puppet_overview_installation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
puppet_overview_installation [2020/11/13 22:40] andonovjpuppet_overview_installation [2020/11/16 16:21] (current) andonovj
Line 14: Line 14:
 In a nutshell, the Agent is trying to pull the necessary steps from the master, each couple seconds. It is important to note that, the master doesn't push anything, the Agent is the one pulling the task to be done on itself. In a nutshell, the Agent is trying to pull the necessary steps from the master, each couple seconds. It is important to note that, the master doesn't push anything, the Agent is the one pulling the task to be done on itself.
  
-=====Installation=====+=====Repo Configuration=====
 To install it, we have to configure the Repo and install the server & agent for the **master** and the agent for the **slave**. To install it, we have to configure the Repo and install the server & agent for the **master** and the agent for the **slave**.
  
Line 30: Line 30:
  
  
-====Configure Master====+====Install Master====
 <Code:bash|Install Puppet Server> <Code:bash|Install Puppet Server>
 [root@puppetmaster etc]# yum install puppetserver [root@puppetmaster etc]# yum install puppetserver
Line 89: Line 89:
 </Code> </Code>
  
-That will install both, the server and the agent, we can start the service as follows:+That will install both, the server and the agent on the master server. 
  
-<Code:bash|Start the pupept Server> 
-[root@puppetmaster etc]# service puppetserver start 
-Redirecting to /bin/systemctl start puppetserver.service 
-[root@puppetmaster etc]# service puppetserver status 
-Redirecting to /bin/systemctl status puppetserver.service 
-● puppetserver.service - puppetserver Service 
-   Loaded: loaded (/usr/lib/systemd/system/puppetserver.service; disabled; vendor preset: disabled) 
-   Active: active (running) since Fri 2020-11-13 16:50:11 EST; 7s ago 
-  Process: 7345 ExecStart=/opt/puppetlabs/server/apps/puppetserver/bin/puppetserver start (code=exited, status=0/SUCCESS) 
- Main PID: 7368 (java) 
-    Tasks: 40 (limit: 4915) 
-   CGroup: /system.slice/puppetserver.service 
-           └─7368 /usr/bin/java -Xms2g -Xmx2g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger -XX:OnOutOfMemoryError="kill -9 %p" -XX:ErrorFile=/var/log/puppetlabs/pu... 
- 
-Nov 13 16:49:35 puppetmaster.example.com systemd[1]: Starting puppetserver Service... 
-Nov 13 16:50:11 puppetmaster.example.com systemd[1]: Started puppetserver Service. 
-[root@puppetmaster etc]#  
-</Code> 
- 
-Nice, we have a working default server. Let's configure the agent, we will return to the master in a second. 
-As stated before, the agent is the one pulling the requests from the master, but before it can do that, the connection between them NEEDS to be secure. Secure in the IT world means, certificates, so let's check what certificates the Master has: 
- 
-<Code:bash|Check Master Certificates> 
-[root@puppetmaster certificate_requests]# puppetserver ca list --all 
-Signed Certificates: 
-    puppetmaster.example.com       (SHA256)  ED:77:D9:A2:F5:86:51:C3:98:F2:61:10:C6:38:14:A3:6B:0C:8D:31:A5:36:46:B4:7C:FC:6E:D7:5F:6E:F6:4B    alt names: ["DNS:puppet", "DNS:puppetmaster.example.com" authorization extensions: [pp_cli_auth: true] 
-[root@puppetmaster certificate_requests]#  
-</Code> 
- 
-So we see that the master has his own certificate and that is that. But for the agent to work, we need the agent to send his certificate to be signed by the master. So let's setup the agent. 
- 
-====Configure Agent==== 
-We will simple install the agent and do little magic. 
  
 +====Install Agent====
 <Code:bash|Install the agent> <Code:bash|Install the agent>
 [root@puppetagent etc]# yum install puppet-agent [root@puppetagent etc]# yum install puppet-agent
Line 167: Line 135:
 </Code> </Code>
  
-After we have installed it, we have to modify the puppet.conf file (e.g./etc/puppetlabs/puppet/puppet.conf) 
-<Code:bash|Edit Puppet Agent Conf> 
-[root@puppetagent puppet]# vi /etc/puppetlabs/puppet/puppet.conf 
-# This file can be used to override the default puppet settings. 
-# See the following links for more details on what settings are available: 
-# - https://puppet.com/docs/puppet/latest/config_important_settings.html 
-# - https://puppet.com/docs/puppet/latest/config_about_settings.html 
-# - https://puppet.com/docs/puppet/latest/config_file_main.html 
-# - https://puppet.com/docs/puppet/latest/configuration.html 
- 
-[main] 
-certserver = puppetslave.example.com 
-server = puppetmaster.example.com 
- 
-:wq 
- 
-</Code> 
- 
-Once done, we can start the agent as follows: 
- 
- 
-<Code:bash|Start Puppet Agent> 
-[root@puppetagent puppet]# service puppet start 
-Redirecting to /bin/systemctl start puppet.service 
-[root@puppetagent puppet]# service puppet status 
-Redirecting to /bin/systemctl status puppet.service 
-● puppet.service - Puppet agent 
-   Loaded: loaded (/usr/lib/systemd/system/puppet.service; disabled; vendor preset: disabled) 
-   Active: active (running) since Fri 2020-11-13 17:23:04 EST; 2s ago 
- Main PID: 26262 (puppet) 
-    Tasks: 2 
-   CGroup: /system.slice/puppet.service 
-           └─26262 /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/puppet agent --no-daemonize 
- 
-Nov 13 17:23:04 puppetslave.example.com systemd[1]: Started Puppet agent. 
-[root@puppetagent puppet]# 
-</Code> 
- 
-So let's return to the Master and see how he is doing. 
- 
-====Sign Certificate==== 
-Since the agent started (and hopefully not mistakes) the master should've received the certificate (from the agent) to approve: 
- 
-<Code:bash|Check Certificate Requests> 
-[root@puppetmaster certificate_requests]# puppetserver ca list --all 
-Requested Certificates: 
-    puppetslave.example.com       (SHA256)  1F:86:36:82:A1:0E:A6:76:BE:D5:F8:11:93:85:E1:9C:AC:EE:AA:29:AC:85:0F:EB:49:90:A7:CF:FC:40:51:22 
-Signed Certificates: 
-    puppetmaster.example.com       (SHA256)  ED:77:D9:A2:F5:86:51:C3:98:F2:61:10:C6:38:14:A3:6B:0C:8D:31:A5:36:46:B4:7C:FC:6E:D7:5F:6E:F6:4B    alt names: ["DNS:puppet", "DNS:puppetmaster.example.com" authorization extensions: [pp_cli_auth: true] 
-</Code> 
- 
-Now, we have 2 certiciates :), so let's approve our agent. 
- 
-<Code:bash|Sign Certificate> 
-[root@puppetmaster certificate_requests]# puppetserver ca sign --certname puppetslave.example.com 
-Successfully signed certificate request for puppetslave.example.com 
-[root@puppetmaster certificate_requests]# 
-[root@puppetmaster certificate_requests]# puppetserver ca list --all 
-Signed Certificates: 
-    puppetmaster.example.com       (SHA256)  ED:77:D9:A2:F5:86:51:C3:98:F2:61:10:C6:38:14:A3:6B:0C:8D:31:A5:36:46:B4:7C:FC:6E:D7:5F:6E:F6:4B    alt names: ["DNS:puppet", "DNS:puppetmaster.example.com" authorization extensions: [pp_cli_auth: true] 
-    puppetslave.example.com        (SHA256)  A4:24:76:E7:3D:B8:5B:35:15:1D:79:61:6B:44:F7:1B:D8:B9:8A:03:C9:5B:C4:0D:10:23:8B:00:75:7F:9A:DA 
-[root@puppetmaster certificate_requests]# 
-</Code> 
  
-From now on, we will have trusted connection between the Agent/Slave and the Master. 
  • puppet_overview_installation.1605307245.txt.gz
  • Last modified: 2020/11/13 22:40
  • by andonovj