Installation
Client
- Le client doit faire un ping du serveur puppet, au pire renseigner le fichier /etc/hosts.
Debian
apt-get install ca-certificates
wget https://apt.puppetlabs.com/puppetlabs-release-pc1-jessie.deb
dpkg -i puppetlabs-release-pc1-jessie.deb
apt-get update
apt-get install puppet-agent
- Pour un conteneur lxc, vu que systemd ne fonctionne pas
wget https://raw.githubusercontent.com/jbsky/jbsky/master/proxmox/init.d/puppet-agent
chmod +x puppet-agent
mv puppet-agent /etc/init.d/
insserv puppet-agent
CentOS
rpm -Uvh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
yum install puppet-agent
From Source
apt-get install hiera facter
wget https://downloads.puppetlabs.com/puppet/puppet-4.10.0.tar.gz
tar xvf puppet-4.10.0.tar.gz
cd puppet-4.10.0
ruby ./install.rb
cat > /etc/systemd/system/puppet-agent << EOF
[Unit]
Description=Puppet Agent Daemon
After=networking.service
[Service]
Type=simple
ExecStart=/usr/bin/puppet agent --waitforcert=500 --config=/etc/puppetlabs/puppet/puppet.conf --debug
[Install]
WantedBy=multi-user.target
EOF
Fichier de config
cat > /etc/puppetlabs/puppet/puppet.conf << EOF
[main]
certname = `hostname -A | tr "[:upper:]" "[:lower:]"`
server = puppet
environment = production
runinterval = 1h
EOF
Nettoyage
find /etc/puppetlabs/puppet/ssl -name `hostname -A` -delete
puppet agent -t
puppet cert clean fqdn
Serveur
apt-get install puppetserver ruby-passenger
cat > cat /etc/puppetlabs/puppet/puppet.conf << EOF
[master]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
dns_alt_names = `hostname -A | tr "[:upper:]" "[:lower:]"`,`hostname | tr "[:upper:]" "[:lower:]"`
factpath=\$vardir/lib/facter
templatedir=\$confdir/templates
pluginsync = true
[main]
certname = `hostname -A`
server = `hostname -A`
environment = production
runinterval = 1h
EOF
- fixer la quantité de RAM dans le fichier /etc/default/puppetserver
JAVA_ARGS="-Xms1g -Xmx1g -XX:MaxPermSize=256m"
Configuration
Inscription des clients
- À exécuter sur le serveur
/opt/puppetlabs/bin/puppet cert list
/opt/puppetlabs/bin/puppet cert sign --all
Test de l’agent
- À exécuter sur le client :
/opt/puppetlabs/bin/puppet agent --test
puppet config print
facter --show-legacy
Fonctionnement Général
- Tout se passe sur le serveur. Le point de départ de lecture de pupper est le fichier :
/etc/puppetlabs/code/environments/production/manifests/site.pp
- site.pp la liste des nodes avec les classes à appliquer.
- En général, on va réutiliser les modules déjà créés, « ne pas réinventer la roue! ».
Les modules
Pour créer un module, il faut :
- un répertoire du nom du modules avec le sous répertoire manifests
- un fichier fichier init.pp dans le répertoire manifests.
À installer de base :
puppet module install puppetlabs-stdlib
puppet module install puppetlabs-concat
exemple : default
- Création des dossier templates & manifests
mkdir -p /etc/puppetlabs/code/environments/production/modules/defaults/{templates,manifests}
- Le fichier suivant contient toutes les classes
cat > /etc/puppetlabs/code/environments/production/modules/defaults/manifests/init.pp << EOF
class defaults {
include ::defaults::motd
include ::defaults::install
# include ::defaults::purge
include ::defaults::bashrc
include ::defaults::liquidprompt
include ::defaults::apt
}
EOF
installer/purger les paquets
class
cat >> /etc/puppetlabs/code/environments/production/modules/defaults/manifests/init.pp << EOF
class defaults::install {
# Check OS and request the appropriate function
case \$::operatingsystem {
'Debian' : {
\$packages_list = [
'snmpd',
'nano',
'lsof',
'bash-completion',
'git',
]
}
}
package {
\$packages_list:
ensure => 'installed';
}
}
class defaults::purge {
# Check OS and request the appropriate function
case \$::operatingsystem {
'Debian' : {
\$packages_list = [
'rpcbind' # Proxmox require
]
}
}
package {
\$packages_list:
ensure => 'purged';
}
}
EOF
mettre à jour le message d’accueil
- Installation du paquet pour taguer le nom dans motd.
apt-get install figlet
template
cat > /etc/puppetlabs/code/environments/production/modules/default/templates/motd.erb << EOF
<%= @ascii %>
================================================================================
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.
================================================================================
<%= @virtual %> : <%= @fqdn %>
<%= @operatingsystem %> <%= @full %> <%= @architecture %>
uptime : <%= @uptime %>
RAM : <%= @memoryfree.to_i %>/<%= @memorysize.to_i %>
swap : <%= @swapfree_mb.to_i %>/<%= @swapsize.to_i %>
EOF
class
cat >> /etc/puppetlabs/code/environments/production/modules/defaults/manifests/init.pp << EOF
class defaults::motd
{
\$ascii = generate('/bin/sh', '-c', "/usr/bin/figlet -c -w 60 \${hostname}")
file {
'/etc/motd':
ensure => present,
content => template("defaults/motd.erb"),
mode => "644",
owner => root,
group => root;
}
}
EOF
installer liquidprompt
template
wget https://raw.githubusercontent.com/nojhan/liquidprompt/master/liquidprompt
mv liquidprompt /etc/puppetlabs/code/environments/production/modules/default/templates/
class
cat >> /etc/puppetlabs/code/environments/production/modules/defaults/manifests/init.pp << EOF
class defaults::liquidprompt
{
file {
'/usr/local/sbin/liquidprompt':
ensure => present,
content => template("defaults/liquidprompt"),
mode => "770",
owner => root,
group => root;
}
}
EOF
mettre a jour /root/.bashrc
template
cat >> /etc/puppetlabs/code/environments/production/modules/default/templates/bashrc << EOF
PATH=\$PATH:/opt/puppetlabs/bin
if [ -f /etc/bashrc ]; then
. /etc/bashrc
elif [ -f /etc/bash.bashrc ]; then
. /etc/bash.bashrc
fi
# The following lines are only for interactive shells
\$- = *i* || return
# Use Bash completion, if installed
if [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
# Use Liquid Prompt
source /usr/local/sbin/liquidprompt
EOF
class
cat >> /etc/puppetlabs/code/environments/production/modules/defaults/manifests/init.pp << EOF
class defaults::bashrc
{
file {
'/root/.bashrc':
ensure => present,
content => template("defaults/bashrc"),
mode => "644",
owner => root,
group => root;
}
}
EOF
mettre à jour le fichier sources.list
class
cat >> /etc/puppetlabs/code/environments/production/modules/defaults/manifests/init.pp << EOF
class defaults::apt
{
# Check OS and request the appropriate function
case \$::operatingsystem {
'Debian' : {
case \$::operatingsystemmajrelease {
"7" : { \$lsbdistcodename="wheezy"}
"8" : { \$lsbdistcodename="jessie"}
"9" : { \$lsbdistcodename="stretch"}
default:{ \$lsbdistcodename="stable"}
}
case \$::architecture {
default: { \$arch = 'defaults/sources.list' }
}
file {
'/etc/apt/sources.list':
ensure => present,
content => template(\$arch),
mode => "644",
owner => root,
group => root;
}
}
}
}
EOF
template
cat > /etc/puppetlabs/code/environments/production/modules/default/templates/motd.erb << EOF
deb http://ftp.fr.debian.org/debian <%= @lsbdistcodename %> main contrib non-free
deb http://ftp.fr.debian.org/debian <%= @lsbdistcodename %>-updates main contrib non-free
deb http://security.debian.org <%= @lsbdistcodename %>/updates main contrib non-free
deb http://ftp.fr.debian.org/debian <%= @lsbdistcodename %>-backports main contrib non-free
EOF
ntp
puppet module install puppetlabs-ntp
dhcp
puppet module install theforeman-dhcp
site.pp
Toute machine n’appartenant pas à un noeud appartient à default.
- Exemple de configuration avec DHCP failover, NTP et les tweaks par default.
node default {
class { '::ntp':
servers => [ '${SVR_NTP_IP}' ],
restrict => [
'default ignore',
'-6 default ignore',
'127.0.0.1',
'-6 ::1',
'${SVR_NTP_IP} nomodify notrap nopeer noquery',
],
}
include [
'::ntp',
'::defaults',
]
}
node '${SVR_NTP_FQDN}'
{ class { '::ntp':
servers => [ 'ntp.midway.ovh', 'ntp.unice.fr' ],
restrict => [],
};
include [
'::ntp',
'::defaults',
]
}
node '${SRV_DHCP_FQDN}'
{
class { 'dhcp':
dnsdomain => [
'domaine.local',
'0.168.192.in-addr.arpa',
],
nameservers => ['192.168.0.1'],
interfaces => ['eth0'],
ntpservers => ['192.168.0.10','192.168.0.11'],
}
dhcp::pool{ 'dhcp.domaine.local':
network => '192.168.0.0',
mask => '255.255.255.0',
range => ['192.168.0.200 192.168.0.220'],
gateway => '192.168.0.254',
failover=> 'dhcp-failover',
}
dhcp::host {
'WIFI_PC': mac=>"00:7c:07:01:07:01",ip=>"192.168.0.100";
}
class { '::dhcp::failover':
peer_address => '192.168.0.21',
role => 'primary',
address => '192.168.0.20',
port => '520',
max_response_delay => '60',
max_unacked_updates => '10',
mclt => '300',
load_split => '128',
load_balance =>'3',
};
include [
'::dhcp::failover',
'::defaults',
'::ntp',
]
}