We are in transition from Puppet 3.8 to Puppet 5.4. I am currently playing with puppet 5.4. Though the puppet documentation is good I don't understand what is the difference between puppet, puppetserver and puppetmaster.
The following definitions may help:
Puppet: Refers to the product Puppet, the language Puppet, the entire Puppet ecosystem and also the name of the company that wrote the software.
Puppet Master: A Puppet Master is an installation of Puppet where Puppet code is compiled, and also where SSL certs are verified and signed. Also known as a "Compile Master". In a "monolithic" Puppet Master installation in Puppet Enterprise, the Puppet Master also runs the Puppet Console and PuppetDB. In a "split" installation, the Master, Console and PuppetDB functionality run on different nodes.
Puppet Server: The Puppet Server is an application that runs on the Java Virtual Machine (JVM) on the Puppet Master. In addition to hosting endpoints for the certificate authority service, it also powers the catalog compiler, which compiles configuration catalogs for agent nodes, using Puppet code and various other data sources.
If you like, the "Puppet Server" is the implementation of a Puppet Master, which is more like an abstract role.
See the docs here for more info.
Related
I am creating a virtual machine in terraform that will appear in Azure. Broadly speaking, once that's created how can I tell puppet that the virtual machine exists and to do the basic config steps? I have puppet with the commands I want it to run when a virtual machine is made. Can I tell it to look for a resource with a name? I am pretty clueless and have not been able to find much information on how in code the two work together.
If I was doing it on a cloud infrastructure I'd install the agent, either from a local repo or downloading and installing from the Puppet downloads site https://puppet.com/try-puppet/puppet-enterprise/download/.
Then once the agent was installed I'd run puppet config set server <your puppet server>
Within 30 minutes the agent should run and contact the puppet server.
If you've configured autosign https://puppet.com/docs/puppet/7/ssl_autosign.html then the server will accept the certificate request and start managing the node.
I'm new to Puppet. I want to install any package or software on my new linux machine where Ubuntu installed. I have gone through puppet forge modules in their portal.
There are plenty of modules available but I'm not getting how to run them.
Looks like in all puppet forge modules, puppet language script used. I guess we need to install puppet first in linux machine.
I came to know that we have server and client puppet master and puppet agent. Do we need to install both on my linux machine to run puppet forge scripts?
How to install puppet on linux ubuntu machine and where to run puppet forge module scripts among master and agent?
Do we need 2 linux machines each for puppet server and client?
Puppet is targeted at managing multi-computer installations. It can be used on an isolated machine (you would install both the master and the agent on that machine), but you are likely to make more work for yourself that way, not less, especially given that you have no prior experience with Puppet.
Looks like in all puppet forge modules, puppet language script used.I guess we need to install puppet first in linux machine.
Pedantically, the Puppet language is not a scripting language. But yes, Puppet modules are written primarily in Puppet's domain-specific language. You need Puppet to use them.
I came to know that we have server and client puppet master and puppet
agent.Do we need to install both on my linux machine to run puppet
forge scripts.
Unless you want to set up a second machine for the master to run on, yes, you would need to install both the master and the agent on your machine. Puppet used to support a direct-apply mode, but that is no longer an option.
How to install puppet on linux ubuntu machine and where to run puppet
forge module scripts among master and agent.
Puppet has extensive online documentation. The section on installing Puppet is here: https://puppet.com/docs/puppet/latest/installing_and_upgrading.html.
Note also that installing the software is not all you would need to do. Puppet modules are not programs. They are somewhat like subroutines. You would also need at least to write some Puppet code of your own to specify just how (using the modules of your choice) you want Puppet to configure your machine.
Do we need 2 linux machines each for puppet server and client.
No. You can run the agent on the machine that hosts the master. Many sites do that, in fact, but it is rare for that to be the only place where the agent runs.
Generally speaking, you need to have several machines under Puppet management to achieve a net win relative to managing your machines directly. It really doesn't sound to me like Puppet would be a good fit for you.
For your use case, it seems like using Puppet Bolt is the better option.
As stated by John Bollinger, Puppet has very good online documentation on their products, and it's no different with Bolt:
Installing Bolt on Ubuntu
Once Bolt is installed, you can use its built-in package task to manage packages on your machine, e.g. Apache, by running:
bolt task run package action=install name=apache2
(you can find more examples here)
But if you intend to use Puppet Forge Apache module with Bolt, you can start by installing the module, but this is a more advanced use case, as you'd probably would have to write a plan or manifest to actually use the module's full potential, and you'd still have to deal with some limitations.
As you're new to Puppet and Bolt, I'd recommend you start simple and also take this hand-on lab provided by PuppetLabs.
I hope that gets you going!
Is there a built-in way to mass deploy the Puppet agent on hundreds of nodes, in an unattended, automated way? (providing user/pass/cert.)
There is no built in way to do so. But, you can always use kickstart/pre-seed to deploy puppet agent as part of os provisioning and hand it to puppet to manage your hosts.
Or as an alternate you can write custom shell script to deploy puppet agent's on hundreds on machines, I personally use this method to manage puppet. For reference here is the script.
Also, you may be interested in project razor which automatically deploys puppet as part of bare-metal provisioning and hands it to puppet for configuration management.
Basically the only thing you need to do is to install the Puppet Agent on those machines. I assume that you don't install software packages manually for hundreds of nodes, right?
Once you installed the Agent, it will automatically find the Puppet Master (if puppet.yourdomain.com points to that host), sends certificate requests to the Master where you need to sign them. You can also use the autosign feature of Puppet.
Furthermore, Puppet Enterprise and The Foreman are bases on Puppet and they come along with additional provisioning features.
I suggest that you use the parallel SSH. There are plenty of flavours, I prefer clush, see https://github.com/cea-hpc/clustershell/wiki/clush
You need to create your /etc/clustershell/groups file with groups, e.g.:
all: node[1-2000]
Then you can install the puppet on all the nodes easily with something like this:
clush -bw #all yum -y install puppet
I would like to know how automated deployment to production works with puppet.
Do I need a puppet-slave on my production server? If thats the case, is that insecure and what rights do puppet get with that?
A use-case could be to get a package from a repository manager and then to deploy it to the production server. What are the main steps on this way with puppet?
Puppet can run in solo-mode where you apply a set of configurations in config file on the host in which you run it, as long as puppet (client/agent) is already installed there.
You can also run puppet in a client-server mode, where an agent runs on your production server and obtains configuration details from a puppet server (or puppet master)
If you run in client-server mode, how do you ensure security?
Well, in client-server mode, you pre-register a client/agent to a server you nominate and the exchange ssl certificates before any actions can be applied on that agent. Again, you would have to (on your pupper server or master) associate a set of actions or manifests to the production server running the agent. I suppose that provides sufficient security, assuming you already took care of standard OS security for both systems in the first instance.
Also, additional security can be provided by the puppet file server as suggested in the link suggested by bagheera. If you are even more paranoid than that, then you would need to consider using puppet librarian with a Puppetfile that is assembled and used at run time.
In either case, the bigger challenge for you is that the set of instructions (or manifests) applied have undergone testing (on a test or staging server) before being applied to a production system.
So, you need to be sure what you are doing when you start trying to apply puppet manifests to production servers. I would not recommend just downloading puppet modules and using them without a decent insight into what you are doing and a clear understanding of what each module you intend to use does.
Puppetlabs have great introduction documentation for using puppet, and that would be an excellent place to start learning more about puppet. A good book would also be useful.
I'm trying to set up a multi-VM Vagrant environment that spins up an OpenStack controller and a few OpenStack compute nodes and then provisions a VM or two on the compute nodes.
Yes, I'm talking about VMs running on VMs. It sounds a little crazy, but this multi-VM Vagrant environment has already been created at https://github.com/lorin/openstack-ansible and it works perfectly, as I describe at http://wiki.greptilian.com/openstack
I can only draw inspiration from that GitHub repo and its corresponding tech talk, however, because it uses Ansible as the Vagrant provisioner while I have a requirement to use Puppet.
I'd like to use the official Puppet Labs module for OpenStack at https://github.com/puppetlabs/puppetlabs-openstack but it uses storeconfigs, so I get errors like this because my Vagrantfile doesn't include a VM to serve as a Puppet master:
warning: You cannot collect exported resources without storeconfigs being set; the collection will be ignored on line 142 in file /tmp/vagrant-puppet/modules-0/nova/manifests/init.pp
Resource type anchor doesn't exist at /tmp/vagrant-puppet/modules-0/nova/manifests/db/mysql.pp:18 on node controller.example.com.
I suppose I could tweak my Vagrantfile to spin up a Puppet master along with the OpenStack hosts, but I'm not sure how I'd do that and it seems to introduce extra complexity into the Vagrant environment.
I'm wondering if can do this in with "masterless" Puppet instead. A post at http://semicomplete.com/presentations/puppet-at-loggly/puppet-at-loggly.pdf.html suggests it's possible, saying, "puppet –environment prerun manifests/prerun.pp ... makes storeconfigs work ... puppet –storeconfigs manifests/site.pp ... This is the main puppet run" but I'm confused about the implementation details.
Can anyone point me to a Vagrant repo that runs "masterless" Puppet but uses storeconfigs?
You'll need to configure your storeconfigs with a DB that all vagrant VMs can reach. Loggly used AmazonRDS, but you can use other DBs as puppet docs show. Assuming you have a DB that all VMs can reach and you run puppet with storeconfigs option and you have the correct DB connection info configured in puppet, you should be good.