Here are trial and error logs when installing puppet master and agent.
Reference
http://terokarvinen.com/2012/puppetmaster-on-ubuntu-12-04
Prepare two Ubuntu 14.04 boxes, one is for puppet master and the other is for agent.
# tail -1 /etc/lsb-release ;uname -ri
DISTRIB_DESCRIPTION="Ubuntu 14.04.1 LTS"
3.13.0-34-generic x86_64
|
Before installing puppet master and agent, edit /etc/hosts so that each machine can communicate with the other with hostname.
on the master
root@puppet-master:/home/hattori# domainname
(none)
root@puppet-master:/home/hattori# cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 puppet-master
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
192.168.122.56 puppet-master
192.168.122.197 puppet-agent01
root@puppet-master:/home/hattori# ping -c 1 puppet-agent01
PING puppet-agent01 (192.168.122.197) 56(84) bytes of data.
64 bytes from puppet-agent01 (192.168.122.197): icmp_seq=1 ttl=64 time=0.775 ms
--- puppet-agent01 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.775/0.775/0.775/0.000 ms
|
on the agent
root@puppet-agent01:/home/hattori# hostname
puppet-agent01
root@puppet-agent01:/home/hattori# domainname
(none)
root@puppet-agent01:/home/hattori# cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 puppet-agent01
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
192.168.122.56 puppet-master
192.168.122.197 puppet-agent01
root@puppet-agent01:/home/hattori# ping -c 1 puppet-master
PING puppet-master (192.168.122.56) 56(84) bytes of data.
64 bytes from puppet-master (192.168.122.56): icmp_seq=1 ttl=64 time=0.330 ms
--- puppet-master ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.330/0.330/0.330/0.000 ms
|
Install puppet master
On the master box
root@puppet-master:/home/hattori# apt-get install puppetmaster –y
root@puppet-master:/home/hattori# service puppetmaster status
* master is running
|
start puppetmaster when booting the OS
root@puppet-master:/home/hattori# update-rc.d puppetmaster enable
|
Install puppet agent
On the agent box
root@puppet-agent01:/home/hattori# apt-get install puppet –y
root@puppet-agent01:/home/hattori# service puppet status
* agent is running
|
Start puppet agent when booting the OS
root@puppet-agent01:/home/hattori# update-rc.d puppet enable
|
[ configure puppet master ]
create a certificate file
root@puppet-master:/home/hattori# service puppetmaster stop
|
root@puppet-master:/home/hattori# rm -fr /var/lib/puppet/ssl/
|
edit /etc/puppet/puppet.conf and add puppetmaster hostname in dns_alt_names statement.
root@puppet-master:~# cat /etc/puppet/puppet.conf
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post
[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
dns_alt_names = puppet-master
|
root@puppet-master:~# service puppetmaster start
|
confirm that there is the string of master’s hostname (puppet-master) in the SSL cert file.
puppet agent check this.
root@puppet-master:~# openssl x509 -in /var/lib/puppet/ssl/certs/puppet-master.pem -text | grep -i dns
DNS:puppet-master
root@puppet-master:~#
|
[ agent ]
on the agent
edit /etc/puppet/puppet.conf
root@puppet-agent01:~# grep -v ^# /etc/puppet/puppet.conf
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post
[master]
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
[agent]
server = puppet-master
|
restart puppet
root@puppet-agent01:~# service puppet restart
* Restarting puppet agent
...done.
|
on the master
root@puppet-master:~# puppet cert --list
root@puppet-master:~#
|
nnn, can’t see the agent on the master.
on the agent. delete SSL files and restart puppet.
root@puppet-agent01:~# service puppet stop
* Stopping puppet agent
...done.
root@puppet-agent01:~# rm -r /var/lib/puppet/ssl/
root@puppet-agent01:~# service puppet start
* Starting puppet agent
...done.
|
on the master.
Okay, I was able to see the agent on the master
root@puppet-master:~# puppet cert –list
"puppet-agent01" (SHA256) xx:xx:xx
|
sign the agent certificate on the master.
root@puppet-master:~# puppet cert --sign puppet-agent01
Notice: Signed certificate request for puppet-agent01
Notice: Removing file Puppet::SSL::CertificateRequest puppet-agent01 at '/var/lib/puppet/ssl/ca/requests/puppet-agent01.pem'
|
[ create site manifests and modules ]
create the manifest
on the master
root@puppet-master:~# cd /etc/puppet/
root@puppet-master:/etc/puppet# mkdir -p manifests/ modules/helloworld/manifests
|
root@puppet-master:/etc/puppet# echo 'include helloworld' > manifests/site.pp
root@puppet-master:/etc/puppet# cat manifests/site.pp
include helloworld
|
create the module
root@puppet-master:/etc/puppet# vi modules/helloworld/manifests/init.pp
root@puppet-master:/etc/puppet# cat modules/helloworld/manifests/init.pp
class helloworld {
file { '/tmp/helloFromMaster':
content => "Hello from Puppet Master\n"
}
}
|
on the agent, restart puppet agent.
root@puppet-agent01:~# service puppet restart
* Restarting puppet agent
...done.
|
on the agent, check whether or not /tmp/helloFromMaster file exits.
nnn, no file exist..
root@puppet-agent01:~# ls /tmp/
root@puppet-agent01:~#
|
let’s run puppet as verbose mode to find the problem.
root@puppet-agent01:~# service puppet stop
* Stopping puppet agent
...done.
root@puppet-agent01:~# puppet agent --verbose --no-daemonize --onetime
Info: Retrieving plugin
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not parse for environment production: Syntax error at 'file' at /etc/puppet/manifests/site.pp:3 on node puppet-agent01
Notice: Using cached catalog
Error: Could not retrieve catalog; skipping run
|
Seen from the errors, something is wrong with the manifests and the modules
let’s re-create manifests by following instructions as below.
on the master
root@puppet-master:~# cat /etc/puppet/manifests/site.pp
node "puppet-agent01" {
file { "/root/helloworld.txt":
ensure => file,
owner => "root",
group => "root",
mode => 0644
}
}
|
on the agent, run puppet as verbose mode.
Okay, the agent created the file.
root@puppet-agent01:~# service puppet stop
root@puppet-agent01:~# puppet agent --verbose --no-daemonize --onetime
Info: Retrieving plugin
Info: Caching catalog for puppet-agent01
Info: Applying configuration version '1408594607'
Notice: /Stage[main]/Main/Node[puppet-agent01]/File[/root/helloworld.txt]/ensure: created
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.04 seconds
root@puppet-agent01:~# ls /root/helloworld.txt
/root/helloworld.txt
|
change permissions of this file on the agent
root@puppet-agent01:~# chmod 0444 /root/helloworld.txt
|
run puppet
permission has been changed based on manifests
root@puppet-agent01:~# puppet agent --verbose --no-daemonize --onetime
Info: Retrieving plugin
Info: Caching catalog for puppet-agent01
Info: Applying configuration version '1408594607'
Notice: /Stage[main]/Main/Node[puppet-agent01]/File[/root/helloworld.txt]/mode: mode changed '0444' to '0644'
Notice: Finished catalog run in 0.05 seconds
|