puppet_management

Overview
Puppet Configurations
- Auto Signing

Overview

In this section talk only about management and possible configurations. We will also describe the DSL and use it to create a lot of configurations.

Puppet Configurations

There are a lot of things which we can do with puppet, so let's get started.

Auto Signing

Remember when we had to sign our certificate. What if we have 100 new servers, do you want to sign each certificate. With puppet we can configure auto signing, let's see how that will work with a new server: “puppetslavetwo”

To create auto signing, we need to re-configure our master, by creating the following file:

Configure Master

Create autosign.conf File & Restart

[root@puppetmaster ~]# vi /etc/puppetlabs/puppet/autosign.conf
*.example.com
:wq

[root@puppetmaster ~]# systemctl restart puppetserver.service
[root@puppetmaster ~]# service puppetserver status
Redirecting to /bin/systemctl status puppetserver.service
● puppetserver.service - puppetserver Service
   Loaded: loaded (/usr/lib/systemd/system/puppetserver.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2020-11-13 19:36:53 EST; 22s ago
  Process: 10616 ExecStop=/opt/puppetlabs/server/apps/puppetserver/bin/puppetserver stop (code=exited, status=0/SUCCESS)
  Process: 10788 ExecStart=/opt/puppetlabs/server/apps/puppetserver/bin/puppetserver start (code=exited, status=0/SUCCESS)
 Main PID: 10811 (java)
    Tasks: 40 (limit: 4915)
   CGroup: /system.slice/puppetserver.service
           └─10811 /usr/bin/java -Xms2g -Xmx2g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger -XX:OnOutOfMemoryError="kill -9 %p" -XX:ErrorFile=/var/log/puppetlabs/p...

Nov 13 19:36:21 puppetmaster.example.com systemd[1]: puppetserver.service: control process exited, code=exited status=1
Nov 13 19:36:21 puppetmaster.example.com systemd[1]: Stopped puppetserver Service.
Nov 13 19:36:21 puppetmaster.example.com systemd[1]: Unit puppetserver.service entered failed state.
Nov 13 19:36:21 puppetmaster.example.com systemd[1]: puppetserver.service failed.
Nov 13 19:36:21 puppetmaster.example.com systemd[1]: Starting puppetserver Service...
Nov 13 19:36:53 puppetmaster.example.com systemd[1]: Started puppetserver Service.
[root@puppetmaster ~]#

Configure Slave

After, we have restarted the master, we can start the agent on the puppetslavetwo server:

Start Agent on the target Server

[root@puppetslavetwo ~]# service puppet start
Redirecting to /bin/systemctl start puppet.service
[root@puppetslavetwo ~]# service puppet status
Redirecting to /bin/systemctl status puppet.service
● puppet.service - Puppet agent
   Loaded: loaded (/usr/lib/systemd/system/puppet.service; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2020-11-16 11:48:32 EST; 3min 6s ago
 Main PID: 1594 (puppet)
    Tasks: 2
   CGroup: /system.slice/puppet.service
           └─1594 /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/puppet agent --no-daemonize

Nov 16 11:48:32 puppetslavetwo.example.com systemd[1]: Started Puppet agent.
Nov 16 11:48:39 puppetslavetwo.example.com puppet-agent[1594]: Starting Puppet client version 6.19.1
Nov 16 11:48:42 puppetslavetwo.example.com puppet-agent[1606]: Applied catalog in 0.02 seconds
[root@puppetslavetwo ~]#

Verification

To verify, we can check both the master, if he signed it and/or check the agent

Check Master

--Check certificate
[root@puppetmaster ~]# puppetserver ca list --all
Signed Certificates:
    puppetmaster.example.com         (SHA256)  ED:77:D9:A2:F5:86:51:C3:98:F2:61:10:C6:38:14:A3:6B:0C:8D:31:A5:36:46:B4:7C:FC:6E:D7:5F:6E:F6:4B  alt names: ["DNS:puppet", "DNS:puppetmaster.example.com"]  authorization extensions: [pp_cli_auth: true]
    puppetslave.example.com          (SHA256)  A4:24:76:E7:3D:B8:5B:35:15:1D:79:61:6B:44:F7:1B:D8:B9:8A:03:C9:5B:C4:0D:10:23:8B:00:75:7F:9A:DA
    puppetslavetwo.example.com       (SHA256)  C2:99:06:28:F5:D5:22:1C:FB:0C:40:33:87:96:7C:87:DB:A0:ED:0B:EF:6A:4B:FB:55:B8:95:4B:70:B5:AD:72

--Log
2020-11-13T19:37:32.353-05:00 INFO  [qtp1885695266-36] [p.p.certificate-authority] Signed certificate request for puppetslavetwo.example.com
2020-11-13T19:37:35.736-05:00 INFO  [qtp1885695266-35] [puppetserver] Puppet Compiled catalog for puppetslavetwo.example.com in environment production in 0.36 seconds

Check Agent

[root@puppetslavetwo ~]# puppet agent -tv
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Caching catalog for puppetslavetwo.example.com
Info: Applying configuration version '1605314475'
Notice: Applied catalog in 0.02 seconds
[root@puppetslavetwo ~]#