Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
linux:puppet [2014/11/06 20:13]
admin 		linux:puppet [2018/09/25 15:48]
admin
Line 1: Line 1:
-1. add puppet to your /etc/hosts+====== Client side ===== 
 +First 
 +   apt install puppet 
 +    
 +You can choose how to reach the server by configuring it or using dns, which is a    great advantage if you have all the servers in one domain. 
 +==== Config way ==== 
 +   ​puppet config set server puppet.starlab.cz 
 + 
 +==== DNS way ==== 
 + 
 +  - make sure you have properly setup hostname in /​etc/​hostname and /​etc/​hosts 
 +  - add puppet to your /etc/hosts
 <file /​etc/​hosts>​ <file /​etc/​hosts>​
 10.0.4.60 puppet puppet.starlab.cz 10.0.4.60 puppet puppet.starlab.cz
Line 7: Line 18:
 212.20.102.91 puppet puppet.starlab.cz 212.20.102.91 puppet puppet.starlab.cz
 </​file>​ </​file>​
- +  - initiate connection to server<code bash> 
-<code bash> +xen-starlab:~# puppetd --server puppet --test 
-xen-jpcomp:~# puppetd --server puppet --test +info: Creating a new SSL key for xen.starlab.cz
-info: Creating a new SSL key for xen-jpcomp.jpcomp.cz+
 info: Caching certificate for ca info: Caching certificate for ca
-info: Creating a new SSL certificate request for xen-jpcomp.jpcomp.cz+info: Creating a new SSL certificate request for xen.starlab.cz
 info: Certificate Request fingerprint (md5): AA:​A6:​EA:​69:​9A:​35:​91:​C2:​EA:​8B:​CF:​B4:​70:​8E:​2E:​4B info: Certificate Request fingerprint (md5): AA:​A6:​EA:​69:​9A:​35:​91:​C2:​EA:​8B:​CF:​B4:​70:​8E:​2E:​4B
 Exiting; no certificate found and waitforcert is disabled Exiting; no certificate found and waitforcert is disabled
 +</​code>​
 +v novejsi verzi puppetu:
 +<code bash>
 +xen-starlab:​~#​ puppet agent --server puppet --test
 </​code>​ </​code>​
  
 ====== server side ====== ====== server side ======
 +The service seems to be running properly
 netstat'​s output - port 8140 netstat'​s output - port 8140
 <​code>​ <​code>​
Line 23: Line 38:
 </​code>​ </​code>​
  
 +Hey! We have a new client
 +
 +  root@ibm:~# puppet cert --list
 +    "​xen.starlab.cz"​ (AA:​A6:​EA:​69:​9A:​35:​91:​C2:​EA:​8B:​CF:​B4:​70:​8E:​2E:​4B)
 +
 +So sign it!
 +  puppet cert --sign xen.starlab.cz
 +  notice: Signed certificate request for xen.starlab.cz
 +  notice: Removing file Puppet::​SSL::​CertificateRequest xen.starlab.cz at '/​path/​to.pem'​
 +  ​
 +  ​
 +====== Client side again =====
 +  puppetd --server puppet --waitforcert 80 --test
 +**Warning** **--test** doesn'​t mean '​test',​ it is a short for:
 +
 +''​ ´onetime´,​ ´verbose´,​ ´ignorecache´,​ ´no-daemonize´,​ ´no-usecacheonfailure´,​ ´detailed-exit-codes´,​ ´no-splay´,​ and ´show_diff´''​
 + 
 +
 +Here is the output:
 +<​code>​
 +xen-starlab:​~#​ puppetd --server puppet --waitforcert 80 --test
 +info: Caching catalog for xen.starlab.cz
 +info: Applying configuration version '​1413471896'​
 +notice: /​Stage[main]//​File[nrpe_local.cfg]/​content: ​
 +--- /​etc/​nagios/​nrpe_local.cfg ​ 2013-03-09 08:​53:​33.000000000 +0100
 ++++ /​tmp/​puppet-file20141106-21693-vorhz2-0 ​    ​2014-11-06 20:​57:​19.823561813 +0100
 +@@ -1,3 +1,10 @@
 +-######################################​
 +-# Do any local nrpe configuration here
 +-######################################​
 ++command[check_users]=/​usr/​lib/​nagios/​plugins/​check_users -w 5 -c 10
 ++command[check_load]=/​usr/​lib/​nagios/​plugins/​check_load -w 15,10,5 -c 30,25,20
 ++command[check_disk]=/​usr/​lib/​nagios/​plugins/​check_disk -w 8% -c 4% 
 ++command[check_zombie_procs]=/​usr/​lib/​nagios/​plugins/​check_procs -w 5 -c 10 -s Z
 ++command[check_total_procs]=/​usr/​lib/​nagios/​plugins/​check_procs -w 150 -c 200 
 ++command[check_apt]=/​usr/​lib/​nagios/​plugins/​check_apt
 ++command[check_linux_raid]=/​usr/​lib/​nagios/​plugins/​check_linux_raid
 ++command[check_rdiff]=sudo /​usr/​lib/​nagios/​plugins/​check_backup_storage
 ++command[check_smart]=sudo /​usr/​lib/​nagios/​plugins/​check_smart
 ++command[check_ipmi]=/​usr/​lib/​nagios/​plugins/​check_ipmi
 +
 +info: FileBucket adding {md5}19c1c67393a0b6002f4595b535c71cc2
 +info: /​Stage[main]//​File[nrpe_local.cfg]:​ Filebucketed /​etc/​nagios/​nrpe_local.cfg to puppet with sum 19c1c67393a0b6002f4595b535c71cc2
 +notice: /​Stage[main]//​File[nrpe_local.cfg]/​content:​ content changed '​{md5}19c1c67393a0b6002f4595b535c71cc2'​ to '​{md5}d8116d9a68b755368037d6bc08d3f1db'​
 +notice: Finished catalog run in 0.44 seconds
 +</​code>​
 +
 +Create a cron job
 +<​code>​
 +    puppet resource cron puppet-agent ensure=present user=root minute=30 command='/​usr/​bin/​puppet agent --onetime --no-daemonize --splay'​
 +</​code>​
 +
 +Output:
 +<​code>​
 +notice: /​Cron[puppet-agent]/​ensure:​ created
 +cron { '​puppet-agent':​
 +  ensure ​ => '​present',​
 +  command => '/​usr/​bin/​puppet agent --onetime --no-daemonize --splay',​
 +  minute ​ => ['​30'​],​
 +  target ​ => '​root',​
 +  user    => '​root',​
 +}
 +</​code>​
 +and the cron line is not system wide, but root's
 +<code bash>
 +server:~# crontab -l
 +# HEADER: This file was autogenerated at Thu Nov 06 21:21:15 +0100 2014 by puppet.
 +# HEADER: While it can still be managed manually, it is definitely not recommended.
 +# HEADER: Note particularly that the comments starting with '​Puppet Name' should
 +# HEADER: not be deleted, as doing so could cause duplicate cron jobs.
 +# Puppet Name: puppet-agent
 +30 * * * * /​usr/​bin/​puppet agent --onetime --no-daemonize --splay
 +</​code>​
 +
 +Why cron job instead of daemon? Cron job can sometimes perform better and use less memory. ​
 
linux/puppet.txt · Last modified: 2019/01/28 15:16 by admin