[Show page]
[Old revisions]
[[unknown link type]]
[
]

Differences

This shows you the differences between two versions of the page.

--- linux:puppet [2014/11/06 20:11]
admin created
+++ linux:puppet [2019/01/28 15:16] (current)
admin [Client side again]
@@ Line 1: / Line 1: @@
-. add puppet to your /etc/hosts
+====== Client side =====
+First
+   apt install puppet
+You can choose how to reach the server by configuring it or using dns, which is a    great advantage if you have all the servers in one domain.
+==== Config way ====
+   puppet config set server puppet.starlab.cz
+==== DNS way ====
+  - make sure you have properly setup hostname in /etc/hostname and /etc/hosts
+  - add puppet to your /etc/hosts
 <file /etc/hosts>
 .0.4.60 puppet puppet.starlab.cz
@@ Line 7: / Line 18: @@
 .20.102.91 puppet puppet.starlab.cz
 </file>
+  - initiate connection to server<code bash>
-<code bash>
+xen-starlab:~# puppetd --server puppet --test
-xen-jpcomp:~# puppetd --server puppet --test
+info: Creating a new SSL key for xen.starlab.cz
-info: Creating a new SSL key for xen-jpcomp.jpcomp.cz
 info: Caching certificate for ca
-info: Creating a new SSL certificate request for xen-jpcomp.jpcomp.cz
+info: Creating a new SSL certificate request for xen.starlab.cz
 info: Certificate Request fingerprint (md5): AA:A6:EA:69:9A:35:91:C2:EA:8B:CF:B4:70:8E:2E:4B
 Exiting; no certificate found and waitforcert is disabled
+</code>
+v novejsi verzi puppetu:
+<code bash>
+xen-starlab:~# puppet agent --server puppet --test
 </code>
+====== server side ======
+The service seems to be running properly
+netstat's output - port 8140
+<code>
+tcp        0      0 0.0.0.0:8140            0.0.0.0:*               LISTEN      22428/ruby1.8
+</code>
+Hey! We have a new client
+  root@ibm:~# puppet cert --list
+    "xen.starlab.cz" (AA:A6:EA:69:9A:35:91:C2:EA:8B:CF:B4:70:8E:2E:4B)
+So sign it!
+  puppet cert --sign xen.starlab.cz
+  notice: Signed certificate request for xen.starlab.cz
+  notice: Removing file Puppet::SSL::CertificateRequest xen.starlab.cz at '/path/to.pem'
+====== Client side again =====
+  puppetd --server puppet --waitforcert 80 --test
+**Warning** **--test** doesn't mean 'test', it is a short for:
+'' ´onetime´, ´verbose´, ´ignorecache´, ´no-daemonize´, ´no-usecacheonfailure´, ´detailed-exit-codes´, ´no-splay´, and ´show_diff´''
+Here is the output:
+<code>
+xen-starlab:~# puppetd --server puppet --waitforcert 80 --test
+info: Caching catalog for xen.starlab.cz
+info: Applying configuration version '1413471896'
+notice: /Stage[main]//File[nrpe_local.cfg]/content:
+--- /etc/nagios/nrpe_local.cfg  2013-03-09 08:53:33.000000000 +0100
++++ /tmp/puppet-file20141106-21693-vorhz2-0     2014-11-06 20:57:19.823561813 +0100
+@@ -1,3 +1,10 @@
+-######################################
+-# Do any local nrpe configuration here
+-######################################
++command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10
++command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
++command[check_disk]=/usr/lib/nagios/plugins/check_disk -w 8% -c 4%
++command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z
++command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200
++command[check_apt]=/usr/lib/nagios/plugins/check_apt
++command[check_linux_raid]=/usr/lib/nagios/plugins/check_linux_raid
++command[check_rdiff]=sudo /usr/lib/nagios/plugins/check_backup_storage
++command[check_smart]=sudo /usr/lib/nagios/plugins/check_smart
++command[check_ipmi]=/usr/lib/nagios/plugins/check_ipmi
+info: FileBucket adding {md5}19c1c67393a0b6002f4595b535c71cc2
+info: /Stage[main]//File[nrpe_local.cfg]: Filebucketed /etc/nagios/nrpe_local.cfg to puppet with sum 19c1c67393a0b6002f4595b535c71cc2
+notice: /Stage[main]//File[nrpe_local.cfg]/content: content changed '{md5}19c1c67393a0b6002f4595b535c71cc2' to '{md5}d8116d9a68b755368037d6bc08d3f1db'
+notice: Finished catalog run in 0.44 seconds
+</code>
+Create a cron job
+<code>
+    puppet resource cron puppet-agent ensure=present user=root minute=30 command='/usr/bin/puppet agent --onetime --no-daemonize --splay'
+</code>
+Output:
+<code>
+notice: /Cron[puppet-agent]/ensure: created
+cron { 'puppet-agent':
+  ensure  => 'present',
+  command => '/usr/bin/puppet agent --onetime --no-daemonize --splay',
+  minute  => ['30'],
+  target  => 'root',
+  user    => 'root',
+}
+</code>
+and the cron line is not system wide, but root's
+<code bash>
+server:~# crontab -l
+# HEADER: This file was autogenerated at Thu Nov 06 21:21:15 +0100 2014 by puppet.
+# HEADER: While it can still be managed manually, it is definitely not recommended.
+# HEADER: Note particularly that the comments starting with 'Puppet Name' should
+# HEADER: not be deleted, as doing so could cause duplicate cron jobs.
+# Puppet Name: puppet-agent
+* * * * /usr/bin/puppet agent --onetime --no-daemonize --splay
+</code>
+Why cron job instead of daemon? Cron job can sometimes perform better and use less memory.
+===== Autostart =====
+<code bash>
+puppet agent --enable
+service puppet restart
+</code>

linux/puppet.1415301083.txt.gz · Last modified: 2014/11/06 20:11 by admin