lost and found ( for me ? )

Foreman : add new hosts to foreman

Here are logs when adding new hosts on foreman.

Reference
https://docs.puppetlabs.com/guides/install_puppet/install_fedora.html
https://www.digitalocean.com/community/tutorials/how-to-install-puppet-to-manage-your-server-infrastructure#sign-request-on-master

Assume that foreman/puppet agent can communicate with the other by using hostname instead of IP addresses.

foreman : CentOS7, hostname : foreman.localdomain
new host : fedora 21, hostname : puppet-agent01.localdomain
new host : ubuntu14.04, hostname : ubuntu1404-puppet-agent01.localdomain

foreman can communicate with the puppet agent.
[root@foreman ~]# ping -c 1 puppet-agent01.localdomain
PING puppet-agent01.localdomain (192.168.122.233) 56(84) bytes of data.
64 bytes from puppet-agent01.localdomain (192.168.122.233): icmp_seq=1 ttl=64 time=0.455 ms

--- puppet-agent01.localdomain ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.455/0.455/0.455/0.000 ms

puppet agent can communicate with the foreman
[root@puppet-agent01 ~]# ping -c 1 foreman.localdomain
PING foreman.localdomain (192.168.122.70) 56(84) bytes of data.
64 bytes from foreman.localdomain (192.168.122.70): icmp_seq=1 ttl=64 time=0.353 ms

--- foreman.localdomain ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.353/0.353/0.353/0.000 ms

[ install puppet agent on Fedora21 ]

[root@puppet-agent01 ~]# yum search puppet

[root@puppet-agent01 ~]# systemctl status puppet.service
* puppet.service - Puppet agent
  Loaded: loaded (/usr/lib/systemd/system/puppet.service; disabled)
  Active: inactive (dead)

edit /etc/puppet/puppet.conf
[root@puppet-agent01 puppet]# grep -v '#' puppet.conf
[main]
   logdir = /var/log/puppet

   rundir = /var/run/puppet

   ssldir = $vardir/ssl

[agent]
   classfile = $vardir/classes.txt

   localconfig = $vardir/localconfig

   server = foreman.localdomain

start puppet agent.
When you run puppet agent first time, puppet agent send a certificate signing request to the puppet master(foreman).
[root@puppet-agent01 puppet]# systemctl start puppet.service

[root@puppet-agent01 puppet]# systemctl status puppet.service
* puppet.service - Puppet agent
  Loaded: loaded (/usr/lib/systemd/system/puppet.service; disabled)
  Active: active (running) since Tue 2014-12-30 02:34:20 JST; 4s ago
Main PID: 1293 (start-puppet-ag)
  CGroup: /system.slice/puppet.service
          |-1293 /bin/sh /usr/bin/start-puppet-agent agent --no-daemonize
          `-1294 /usr/bin/ruby-mri /usr/bin/puppet agent --no-daemonize

on the foreman host, sing the client Cert
[root@foreman ~]# puppet cert list
 "puppet-agent01.localdomain" (SHA256) FA:7A:C3:0F:69:F6:D2:DC:B3:6E:50:69:08:96:99:D3:B1:7A:8F:80:B7:97:1B:7F:A9:24:24:A9:2B:06:CC:1E


[root@foreman ~]# puppet cert sign puppet-agent01.localdomain
Notice: Signed certificate request for puppet-agent01.localdomain
Notice: Removing file Puppet::SSL::CertificateRequest puppet-agent01.localdomain at '/var/lib/puppet/ssl/ca/requests/puppet-agent01.localdomain.pem'

view all signed requests.
[root@foreman ~]# puppet cert list --all
+ "foreman.localdomain"        (SHA256) 46:E4:30:5E:70:1A:2D:3A:CC:F4:13:03:C4:2C:78:DE:36:A2:23:74:89:D4:B0:51:C8:94:B8:3F:63:39:A0:5B (alt names: "DNS:foreman.localdomain", "DNS:puppet", "DNS:puppet.localdomain")
+ "puppet-agent01.localdomain" (SHA256) CA:DB:E1:82:10:B8:41:D5:06:BE:51:55:E5:9D:A3:81:CE:7F:AC:0A:DA:5B:C2:C5:6F:82:17:8F:1A:91:3B:90

Go to the foreman GUI ( https:// <foreman IP> )
You will find the client via HOSTS -> All hosts




You can sing client cert via GUI.
Infrastructure -> “foreman.localdomain”, clieck Certificates


[ install puppet agent on Ubuntu 14.04 ]

install puppet agent via apt-get.

root@ubuntu1404-puppet-agent01:~# apt-get install puppet

edit /etc/puppet/puppet.conf
root@ubuntu1404-puppet-agent01:~# grep -v '#' /etc/puppet/puppet.conf
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post

[master]
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY

[agent]
server = foreman.localdomain

run puppet agent
root@ubuntu1404-puppet-agent01:~# service puppet restart
* Restarting puppet agent                                               [ OK ]

on the foreman GUI, go to Infrastructure -> smart proxies
sign the cert request.



list signed requests via CLI.
on the foreman CLI
[root@foreman ~]# puppet cert list --all
+ "foreman.localdomain"                   (SHA256) 46:E4:30:5E:70:1A:2D:3A:CC:F4:13:03:C4:2C:78:DE:36:A2:23:74:89:D4:B0:51:C8:94:B8:3F:63:39:A0:5B (alt names: "DNS:foreman.localdomain", "DNS:puppet", "DNS:puppet.localdomain")
+ "puppet-agent01.localdomain"            (SHA256) CA:DB:E1:82:10:B8:41:D5:06:BE:51:55:E5:9D:A3:81:CE:7F:AC:0A:DA:5B:C2:C5:6F:82:17:8F:1A:91:3B:90
+ "ubuntu1404-puppet-agent01.localdomain" (SHA256) 8D:0B:BA:60:12:68:F8:87:A7:1E:77:6D:2F:71:E3:60:AC:CC:AE:D5:61:61:70:A1:18:BF:C5:01:03:D6:59:C9

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.