- [Show pagesource]
- [Old revisions]
- [[unknown link type]]
- []
This is an old revision of the document!
Table of Contents
Client side
First
apt install puppet
You can choose how to reach the server by configuring it or using dns, which is a great advantage if you have all the servers in one domain.
Config way
puppet config set server puppet.starlab.cz
DNS way
- make sure you have properly setup hostname in /etc/hostname and /etc/hosts
- add puppet to your /etc/hosts
10.0.4.60 puppet puppet.starlab.cz
or
212.20.102.91 puppet puppet.starlab.cz
- initiate connection to server
xen-starlab:~# puppetd --server puppet --test info: Creating a new SSL key for xen.starlab.cz info: Caching certificate for ca info: Creating a new SSL certificate request for xen.starlab.cz info: Certificate Request fingerprint (md5): AA:A6:EA:69:9A:35:91:C2:EA:8B:CF:B4:70:8E:2E:4B Exiting; no certificate found and waitforcert is disabled
v novejsi verzi puppetu:
xen-starlab:~# puppet agent --server puppet --test
server side
The service seems to be running properly netstat's output - port 8140
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 22428/ruby1.8
Hey! We have a new client
root@ibm:~# puppet cert --list "xen.starlab.cz" (AA:A6:EA:69:9A:35:91:C2:EA:8B:CF:B4:70:8E:2E:4B)
So sign it!
puppet cert --sign xen.starlab.cz notice: Signed certificate request for xen.starlab.cz notice: Removing file Puppet::SSL::CertificateRequest xen.starlab.cz at '/path/to.pem'
Client side again
puppetd --server puppet --waitforcert 80 --test
Warning –test doesn't mean 'test', it is a short for:
´onetime´, ´verbose´, ´ignorecache´, ´no-daemonize´, ´no-usecacheonfailure´, ´detailed-exit-codes´, ´no-splay´, and ´show_diff´
Here is the output:
xen-starlab:~# puppetd --server puppet --waitforcert 80 --test info: Caching catalog for xen.starlab.cz info: Applying configuration version '1413471896' notice: /Stage[main]//File[nrpe_local.cfg]/content: --- /etc/nagios/nrpe_local.cfg 2013-03-09 08:53:33.000000000 +0100 +++ /tmp/puppet-file20141106-21693-vorhz2-0 2014-11-06 20:57:19.823561813 +0100 @@ -1,3 +1,10 @@ -###################################### -# Do any local nrpe configuration here -###################################### +command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10 +command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20 +command[check_disk]=/usr/lib/nagios/plugins/check_disk -w 8% -c 4% +command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z +command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200 +command[check_apt]=/usr/lib/nagios/plugins/check_apt +command[check_linux_raid]=/usr/lib/nagios/plugins/check_linux_raid +command[check_rdiff]=sudo /usr/lib/nagios/plugins/check_backup_storage +command[check_smart]=sudo /usr/lib/nagios/plugins/check_smart +command[check_ipmi]=/usr/lib/nagios/plugins/check_ipmi info: FileBucket adding {md5}19c1c67393a0b6002f4595b535c71cc2 info: /Stage[main]//File[nrpe_local.cfg]: Filebucketed /etc/nagios/nrpe_local.cfg to puppet with sum 19c1c67393a0b6002f4595b535c71cc2 notice: /Stage[main]//File[nrpe_local.cfg]/content: content changed '{md5}19c1c67393a0b6002f4595b535c71cc2' to '{md5}d8116d9a68b755368037d6bc08d3f1db' notice: Finished catalog run in 0.44 seconds
Create a cron job
puppet resource cron puppet-agent ensure=present user=root minute=30 command='/usr/bin/puppet agent --onetime --no-daemonize --splay'
Output:
notice: /Cron[puppet-agent]/ensure: created cron { 'puppet-agent': ensure => 'present', command => '/usr/bin/puppet agent --onetime --no-daemonize --splay', minute => ['30'], target => 'root', user => 'root', }
and the cron line is not system wide, but root's
server:~# crontab -l # HEADER: This file was autogenerated at Thu Nov 06 21:21:15 +0100 2014 by puppet. # HEADER: While it can still be managed manually, it is definitely not recommended. # HEADER: Note particularly that the comments starting with 'Puppet Name' should # HEADER: not be deleted, as doing so could cause duplicate cron jobs. # Puppet Name: puppet-agent 30 * * * * /usr/bin/puppet agent --onetime --no-daemonize --splay
Why cron job instead of daemon? Cron job can sometimes perform better and use less memory.
linux/puppet.1537883281.txt.gz · Last modified: 2018/09/25 15:48 by admin