Introduction
Installation of the Puppet infrastructure onto a client machine requires a number of prerequisites to be met first. This procedure outlines the installation process for these prerequisites and ultimately Puppet itself on the Solaris 10 platform. Note: This guide assumes that LDAPNodes is being used for node storage. If not, omit any steps that relate to LDAP and do whatever is needed for your node storage mechanism of choice.
All Blastwave packages are installed under: /opt/csw
Procedure
1) Install Blastwave Support
# pkgadd -d http://www.blastwave.org/pkg_get.pkg
2) Verify that the pkg-get configuration file is configured for your region
3) Install the complete wget package
# /opt/csw/bin/pkg-get -i wget
4) Configure pkg-get to support automation.
# cp -p /var/pkg-get/admin-fullauto /var/pkg-get/admin
5) Now we are going to install gnupg and an md5 utility so that we can do some security validation of Blastwave packages.
# /opt/csw/bin/pkg-get -i gnupg textutils
6) Next we will copy the Blastwave PGP public key to the local host.
# /opt/csw/bin/wget --output-document=pgp.key http://www.blastwave.org/mirrors.html
Which should result in output like this:
--10:39:55-- http://www.blastwave.org/mirrors.html
=> `pgp.key'
Resolving www.blastwave.org... 131.188.30.245 Connecting to www.blastwave.org[131.188.30.245]:80... connected. HTTP request sent, awaiting response... 200 OK Length: 16,060 [text/html]
100%[====================================>] 16,060 52.41K/s
10:39:56 (52.33 KB/s) - `pgp.key' saved [16060/16060]
7) Next we will import the PGP key that we just copied.
# gpg --import pgp.key
8) Verify that the following two lines in /opt/csw/etc/pkg-get.conf are COMMENTED OUT.
#use_gpg=false #use_md5=false
9) Install the Ruby software (CSWruby) from Blastwave.
# /opt/csw/bin/pkg-get -i ruby
Note: This will also install any Ruby prerequisites.
10) Install the Ruby Gems? software (CSWrubygems) from Blastwave.
# /opt/csw/bin/pkg-get -i rubygems
11) Add /opt/csw/bin and /opt/csw/sbin to the root user's PATH.
12) Install Reductive Labs facter gem package using the Ruby Gem? installation tool.
# gem install facter
13) Install Reductive Labs Puppet gem package using the Ruby Gem? installation tool. The current STABLE version is: 0.23.2.
# gem install puppet --version '0.23.2'
14) Create the puppet user and group:
Info for /etc/passwd: puppet:x:35001:35001:puppet user:/home/puppet:/bin/sh
Info for /etc/shadow: puppet:*LK*:::::::
Info for /etc/group: puppet::35001:
15) Create the following core directories and set the permissions:
# mkdir -p /sysprov/dist/apps /sysprov/runtime/puppet/prod/puppet/master # chown -R puppet:puppet /sysprov/dist /sysprov/runtime
16) Grab this sample puppet.conf file and modify the attributes listed below. Copy the modified file to the /sysprov/runtime/puppet/prod/puppet/master directory on your host.
17) Create a file containing the new LDAP entry information for your host. In this file you specify the Puppet class membership which is what Puppet uses to determine which configuration(s) to use on your host. In the example below, the device is a member of the sudo and syslog-ng classes. This means that whenever the puppetd process is running on your host, it will periodically check with the puppetmaster to see whether its configuration is out of date and apply the configuration for a machine in the sudo and syslog-ng puppet classes. Likewise, if you later modify the LDAP entry to include another puppetclass entry or remove an existing entry, the puppetmaster will apply that configuration instead.
Note: You should specify the fully qualified domain name. Puppet will compare this value to the SSL certificate to ensure a match. If you use a non-FQDN, you are going to run into issues.
# puppettest dn: cn=puppettest.domain.edu,ou=Hosts,dc=puppet objectClass: device objectClass: ipHost objectClass: puppetClient objectClass: top cn: puppettest.domain.edu ipHostNumber: W.X.Y.Z description: Test puppet client l: statcomp puppetclass: sudo puppetclass: syslog-ng
18) Add an LDAP entry for your host. YOUR-LDAP-ENTRY-FILENAME is the file created in the previous step.
$ ldapadd -h ld.domain.edu -x -D uid=12345, ou=humans, dc=domain, dc=edu -W -f YOUR-LDAP-ENTRY-FILENAME -v
If you are modifying an existing entry use this instead:
$ ldapmodify -h ld.domain.edu -x -D uid=12345, ou=humans, dc=domain, dc=edu -W -f YOUR-LDAP-ENTRY-FILENAME -v
19) Verify that your LDAP entry exists.
$ ldapsearch -h ld.domain.edu -x -b'dc=puppet'
20) From the Puppet client machine, request SSL Client Certificate from the puppetmaster.
# puppetd --server puppetmaster.domain.edu --waitforcert 60 --test --config=/sysprov/runtime/puppet/prod/puppet/master/puppet.conf
21) Login to the puppetmaster and sign the certificates
# sudo puppetca --list --config=/sysprov/runtime/puppet/prod/puppet/master/puppet.conf
Which should show: YOURHOSTNAME.domain.edu
# sudo puppetca --sign YOURHOSTNAME.domain.edu --config=/sysprov/runtime/puppet/prod/puppet/master/puppet.conf
22) On the Puppet client machine you can then start the puppetd process. If you pass in the -v and/or -d parameters (verbose and debug), then the process does not run in the background. Omit these parameters to daemonize the process.
# puppetd --server puppetmaster.domain.edu --config=/sysprov/runtime/puppet/prod/puppet/master/puppet.conf
Example Using Verbose and Debug Mode: # puppetd -v -d --server puppetmaster.domain.edu --config=/sysprov/runtime/puppet/prod/puppet/master/puppet.conf
23) That is it. You should be able to check the system log to see whether your client is receiving updates from the puppetmaster.
# tail -f /var/adm/messages Dec 17 09:06:39 cheshire puppetd[23486]: [ID 702911 daemon.notice] Starting configuration run Dec 17 09:07:00 cheshire puppetd[23486]: [ID 702911 daemon.notice] (//sudo/File/sysprov/dist/apps/sudo/ensure) created Dec 17 09:07:24 cheshire puppetd[23486]: [ID 702911 daemon.notice] (//sudo/File/sysprov/dist/apps/sudo/UCRsudo/ensure) created Dec 17 09:07:33 cheshire puppetd[23486]: [ID 702911 daemon.notice] (//sudo/Package[UCRsudo]/ensure) created Dec 17 09:07:33 cheshire puppetd[23486]: [ID 702911 daemon.notice] Finished configuration run in 54.72 seconds
