In the field of modern cloud computing, configuration management is a crucial step. Configuration management tools allow you to reliably deploy configurations to the server. Puppet is one of the more mature configuration management tools in this field.
In a typical Puppet environment, users write Puppet modules on their workstations, push the modules to a version control server (such as Git), and then pull these modules down to the Puppet master server. The server running the Puppet client periodically connects to the Puppet master server to see if there are any changes, and if so, apply the changes.
This situation can work normally until you have to start expanding the number of registered servers or modules become quite complicated. At this point you have two options: gather your Puppet Master to handle the load (this may require you to purchase a commercial version of Puppet), or just give up the Puppet master. This article will examine the second option.
Unowned Puppet settings require copying all the Puppet modules to each node through Git, and then let Puppet apply the changes locally. The disadvantage of this method is that each server downloads all modules and then applies the relevant ones, so it is not the best choice for settings with sensitive information, for example. However, running without a Puppet master will provide you with a lot of flexibility, and it can be achieved without extending the infrastructure.
This tutorial assumes that you have some knowledge of Puppet and Git.
In this tutorial, we will use two Tencent Cloud [CVM] (https://cloud.tencent.com/product/cvm?from=10680): one runs as a Git server, and the other we will apply changes through Puppet. We will use your_git_server_ip and your_puppet_server_ip to refer to the IP address of Tencent Cloud CVM.
Therefore, to follow this tutorial, you need:
The easiest way to set up Git Labs is to use a click image: on the Tencent Cloud CVM creation page under Select Image, click the Applications tab, and then click GitLab 7.10 on 14.04. 0 CE.
The first step is to create a repository where all Puppet modules and manifests will be stored.
First, visit http://your_git_server_ip through your favorite browser to open the Git Labs UI. Create an account by filling in the details on the right under New User, Create an Account and press the green Register button. You will receive an account activation email. After activating your account, you will be able to log in on the main page.
Click the green +New Project button on the main page. Enter **"puppet" of the **project path, and then click "Create Project". Enter "puppet" in the "Project Path" field, then select "Public" for "Visibility Level", and click the green "Create Project" button .
Make sure to copy the SSH URL, you will see it at the top of the project screen, as we will use it in a later step. It looks like git@your_git_server_ip:username/puppet.git like this.
In this step, we will create an SSH key on the Puppet server, and then add the key to the Git Labs server.
Log in to the Puppet server as the root user. (Because Puppet's files will be owned by root, we need to have the right to set up the initial Git repository in the Puppet folder.)
Create an SSH key for the root user. Make sure not to enter the password, because the script will use this key, not the user.
ssh-keygen -t rsa
Next, use the following command to display your public key.
cat ~/.ssh/id_rsa.pub
Copy this key. It looks like ssh-rsa long_alphanumeric_string root@hostname.
Now, on the Git Labs Dashboard page, click the Profile Settings icon on the top bar, the second one on the right. In the left menu, click SSH Keys, and then click the green Add a SSH Key button. In the title, add a description of the key (such as "Root Puppet Key") to the field, and paste your public key into the Key field. Finally, click the "Add" button.
In this step, we will install Puppet and Git.
On the Puppet server, first download the Puppet package for Ubuntu 14.04.
wget http://apt.puppetlabs.com/puppetlabs-release-trusty.deb
Installation package.
dpkg -i /tmp/puppetlabs-release-trusty.deb
Update the package list of the system.
apt-get update
Finally, install Puppet and git.
apt-get install puppet git-core
At this point, you should configure the Git environment as described in this tutorial.
After installing Puppet and Git, we can perform a preliminary push to the Puppet repository.
First, move to the directory where the /etc/puppet configuration file is located.
cd /etc/puppet
Initialize a git repository here.
git init
Add everything in the current directory.
git add .
Use descriptive comments to submit these changes.
git commit -m "Initial commit of Puppet files"
Use the SSH URL you copied in step 1 to add the Git project we created earlier as origin.
git remote add origin git@your_server_ip:username/puppet.git
Finally, push for change.
git push -u origin master
Now that Puppet is installed, we can put everything together. At this point, you can log out as root, but instead log in as the sudo non-root user created during preparation. Unless absolutely necessary, it is not a good practice to run as a root user.
In order to lay the foundation, we need to make some changes. First, we have to clean up the /etc/puppet/puppet.conf file. Use your favorite editor (vim, nano, etc.) to edit /etc/puppet/puppet.conf and make the following changes.
Let's first make some changes to the file /etc/puppet/puppet.conf for our specific settings. Open the file using nano or your favorite text editor.
sudo nano /etc/puppet/puppet.conf
The file will look like this:
[ main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
[ master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
First, delete everything from the [master] line, because we are not running Puppet master. Also delete the last line in the section [main] at the beginning of templatedir, because this is not recommended. Finally, change the line that reads the line factpath=$vardir/lib/facter to factpath=$confdir/facter. $confdir is equivalent to /etc/puppet/, our Puppet repository.
` After making the above changes in puppet.conf, you should see the following.
[ main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$confdir/facter
Now Puppet has been built, but it is not doing any work. The way Puppet works is to look at a file called manifests and define what it should do, so in this step, we will create a useful module for Puppet to run.
Our first module, which we call cron-puppet, will deploy Puppet via Git. It will install a Git hook, it will run Puppet (such as git pull) after a successful merge, and it will install a cron job to execute git pull every 30 minutes.
First, enter the Puppet module directory.
cd /etc/puppet/modules
Next, create a cron-puppet directory containing manifests and files directories.
sudo mkdir -p cron-puppet/manifests cron-puppet/files
Create and open the file init.pp in the directory manifests.
sudo nano cron-puppet/manifests/init.pp
Copy the following code to init.pp. This is the reason to tell Puppet to pull from Git every half an hour.
classcron-puppet {
file {'post-hook':
ensure => file,
path =>'/etc/puppet/.git/hooks/post-merge',
source =>'puppet:///modules/cron-puppet/post-merge',
mode =>0755,
owner => root,
group => root,}
cron {'puppet-apply':
ensure => present,
command =>"cd /etc/puppet ; /usr/bin/git pull",
user => root,
minute =>'*/30',
require => File['post-hook'],}}
Save and close the file, then open another file named post-merge in the files directory.
sudo nano cron-puppet/files/post-merge
Copy the following bash script to post-merge. This bash script will run after a successful Git merge and record the results of the run.
#! /bin/bash -e
## Run Puppet locally using puppet apply
/usr/bin/puppet apply /etc/puppet/manifests/site.pp
## Log status of the Puppet run
if[ $?-eq 0]
then
/usr/bin/logger -i "Puppet has run successfully"-t "puppet-run"
exit 0else/usr/bin/logger -i "Puppet has ran into an error, please run Puppet manually"-t "puppet-run"
exit 1
fi
Save and close this file
Finally, we must tell Puppet to run this module by creating a global manifest, which can be found in /etc/puppet/manifests/site.pp.
sudo nano /etc/puppet/manifests/site.pp
Paste the following content to site.pp. This will create a node category named "default". The content contained in the "default" node will run on each server. Here, we tell it to run our cron-puppet module.
node default{
include cron-puppet
}
Save and close the file. Now, let's make sure our module works by running it.
sudo puppet apply /etc/puppet/manifests/site.pp
After running successfully, you should see some output ending with lines like this.
...
Notice: Finished catalog run in0.18 seconds
Finally, let's commit the changes to the Git repository. First, log in as the root user, because this is a user with SSH key access.
Next, switch to the /etc/puppet directory.
cd /etc/puppet
Add everything in the directory to the submission.
git add .
Use a descriptive message to submit changes.
git commit -m "Added the cron-puppet module"
Finally, push for change.
git push -u origin master
To add more servers, just follow step 3 above to install Puppet and Git on the new server, then clone the Git repository to /etc/puppet and apply the site.pp manifest.
You can even use user data to automate this installation when creating Tencent Cloud CVM. Make sure to use an SSH key when creating Tencent Cloud CVM and add the SSH key to the GitLab server. Then tick the Enable User Data checkbox on the Tencent Cloud CVM creation screen and enter the following bash script to highlight the variables highlighted in red with your own red.
#! /bin/bash -e
## Install Git and Puppet
wget -O /tmp/puppetlabs.deb http://apt.puppetlabs.com/puppetlabs-release-`lsb_release -cs`.deb
dpkg -i /tmp/puppetlabs.deb
apt-get update
apt-get-y install git-core puppet
# Clone the 'puppet' repo
cd /etc
mv puppet/ puppet-bak
git clone http://your_git_server_ip/username/puppet.git /etc/puppet
# Run Puppet initially to set up the auto-deploy mechanism
puppet apply /etc/puppet/manifests/site.pp
That's it! You now have an unowned Puppet system that can start any number of other servers without even logging in.
To learn more about the related tutorials on setting up the Masterless Puppet environment, please go to [Tencent Cloud + Community] (https://cloud.tencent.com/developer?from=10680) to learn more.
Reference: "How To Set Up a Masterless Puppet Environment on Ubuntu 14.04"
Recommended Posts