Running Puppet on Solaris
Solaris was an early development target for Puppet, hence Puppet's support for the platform is mature and stable.
Note: Facter 1.5.2 and below use /etc/release to determine operating system version. Solaris 5.11 (OpenSolaris) doesn't use /etc/release any more. This has been fixed in the facter git repo, but as of this writing (6 Feb 09), has not been packaged. You will need to manually patch Facter if you want to use it on OpenSolaris
Installation
Puppet has Facter and Ruby as prerequisites, neither of which will be found on a stock, default Solaris installation.
By far the easiest way to install puppet and its dependencies is to use the blastwave (Community Software) archive, aka CSW http://www.blastwave.org. The first step is to install pkgutil, which allows you to retreive software from the blastwave repositories.
Please follow the instructions located on the blastwave site http://www.blastwave.org/howto.html for installing pkgutil, then return here to continue installing Puppet.
Now that you have pkgutil installed, you can use pkgutil to install puppet. Pkgutil will resolve all of the dependencies, and install those packages as well.
# /opt/csw/bin/pkgutil -U # /opt/csw/bin/pkgutil --install puppet
Note that this not only installs puppet, it also turns on the daemon which starts looking for a local puppet master server. To stop this, after installation:
# svcadm disable puppetd
Note: At the moment blastwave is going through some internal turmoil. This has caused Gary Law, the puppet solaris package maintainer, to temporarily postpone updating the blastwave repositories with the latest version of puppet. He has however provided the packages from his personal website: http://garylaw.net/packages/. For more information check out Gary's post here: Gary's google groups post
Installation option #2
This is an alternative method for installing Puppet on Solaris 10. Rather than depending on Blastwave, which is an entire package framework, I prefer the simplest installation with the least steps and dependencies.
1) Install Ruby from the Solaris Companion DVD:
pkgadd -d /cdrom/Solaris_Software_Companion/Solaris_sparc/Packages/ SFWruby
2) Download and install the latest RubyGems (Like perl's CPAN module, but for Ruby):
$ wget http://rubyforge.org/frs/download.php/45905/rubygems-1.3.1.tgz $ gzcat rubygems-1.3.1.tgz | tar -xf - $ cd rubygems-1.3.1 $ /opt/sfw/bin/ruby setup.rb
3) Install the latest Puppet and it's dependencies via Ruby Gems?:
/opt/sfw/bin/gem update /opt/sfw/bin/gem install puppet
Ruby Gems? will automatically download and install all packages and pre-requisites.
4) You'll have to write your own /etc/init.d/puppetd and /etc/init.d/puppetmasterd scripts, or modify the Blastwave SMF manifests. Other than that, puppet is pretty much installed.
Integrating Puppet with Jumpstart
Solaris 10
post-install script:
#!/bin/sh ### Setup mkdir /a/jumpstart mount jumpstartserver:/opt/solaris/jumpstart /a/jumpstart ### Blastwave support cd /a/jumpstart cp root.profile /a/.profile mkdir -p /a/usr/local/bin cp wget-`uname -p`.bin /a/usr/local/bin/wget chmod 755 /a/usr/local/bin/wget mkdir -p /a/opt/csw echo all | pkgadd -a admin.jumpstart -d pkg_get-3.8.1-all-CSW.pkg -R /a cp /a/jumpstart/pkg-get.conf /a/opt/csw/etc cp /a/var/pkg-get/admin-fullauto /a/var/pkg-get/admin ### Ruby from Blastwave cd /a/jumpstart mkdir -p /a/usr/local/sbin cp /a/jumpstart/ruby-install.sh /a/usr/local/sbin chmod 700 /a/usr/local/sbin/ruby-install.sh chroot /a /usr/local/sbin/ruby-install.sh ### Facter and Puppet from garylaw.net cp facter-1.3.8,REV=2007.09.23-SunOS5.8-all-CSW.pkg /a/tmp cp puppet-0.23.2,REV=2007.09.23-SunOS5.8-all-CSW.pkg /a/tmp cp admin.jumpstart /a/tmp cp /a/jumpstart/puppet-install.sh /a/usr/local/sbin chmod 700 /a/usr/local/sbin/puppet-install.sh chroot /a /usr/local/sbin/puppet-install.sh ## Puppet setup cp puppetd.conf /a/etc/puppet cd /a/var/svc/manifest/network ln -s ../../../../opt/csw/var/svc/manifest/puppetd.xml . cd /a/jumpstart ### Teardown cd / umount /a/jumpstart rmdir /a/jumpstart
root.profile
umask 022 PATH=/usr/bin:/usr/sbin:/usr/ccs/bin:/usr/dt/bin:/usr/openwin/bin:/bin:/usr/ucb:/opt/SUNWspro/bin:/usr/local/bin:/usr/local/sbin:/opt/csw/bin:/opt/csw/sbin export PATH MANPATH=/usr/man:/usr/dt/man:/usr/openwin/share/man:/usr/local/man:/opt/SUNWspro/man:/opt/csw/man export MANPATH PS1="`whoami`@`hostname`# " export PS1
admin.jumpstart
mail= instance=unique partial=nocheck runlevel=nocheck idepend=nocheck rdepend=nocheck space=nocheck setuid=nocheck conflict=nocheck action=nocheck basedir=default
pkg-get.conf
url=http://www.gtlib.gatech.edu/pub/blastwave/unstable
ruby-install.sh -- pkg-get running inside a chroot requires a working mnttab, and openssl (one of the Ruby dependencies) requires a working /dev/random and /dev/urandom. On my Solaris 10 Jumpstart installs, /dev/random and /dev/urandom exist in the chroot, but are symlinks to missing entries in /devices.
#!/bin/sh /sbin/mount -F mntfs mnttab /etc/mnttab mknod /devices/pseudo/random@0:random c 190 0 mknod /devices/pseudo/random@0:urandom c 190 1 PATH=$PATH:/usr/local/bin:/usr/local/sbin:/opt/csw/bin:/opt/csw/sbin export PATH pkg-get install ruby
puppet-install.sh -- these installs might not require a chroot, and may work fine if installed similar to the pkg-get installation above.
#!/bin/sh
/sbin/mount -F mntfs mnttab /etc/mnttab
cd /tmp
mkdir /etc/puppet
echo all | pkgadd -a admin.jumpstart -d \
facter-1.3.8,REV=2007.09.23-SunOS5.8-all-CSW.pkg
echo all | pkgadd -a admin.jumpstart -d \
puppet-0.23.2,REV=2007.09.23-SunOS5.8-all-CSW.pkg
puppet.conf
[puppetd] # Make sure all log messages are sent to the right directory # This directory must be writable by the puppet user logdir=/opt/csw/var/puppet/log vardir=/opt/csw/var/puppet rundir=/opt/csw/var/puppet/run server=puppetserver.domain factsync=true
Simple Puppetmaster install and configuration
To do
Puppet on older versions of Solaris
Of course, blastwave will only work on Solaris 8+. However, Puppet does work well with the Ruby from sunfreeware for at least Solaris 2.6 and 7, and people have even had success compiling pkg-get for use with those platforms by pointing it to the sunfreeware repository - however, your mileage may vary with that (not tested by the person writing this paragraph). Certainly, using sunfreeware packages and native sun packages on their own works quite well.
Minimal Solaris Puppet Client Installation Instructions
This assumes Solaris 10 or later, you are root, with bash and wget installed and in your PATH:-
Step 1, install pkgutil
exec bash wget -q -O - \ http://ftp.math.purdue.edu/mirrors/opencsw.org/unstable/$(uname -p)/$(uname -r)/pkgutil-1.4,REV=2009.01.19-SunOS5.8-$(uname -p)-CSW.pkg.gz \ | gunzip --stdout - > /tmp/pkgutil.pkg yes | pkgadd -d /tmp/pkgutil.pkg all /opt/csw/bin/pkgutil -U
Step 2, install puppet
yes | /opt/csw/bin/pkgutil -i CSWpuppet
This will install common, ruby, facter and any other required dependencies, then puppet, and then start up puppetd with a blank config (defaults to looking for a puppet server at puppet.YOURDOMAIN)
More Detailed Solaris Puppet Client Installation Instructions
Installation of the Puppet infrastructure onto a client machine requires a number of prerequisites to be met first. This procedure outlines the installation process for these prerequisites and ultimately Puppet itself on the Solaris 10 platform. Note: This guide assumes that LDAPNodes is being used for node storage. If not, omit any steps that relate to LDAP and do whatever is needed for your node storage mechanism of choice.
All Blastwave packages are installed under: /opt/csw
Procedure
1) Install Blastwave Support
# pkgadd -d http://www.blastwave.org/pkg_get.pkg
2) Verify that the pkg-get configuration file is configured for your region
3) Install the complete wget package
# /opt/csw/bin/pkg-get -i wget
4) Configure pkg-get to support automation.
# cp -p /var/pkg-get/admin-fullauto /var/pkg-get/admin
5) Now we are going to install gnupg and an md5 utility so that we can do some security validation of Blastwave packages.
# /opt/csw/bin/pkg-get -i gnupg textutils
6) Next we will copy the Blastwave PGP public key to the local host.
# /opt/csw/bin/wget --output-document=pgp.key http://www.blastwave.org/mirrors.html
Which should result in output like this:
--10:39:55-- http://www.blastwave.org/mirrors.html
=> `pgp.key'
Resolving www.blastwave.org... 131.188.30.245 Connecting to www.blastwave.org[131.188.30.245]:80... connected. HTTP request sent, awaiting response... 200 OK Length: 16,060 [text/html]
100%[====================================>] 16,060 52.41K/s
10:39:56 (52.33 KB/s) - `pgp.key' saved [16060/16060]
7) Next we will import the PGP key that we just copied.
# gpg --import pgp.key
8) Verify that the following two lines in /opt/csw/etc/pkg-get.conf are COMMENTED OUT.
#use_gpg=false #use_md5=false
9) Install the Ruby software (CSWruby) from Blastwave.
# /opt/csw/bin/pkg-get -i ruby
Note: This will also install any Ruby prerequisites.
10) Install the Ruby Gems? software (CSWrubygems) from Blastwave.
# /opt/csw/bin/pkg-get -i rubygems
11) Add /opt/csw/bin and /opt/csw/sbin to the root user's PATH.
12) Install Reductive Labs facter gem package using the Ruby Gem? installation tool.
# gem install facter
13) Install Reductive Labs Puppet gem package using the Ruby Gem? installation tool. The current STABLE version is: 0.23.2.
# gem install puppet --version '0.23.2'
14) Create the puppet user and group:
Info for /etc/passwd: puppet:x:35001:35001:puppet user:/home/puppet:/bin/sh
Info for /etc/shadow: puppet:*LK*:::::::
Info for /etc/group: puppet::35001:
15) Create the following core directories and set the permissions:
# mkdir -p /sysprov/dist/apps /sysprov/runtime/puppet/prod/puppet/master # chown -R puppet:puppet /sysprov/dist /sysprov/runtime
16) Grab this sample puppet.conf file and modify the attributes listed below. Copy the modified file to the /sysprov/runtime/puppet/prod/puppet/master directory on your host.
17) Create a file containing the new LDAP entry information for your host. In this file you specify the Puppet class membership which is what Puppet uses to determine which configuration(s) to use on your host. In the example below, the device is a member of the sudo and syslog-ng classes. This means that whenever the puppetd process is running on your host, it will periodically check with the puppetmaster to see whether its configuration is out of date and apply the configuration for a machine in the sudo and syslog-ng puppet classes. Likewise, if you later modify the LDAP entry to include another puppetclass entry or remove an existing entry, the puppetmaster will apply that configuration instead.
Note: You should specify the fully qualified domain name. Puppet will compare this value to the SSL certificate to ensure a match. If you use a non-FQDN, you are going to run into issues.
# puppettest dn: cn=puppettest.domain.edu,ou=Hosts,dc=puppet objectClass: device objectClass: ipHost objectClass: puppetClient objectClass: top cn: puppettest.domain.edu ipHostNumber: W.X.Y.Z description: Test puppet client l: statcomp puppetclass: sudo puppetclass: syslog-ng
18) Add an LDAP entry for your host. YOUR-LDAP-ENTRY-FILENAME is the file created in the previous step.
$ ldapadd -h ld.domain.edu -x -D uid=12345, ou=humans, dc=domain, dc=edu -W -f YOUR-LDAP-ENTRY-FILENAME -v
If you are modifying an existing entry use this instead:
$ ldapmodify -h ld.domain.edu -x -D uid=12345, ou=humans, dc=domain, dc=edu -W -f YOUR-LDAP-ENTRY-FILENAME -v
19) Verify that your LDAP entry exists.
$ ldapsearch -h ld.domain.edu -x -b'dc=puppet'
20) From the Puppet client machine, request SSL Client Certificate from the puppetmaster.
# puppetd --server puppetmaster.domain.edu --waitforcert 60 --test --config=/sysprov/runtime/puppet/prod/puppet/master/puppet.conf
21) Login to the puppetmaster and sign the certificates
# sudo puppetca --list --config=/sysprov/runtime/puppet/prod/puppet/master/puppet.conf
Which should show: YOURHOSTNAME.domain.edu
# sudo puppetca --sign YOURHOSTNAME.domain.edu --config=/sysprov/runtime/puppet/prod/puppet/master/puppet.conf
22) On the Puppet client machine you can then start the puppetd process. If you pass in the -v and/or -d parameters (verbose and debug), then the process does not run in the background. Omit these parameters to daemonize the process.
# puppetd --server puppetmaster.domain.edu --config=/sysprov/runtime/puppet/prod/puppet/master/puppet.conf
Example Using Verbose and Debug Mode: # puppetd -v -d --server puppetmaster.domain.edu --config=/sysprov/runtime/puppet/prod/puppet/master/puppet.conf
23) That is it. You should be able to check the system log to see whether your client is receiving updates from the puppetmaster.
# tail -f /var/adm/messages Dec 17 09:06:39 cheshire puppetd[23486]: [ID 702911 daemon.notice] Starting configuration run Dec 17 09:07:00 cheshire puppetd[23486]: [ID 702911 daemon.notice] (//sudo/File/sysprov/dist/apps/sudo/ensure) created Dec 17 09:07:24 cheshire puppetd[23486]: [ID 702911 daemon.notice] (//sudo/File/sysprov/dist/apps/sudo/UCRsudo/ensure) created Dec 17 09:07:33 cheshire puppetd[23486]: [ID 702911 daemon.notice] (//sudo/Package[UCRsudo]/ensure) created Dec 17 09:07:33 cheshire puppetd[23486]: [ID 702911 daemon.notice] Finished configuration run in 54.72 seconds
