I'm working from Packt Publishing's "Puppet 4 Essentials: Second Edition" and I'm stuck on page 33. There seems to be a crucial lapse of detail full excerpt here:
Add this to /etc/hosts so that Puppet can contact the master:
And it does not specify what to add. I'm new to puppet 4 and currently migrating resources away from it. I'd like to avoid banging my head against the wall here.
Can anyone help me decipher this passage?
EDIT:
I'm trying to run this on Centos 7. The machines can ping each other successfully.
I added this to the agent /etc/hosts:
10.xxx.xxx.xxx puppetmaster puppet
I added this to the master /etc/hosts:
10.xxx.xxx.xxx puppetclient agent
(confirmed that the IP addresses are correct)
Related
I am creating a virtual machine in terraform that will appear in Azure. Broadly speaking, once that's created how can I tell puppet that the virtual machine exists and to do the basic config steps? I have puppet with the commands I want it to run when a virtual machine is made. Can I tell it to look for a resource with a name? I am pretty clueless and have not been able to find much information on how in code the two work together.
If I was doing it on a cloud infrastructure I'd install the agent, either from a local repo or downloading and installing from the Puppet downloads site https://puppet.com/try-puppet/puppet-enterprise/download/.
Then once the agent was installed I'd run puppet config set server <your puppet server>
Within 30 minutes the agent should run and contact the puppet server.
If you've configured autosign https://puppet.com/docs/puppet/7/ssl_autosign.html then the server will accept the certificate request and start managing the node.
We've just started using Vagrant for dev environments for individuals, but found a pain point with trying to show other people what you're working on. I.e. Hey Bob, check out dave.dev.example.com (Vagrant box) and try the login.
At the moment the Vagrant boxes are using bridged networking, so have an IP on the local network, but we're having to put hosts file entries in.
How have others worked around this problem? At the moment I'm thinking either push a record into a local BIND server or having devs commit to a branch and checkout on a test server.
I need your help to understand the better implementation approach for the below requirement:
Suppose my puppet master server name is: server.example.com which I need to update in 500 puppet agent nodes to contact to puppet master server. One way is to add server=server.example.com in puppet.conf on all the agent nodes and second way is to run the command "puppet agent --test --server server.example.com" on all agent nodes. But this needs to be performed either manually or some kind of automation needs to be performed. Is there some better way?
Second option is I can create a CNAME with name 'puppet' on puppet master server so that all agent nodes automatically make the communication with the puppet master. But in case I have multiple puppet master in the same domain than how I can manage it?
I will highly appreciate if someone can throw some light on the best practice to achieve this.
Thanks,
Sanjiv
The best practice is to take full advantage of puppet automation by adding server=server.example.com which is the address of the master. Since you are dealing with 500 nodes, manual approach is not encouraged.
By default puppet agents communicate with the master every 30minutes. But in some cases if you want to force puppet agents to communicate with master within this default time period, then use a parallel ssh or similar tool to invoke puppet agent --test
If you are considering multiple puppet masters then you need to ensure that DNS or the proxy server is properly configured in the network and point to right puppet master at a given point of time.
This might be helpful: https://docs.puppetlabs.com/guides/scaling_multiple_masters.html
You can have the client's puppet.conf as a template where server can take a variable in puppet or reading it from hiera. The server name will get propagated to your clients during the next puppet run by agents.
I have puppet master on RHEL 6 and agent on Windows.
IT is showing up properly in the console Web, however it is not downloading new catalogue, due to CA error.
I did renew on client, but the master does not show up the windows cert at all for accepting.
This appears to be the agent has a newer certificate and the master will only accept one certificate per machine (based on fqdn or fully qualified domain name). What you need to do is remove the certificate from the master so that it will accept the new request from the machine.
Alternatively you should also make sure you are in an elevated process always when running Puppet (unless you are in advanced scenarios where you are using lower privileges and know all the ins and outs of what that entails on Windows). The reason? Puppet home for elevated processes is in C:\ProgramData\PuppetLabs\Puppet, for non-elevated it is in ~/.puppet (which is usually C:\Users\username\.puppet). A certificate request for each machine can only be accepted once, but a non-elevated process won't see the one in ProgramData and will try unsuccessfully to request another.
Also make sure that the firewall on the Windows machine is not preventing it from accessing the Puppet Server, the port is usually 8140. This can cause SSL issues in reaching the master.
I'm trying to set up a multi-VM Vagrant environment that spins up an OpenStack controller and a few OpenStack compute nodes and then provisions a VM or two on the compute nodes.
Yes, I'm talking about VMs running on VMs. It sounds a little crazy, but this multi-VM Vagrant environment has already been created at https://github.com/lorin/openstack-ansible and it works perfectly, as I describe at http://wiki.greptilian.com/openstack
I can only draw inspiration from that GitHub repo and its corresponding tech talk, however, because it uses Ansible as the Vagrant provisioner while I have a requirement to use Puppet.
I'd like to use the official Puppet Labs module for OpenStack at https://github.com/puppetlabs/puppetlabs-openstack but it uses storeconfigs, so I get errors like this because my Vagrantfile doesn't include a VM to serve as a Puppet master:
warning: You cannot collect exported resources without storeconfigs being set; the collection will be ignored on line 142 in file /tmp/vagrant-puppet/modules-0/nova/manifests/init.pp
Resource type anchor doesn't exist at /tmp/vagrant-puppet/modules-0/nova/manifests/db/mysql.pp:18 on node controller.example.com.
I suppose I could tweak my Vagrantfile to spin up a Puppet master along with the OpenStack hosts, but I'm not sure how I'd do that and it seems to introduce extra complexity into the Vagrant environment.
I'm wondering if can do this in with "masterless" Puppet instead. A post at http://semicomplete.com/presentations/puppet-at-loggly/puppet-at-loggly.pdf.html suggests it's possible, saying, "puppet –environment prerun manifests/prerun.pp ... makes storeconfigs work ... puppet –storeconfigs manifests/site.pp ... This is the main puppet run" but I'm confused about the implementation details.
Can anyone point me to a Vagrant repo that runs "masterless" Puppet but uses storeconfigs?
You'll need to configure your storeconfigs with a DB that all vagrant VMs can reach. Loggly used AmazonRDS, but you can use other DBs as puppet docs show. Assuming you have a DB that all VMs can reach and you run puppet with storeconfigs option and you have the correct DB connection info configured in puppet, you should be good.