DeskTux

Linux on Desktops

User Tools

Site Tools

Trace:
apps:puppet

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
apps:puppet [2019-08-10 16:53] – Initial writing jensapps:puppet [2024-05-20 10:15] (current) – [Connecting] Syntax jens
Line 1: Line 1:
 ====== Puppet ====== ====== Puppet ======
-Even if you manage just a handful or two servers, [[https://puppet.com/|Puppet]] can already help you to save loads of time and ensures all your systems run in the desired state.+Even if you manage just a handful or two of servers, [[https://puppet.com/|Puppet]] can already help you to save loads of time and ensures all your systems run in the desired state.
  
 Somehow, I could not find very many or good manuals on how to set up your own (basic) Puppet server on Debian, so I decided to write my own. Somehow, I could not find very many or good manuals on how to set up your own (basic) Puppet server on Debian, so I decided to write my own.
  
-==== Installation & Configuration ==== +===== Installation & Configuration ===== 
-The installation in Debian (10 or later) is -- as always in Debian -- straight forward. Just run an +The installation in Debian is -- as always in Debian -- straight forward. Just run an 
- +<code bash> 
-  apt install puppet puppet-master vim-puppet+apt install puppet-agent puppetserver vim-puppet 
 +</code>
      
-That last package is not really needed but comes in really handy when editing your Puppet manifests in vim and you want syntax highlighting. While this would be more needed on a git client (which will be discussed here in future) it also is nice to have on the Puppet master.+That last package is not really needed but comes in really handy when editing your Puppet manifests in vim and you want syntax highlighting. While this would be more needed on a [[:apps:git|git]] client it also is nice to have on the Puppet server.
  
 As for the main configuration file ''/etc/puppet/puppet.conf'' I leave the Debian standard for what it is. As for the main configuration file ''/etc/puppet/puppet.conf'' I leave the Debian standard for what it is.
  
-==== Manifests ====+===== Manifests =====
 Your manifests should be in ''/etc/puppet/code/'' and the basic structure looks like this: Your manifests should be in ''/etc/puppet/code/'' and the basic structure looks like this:
  
Line 28: Line 29:
                 ├── module2                 ├── module2
                 │   ├── examples                 │   ├── examples
-                │   ├── manifests +                │   ├── files 
-                │   └── files+                │   └── manifests
                 └── moduleX                 └── moduleX
                     ├── examples                     ├── examples
Line 35: Line 36:
                     └── manifests                     └── manifests
 </code> </code>
 +
 +Each ''manifests'' directory contains at least your ''init.pp'' and possibly other Puppet files, except the environment manifest. The ''/etc/puppet/code/environments/production/manifests/site.pp'' very basically looks like this:
 +
 +<code>
 +# DeskTux main Puppet Configuration
 +include module1
 +include module2
 +include moduleX
 +</code>
 +
 +In the modules, the ''files'' directory is not necessary unless you have files to manage and the ''examples'' directory should contain a basic ''init.pp'' that looks like this:
 +
 +<code>
 +include moduleX
 +</code>
 +
 +That way, you can easily test the code of that module by using ''puppet apply -t init.pp''.
 +
 +Of course, before testing your code, you should first run it through ''puppet parser validate'' and ''puppet-lint''. However, this is not a Puppet code manual, you should check their [[https://puppet.com/docs|excellent documentation]] for that.
 +
 +===== Clients =====
 +==== Connecting ====
 +Of course, your Puppet server will be useless if it only manages itself. To connect clients to your Puppet server, make sure it is reachable on port 8140/TCP (both IPv4 and IPv6 work).
 +
 +On the client, install Puppet by running ''apt install puppet-agent'' (and enable it in systemctl, or write a manifest for that ;-)). Then edit the ''/etc/puppet/puppet.conf'' and add this section:
 +
 +<code ini>
 +[agent]
 +server = your.puppet.server
 +</code>
 +
 +Afterwards, run ''puppet agent -t''. This will create a certificate request on the Puppet server. There, run ''puppetserver ca list'' and you will get an output similar to this:
 +<code bash>
 +root@puppet:~ # puppetserver ca list
 +  "client.system.tld" (SHA256) 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF
 +</code>
 +
 +To accept that certificate just run
 +
 +  puppetserver ca sign --certname <client.system.tld>
 +
 +and you are good to go. From now on, that system will be managed by your Puppet server. To test this you can run a ''puppet agent -t'' on the client.
 +
 +==== Removing ====
 +In case you need to remove (decommission) a client, you can list all available certificates with 
 +
 +  puppetserver ca list --all
 +
 +and then
 +
 +  puppetserver ca clean --certname <client.name.tld>
 +  
 +Don't forget to remove that client from backup and monitoring ;-)
 +
 +====== What next? ======
 +Now, it might be a good idea to manage your Puppet code from your workstation using [[git]]. That way you do not need to log in to the Puppet server all the time to make changes to your code as root.
 +
 +~~DISCUSSION~~
apps/puppet.1565455987.txt.gz · Last modified: 2019-08-10 16:53 by jens