from here.
Installing agent
For the agent on each machine install 'openvox-agent' (similar to server, better get rid of previous puppet stuff). Add the same config (the [server] section is not needed), change the environment accordingly. And fire it up with 'systemctl start puppet'.
Now in principle a 'sudo /opt/puppetlabs/bin/puppet agent -t' requests the configuration for the current node. However, this will fail as we set the server to use the puppetdb, which is not yet there. So to finish of we need to
Install the puppet database
This requires that postgreSQL is installed on the server (we have the db and the puppetserver on the same machine). Setup a table for puppetdb, for this change to the postgres users (sudo su - postgres). Create a table with createuser -DRSP puppetdb. This will ask for a password (twice).
Now create the database with createdb -E UTF8 -O puppetdb puppetdb.
Install necessary addons with psql puppetdb -c 'create extension pg_trgm' and leave the postgres user.
For puppet check latest versions with
sudo /opt/puppetlabs/bin/puppet resource package openvoxdb ensure=latest sudo /opt/puppetlabs/bin/puppet resource package openvoxdb-termini ensure=latest
Notice the package names!
It is necessary to add the config values to /etc/puppetlabs/puppetdb/conf.d/database.ini as
[database] # The database address, i.e. //HOST:PORT/DATABASE_NAME subname = //localhost:5432/puppetdb # Connect as a specific user username = puppetdb # Use a specific password password = RemeisPuppet # How often (in minutes) to compact the database # gc-interval = 60
Password must be the one for the puppetdb database entered in postgreSQL before.
Check setup with sudo /opt/puppetlabs/bin/puppetdb ssl-setup
and add /etc/puppetlabs/puppet/puppetdb.conf with
[main] server_urls = https://cygnus.sternwarte.uni-erlangen.de:8081
(server name again must be changed if necessary).
Lastly, add /etc/puppetlabs/puppet/routes.yaml with
master:
facts:
terminus: puppetdb
cache: yaml
and spin up the database with 'systemctl start puppetdb' (if this does not complete chances are that the database PW is wrong, unfortunately this does not error meaningfully per default).
Restart the server ('systemctl restart puppetserver') and run puppet from a node again. Everything should work now!