What is Puppet ?
Here, we will configure a puppet in Server/agent architecture.
Puppet Master:
Host Name: vvm01
IP Address: 192.168.2.121
Operating System: CentOS 7.6
Puppet client:
Host Name: vvm02
IP Address: 192.168.2.122
Operating System: CentOS 7.6
Host Name: vvm03
IP Address: 192.168.2.123
Operating System: Redhat 7.6
Host Name: vvm04
IP Address: 192.168.2.124
Operating System: Ubuntu 18.04
- Puppet is an open source configuration management tool that helps you to manage the configurations of hundreds of client systems from the central location.
- It can work on multiple operating systems based on Unix as well as on Microsoft Windows
- Puppet is Infrastructure management platform that allows automation of repeated tasks and it also includes its own declarative language to describe system configuration, the Puppet Language that is based on Ruby under released License of Apache.
- Puppet is arranged in a master – agent architecture. The master serves the manifests and files, and the agents poll the master at specific intervals of time to get their configuration. The master does not push anything into the client.
- Agents identify with the master using SSL, so the first time an agent tries to connect to the master, the agent certificate needs to be approved (in the default configuration), and that’s usually a source of problems.
- Puppet Master: The master server that controls configuration on the nodes
- Puppet Agent Node: A node controlled by a Puppet Master
- Manifest: a file that contains a set of instructions to be executed
- Resource: a portion of code that declares an element of the system and how its state should be changed. For instance, to install a package we need to define a package resource and ensure its state is set to “installed”
- Module: a collection of manifests and other related files organized in a pre-defined way to facilitate sharing and reusing parts of a provisioning
- Class: just like with regular programming languages, classes are used in Puppet to better organize the provisioning and make it easier to reuse portions of the code
- Facts: global variables containing information about the system, like network interfaces and operating system
- Services: used to trigger service status changes, like restarting or stopping a service
Here, we will configure a puppet in Server/agent architecture.
Puppet Master:
Host Name: vvm01
IP Address: 192.168.2.121
Operating System: CentOS 7.6
Puppet client:
Host Name: vvm02
IP Address: 192.168.2.122
Operating System: CentOS 7.6
Host Name: vvm03
IP Address: 192.168.2.123
Operating System: Redhat 7.6
Host Name: vvm04
IP Address: 192.168.2.124
Operating System: Ubuntu 18.04
Host Name: vvm05
IP Address: 192.168.2.125
Operating System: Window 2016
Prerequisites
Install NTP:
Timings of the master and client nodes should be accurately in sync with upstream time servers because the Puppet master server master will be acting as the certificate authority.
(If the time is wrong, it might mistakenly issue agent certificates from the distant past or future date, which other nodes will treat as expired.)
Install the NTP package and perform the time sync with upstream NTP servers.
[root@vvm01 ~]# yum -y install ntpdate
[root@vvm01 ~]# ntpdate 0.centos.pool.ntp.org
DNS
Puppet agent uses the hostname to communicate with the Puppet Server. So, make sure agent nodes can resolve the hostname of Puppet Server with the help of /etc/hosts file or DNS server.
[root@vvm01 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
192.168.2.121 vvm01
192.168.2.122 vvm02
192.168.2.123 vvm03
192.168.2.124 vvm04
Install Puppet Server
Puppet Server is the server software that runs on the puppet master node. Puppet master pushes the configurations to managed nodes (puppet-agent).
[root@vvm01 ~]# puppetserver ca revoke --certname vvm02
[root@vvm01 ~]# puppetserver ca clean --certname vvm02
After removing the certificate, if you want to reconnect to vvm02 to vvm01(puppet master) then follow the below steps.
1. Move the files from the below locations & rerun the test.
[root@vvm02 ~]# mv /etc/puppetlabs/puppet/ssl/private_keys/ /root/
[root@vvm02 ~]# mv /etc/puppetlabs/puppet/ssl/certs/ /root
[root@vvm02 ~]# puppet agent --test
2. Reinstall the puppet agent.
You can list all of the signed and unsigned requests with the below command.
[root@vvm01 ~]# puppetserver ca list --all
Output:
Signed Certificates:
vvm01 (SHA256) F3:6D:6A:85:84:20:90:78:C5:66:94:10:0C:10:6D:F1:6D:13:FD:99:CA:58:64:B3:68:C0:44:74:70:17:2C:C4 alt names: ["DNS:vvm01", "DNS:vvm01"]
vvm02 (SHA256) 73:99:23:4F:F0:0C:30:CA:F3:5B:7B:BE:85:8F:15:B3:F4:C7:EA:AF:E2:C4:16:82:07:CF:E5:64:F7:1B:55:D4
vvm03 (SHA256) 5E:AC:C8:BF:4F:C1:B9:1B:5E:BD:9E:90:A2:A5:D1:31:1E:B0:70:BA:01:7B:8E:0A:7D:52:2C:23:69:1B:37:AB
vvm04 (SHA256) 34:10:B0:B9:44:5D:3B:39:80:05:2D:39:0B:63:D3:E4:BC:5B:2B:D2:0C:56:6C:58:3F:49:6B:17:E5:4D:03:78
Verify Puppet Client
Once the Puppet Server has signed your client certificate, run the following command on the client machine to test it.
[root@vvm02 ~]# puppet agent --test
Output:
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Caching catalog for vvm04
Info: Applying configuration version '1583641427'
Notice: Applied catalog in 0.02 seconds
[root@vvm02 ~]#
Task-1: Create /etc/motd and /etc/issue on all the servers.
[root@vvm01 ]#vi file.pp
file {'motd': #Creation of /etc/motd file
path => '/etc/motd',
content => '###############################################################
# Welcome to CentOS-Linux
# All connections are monitored and recorded
# Disconnect IMMEDIATELY if you are not an authorized user!
###############################################################
',
}
file { '/etc/issue': ### Creation of /etc/issue file
ensure => present,
content => "\S
Kernel \r on an \m
Today is \d \t @ \n",
mode => '0644',
owner => 'root',
group => 'root',
path => $issue_file_path,
}
Task-2: Create user admin with sudo access and group localadmin on all servers.
Perform the below activity on vvm01 node.
[root@vvm01 ]# groupadd localadmin
[root@vvm01 ]# useradd -g localadmin admin
[root@vvm01 ]# passwd admin
[root@vvm01 ]# puppet resource user admin
[root@vvm01 ]# puppet resource group localadmin
[root@vvm01 ]#vi user.pp
group { 'localadmin':
ensure => 'present',
provider => 'groupadd',
}
user { 'admin':
ensure => 'present',
groups => ['localadmin'],
home => '/home/admin',
password => '$6$OzsxT9l/$lN/jt59efODN79LlzMjhRHBxsGK78iGUjHM.kfJuATNcAq01ogHV8In5Gx6UqL1xNDfFwolNwNJXtoyMlue6O0',
password_max_age => 99999,
password_min_age => 0,
password_warn_days => 7,
provider => 'useradd',
shell => '/bin/bash',
managehome => true,
}
augeas { "sudo-localadmin":
context => "/files/etc/sudoers",
changes => [
"set spec[user = 'admin']/user admin",
"set spec[user = 'admin']/host_group/host ALL",
"set spec[user = 'admin']/host_group/command ALL",
CentOS
[root@vvm01 ~]# vi facter.pp
if $::operatingsystem =='CentOS' {
notify {" Installing on CentOS" :}
}
Note: Facter command provide complete inventory of system.
Task-8: Create directory nfs_disk and mount nfs partition on all servers.
ensure => 'directory',
group => root,
owner => root,
}
mount { '/nfs_disk':
ensure => 'mounted',
atboot => false,
device => 'vm01:/nfs_share',
fstype => 'nfs',
options => 'defaults',
pass => 0,
}
To print Puppet configuration details use the below command.
[root@vvm01 ]# puppet config print all
Puppet store all the report on below location
[root@vvm01 ]# puppet config print report
true
[root@vvm01 ]# puppet config print reportdir
/opt/puppetlabs/puppet/cache/reports
Puppet store all the yaml file on below location
[root@vvm01 ~]# tail /opt/puppetlabs/server/data/puppetserver/reports/vvm04/202003141641.yaml
changed: false
out_of_sync: false
skipped: false
change_count: 0
out_of_sync_count: 0
events: []
corrective_change: false
corrective_change: false
catalog_uuid: 821d02db-fe75-4062-b3da-ea7be54449f3
cached_catalog_status: not_used
[root@vvm01 ~]#
Puppet agent command
Run puppet agent in foreground and debug mode:
#puppet agent --test --debug
Run a dry-run puppet without making any change to the system:
#puppet agent --test --noop
Run puppet using an environment different from the default one:
#puppet agent --test --environment testing
Wait for certificate approval (by default 120 seconds) in the first Puppet run (useful during automated first time installation if PuppetMaster's autosign is false):
#puppet agent --test --waitforcert 120
Resource
This command provides simple facilities for converting current system state into Puppet code, along with some ability to modify the current state using Puppet's RAL
https://puppet.com/docs/puppet/latest/type.html
[root@vvm01 ~]# /opt/puppetlabs/bin/puppet resource --types
augeas
cron
exec
file
filebucket
group
host
mount
notify
package
resources
schedule
scheduled_task
selboolean
selmodule
service
ssh_authorized_key
sshkey
stage
tidy
user
whit
yumrepo
zfs
zone
zpool
[root@vvm01 ~]#
The below video is for how to Installation and Configuration Puppet 6 Master and Client on CentOS7 with multiple examples manifests.
In the below links are for how to Installation and Configuration Puppet agent on Ubuntu and Windows
IP Address: 192.168.2.125
Operating System: Window 2016
Prerequisites
Install NTP:
Timings of the master and client nodes should be accurately in sync with upstream time servers because the Puppet master server master will be acting as the certificate authority.
(If the time is wrong, it might mistakenly issue agent certificates from the distant past or future date, which other nodes will treat as expired.)
Install the NTP package and perform the time sync with upstream NTP servers.
[root@vvm01 ~]# yum -y install ntpdate
[root@vvm01 ~]# ntpdate 0.centos.pool.ntp.org
DNS
Puppet agent uses the hostname to communicate with the Puppet Server. So, make sure agent nodes can resolve the hostname of Puppet Server with the help of /etc/hosts file or DNS server.
[root@vvm01 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
192.168.2.121 vvm01
192.168.2.122 vvm02
192.168.2.123 vvm03
192.168.2.124 vvm04
192.168.2.125 vvm05
[root@vvm01 ~]#
[root@vvm01 ~]#
Setup Puppet Repository
To install the Puppet Server/Agents, we would need to add puppet repository on all the nodes.
[root@vvm01 ~]# rpm -Uvh https://yum.puppet.com/puppet6-release-el-7.noarch.rpm
To install the Puppet Server/Agents, we would need to add puppet repository on all the nodes.
[root@vvm01 ~]# rpm -Uvh https://yum.puppet.com/puppet6-release-el-7.noarch.rpm
Install Puppet Server
Puppet Server is the server software that runs on the puppet master node. Puppet master pushes the configurations to managed nodes (puppet-agent).
Install the Puppet server using below command.
[root@vvm01 ~]# yum install -y puppetserver
Puppet server is now installed, do not start the puppet server service yet. Configure Puppet Server
Memory Allocation By default, Puppet Server JVM is configured to use 2GB of memory. You can change it, depends on how much memory available on your master node; ensure that it is enough for managing all the nodes connected to it. To change the value of memory allocation, edit the below file.
[root@vvm01 ~]# vi /etc/sysconfig/puppetserver
Change the value.
From:
JAVA_ARGS="-Xms2g -Xmx2g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"To: For 512MB, use below settings.
JAVA_ARGS="-Xms512m -Xmx512m -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"
Embedded Web Server
Puppet Server uses a Jetty-based web server embedded in the service’s JVM process. You do not need to configure or enable the web server; it works out of the box. It performs well under production-level loads.
The embedded web server’s settings can be modified in webserver.conf. You might need to edit this file if you are using an external CA or running Puppet Server on a non-standard port.
Puppet Configuration
Puppet Server does not require any configuration. You can just start the Puppet server service. It will use the default settings. If you want to change puppet master hostname, follow the below procedure.
Advanced Configurations (optional) Here, I am going to modify the Puppet Master settings for our requirement.
[root@vvm01 ~]# vi /etc/puppetlabs/puppet/puppet.conf
Place the below lines. Modify it according to your environment.
Puppet server is now installed, do not start the puppet server service yet. Configure Puppet Server
Memory Allocation By default, Puppet Server JVM is configured to use 2GB of memory. You can change it, depends on how much memory available on your master node; ensure that it is enough for managing all the nodes connected to it. To change the value of memory allocation, edit the below file.
[root@vvm01 ~]# vi /etc/sysconfig/puppetserver
Change the value.
From:
JAVA_ARGS="-Xms2g -Xmx2g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"To: For 512MB, use below settings.
JAVA_ARGS="-Xms512m -Xmx512m -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"
Embedded Web Server
Puppet Server uses a Jetty-based web server embedded in the service’s JVM process. You do not need to configure or enable the web server; it works out of the box. It performs well under production-level loads.
The embedded web server’s settings can be modified in webserver.conf. You might need to edit this file if you are using an external CA or running Puppet Server on a non-standard port.
Puppet Configuration
Puppet Server does not require any configuration. You can just start the Puppet server service. It will use the default settings. If you want to change puppet master hostname, follow the below procedure.
Advanced Configurations (optional) Here, I am going to modify the Puppet Master settings for our requirement.
[root@vvm01 ~]# vi /etc/puppetlabs/puppet/puppet.conf
Place the below lines. Modify it according to your environment.
[master]
dns_alt_names = vvm01
[main]
certname = vvm01
server = vvm01
environment = production
runinterval = 1h
Generate a root and intermediate signing CA for Puppet Server.
[root@vvm01 ~]# /opt/puppetlabs/bin/puppetserver ca setup
Output:
Generation succeeded. Find your files in /etc/puppetlabs/puppet/ssl/ca
Start and enable the Puppet Server.
[root@vvm01 ~]#systemctl start puppetserver
[root@vvm01 ~]#systemctl enable puppetserver
Firewall
The Puppet Master listens on port 8140, so configure the firewall in such way that managed nodes can connect to the master.
[root@vvm01 ~]# firewall-cmd --permanent --add-port=8140/tcp
[root@vvm01 ~]#firewall-cmd --reload
[root@vvm01 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: ssh dhcpv6-client http
ports: 8140/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@vvm01 ~]#
Install Puppet Agent
Install the puppet agent on your client using the below command.
[root@vvm02 ~]# rpm -Uvh https://yum.puppet.com/puppet6-release-el-7.noarch.rpm
[root@vvm02 ~]# yum install -y puppet-agent
Puppet agent also uses some of the default settings to connect to the master node. However, we need to edit the puppet configuration file and set puppet master information.
Set server value as per your master node name. In my case, the server is vvm01, and certname is my client hostname vvm02, vvm03 & vvm04.
[root@vvm02 ~]# vi /etc/puppetlabs/puppet/puppet.conf
[main]
certname = vvm02
server = vvm01
environment = production
runinterval = 1h
You can change the value of runinterval depends on the requirement. You can set the value in seconds (10 or 10s), minutes (10m) and hours (1h). This setting controls how long the agent should wait between the two catalog requests.
Start puppet agent on the node and make it start automatically on system boot.
[root@vvm02 ~]# /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true
Output:
Notice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running'
service { 'puppet':
ensure => 'running',
enable => 'true',
}
Repeat the procedure for vvm03 and vvm04.
dns_alt_names = vvm01
[main]
certname = vvm01
server = vvm01
environment = production
runinterval = 1h
Generate a root and intermediate signing CA for Puppet Server.
[root@vvm01 ~]# /opt/puppetlabs/bin/puppetserver ca setup
Output:
Generation succeeded. Find your files in /etc/puppetlabs/puppet/ssl/ca
Start and enable the Puppet Server.
[root@vvm01 ~]#systemctl start puppetserver
[root@vvm01 ~]#systemctl enable puppetserver
Firewall
The Puppet Master listens on port 8140, so configure the firewall in such way that managed nodes can connect to the master.
[root@vvm01 ~]# firewall-cmd --permanent --add-port=8140/tcp
[root@vvm01 ~]#firewall-cmd --reload
[root@vvm01 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: ssh dhcpv6-client http
ports: 8140/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@vvm01 ~]#
Install Puppet Agent
Install the puppet agent on your client using the below command.
[root@vvm02 ~]# rpm -Uvh https://yum.puppet.com/puppet6-release-el-7.noarch.rpm
[root@vvm02 ~]# yum install -y puppet-agent
Puppet agent also uses some of the default settings to connect to the master node. However, we need to edit the puppet configuration file and set puppet master information.
Set server value as per your master node name. In my case, the server is vvm01, and certname is my client hostname vvm02, vvm03 & vvm04.
[root@vvm02 ~]# vi /etc/puppetlabs/puppet/puppet.conf
[main]
certname = vvm02
server = vvm01
environment = production
runinterval = 1h
You can change the value of runinterval depends on the requirement. You can set the value in seconds (10 or 10s), minutes (10m) and hours (1h). This setting controls how long the agent should wait between the two catalog requests.
Start puppet agent on the node and make it start automatically on system boot.
[root@vvm02 ~]# /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true
Output:
Notice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running'
service { 'puppet':
ensure => 'running',
enable => 'true',
}
Repeat the procedure for vvm03 and vvm04.
Installing Puppet agent on Ubuntu 18.4
Follow the below steps on the agent node as you did for the master system. Puppet repository needs to present on all the agent nodes.
# wget https://apt.puppetlabs.com/puppet6-release-bionic.deb
# dpkg -i puppet6-release-bionic.deb
# apt update
Run the below command on the agent node to install the puppet agent.
# apt install -y puppet-agent
Configuring Puppet Agent on Ubuntu 18.04
Edit the puppet configuration file on the agent node.
# vi /etc/puppetlabs/puppet/puppet.conf
[main]
certname = vvm04
server = vvm01
environment = production
runinterval = 1h
Run the below command to start the puppet service. This command will also start automatically after it boots.
# /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true
Execute the below command.
# puppet agent --test
Installation puppet agent on Windows.
Update the host file. (192.168.2.121 vvm01)
c:\windows\System32\drivers\etc
Download Puppet agent puppet-agent-6.21.0-x64.msi from below link.
https://downloads.puppetlabs.com/windows/puppet6/
Start the installation and just provide puppet master server name.
From cmd line execute the below command.
# puppet agent –t
Sign Agent Node Certificate on Master Server
In an agent/master deployment, an admin must approve a certificate request coming from each node so that they can fetch the configurations. Agent nodes will request certificates for the first time if they attempt to run.
Log into the puppet master server and run below command to view outstanding requests.
[root@vvm01 ~]# puppetserver ca list
Output:
Requested Certificates:
vvm02 (SHA256) EF:BE:B3:75:00:CE:ED:99:FA:6E:FB:FB:A1:94:4B:34:B4:EF:01:B0:BE:41:74:0D:3D:2A:73:EA:15:14:FE:69
vvm03 (SHA256) 78:E8:66:A5:6D:48:27:8C:36:99:28:8A:C0:8E:2C:45:FE:D3:5D:F1:FC:EF:4C:B3:A2:06:AE:84:70:41:77:21
vvm04 (SHA256) 5B:27:6B:CD:DC:4C:64:D0:F0:86:AE:12:A9:FD:F4:3B:83:1F:D4:D3:FF:08:AC:1C:1D:F4:38:A2:2D:6C:B0:7F
Run puppet cert sign command to sign a request.
[root@vvm01 ~]#puppetserver ca sign --certname vvm02
Output:
In an agent/master deployment, an admin must approve a certificate request coming from each node so that they can fetch the configurations. Agent nodes will request certificates for the first time if they attempt to run.
Log into the puppet master server and run below command to view outstanding requests.
[root@vvm01 ~]# puppetserver ca list
Output:
Requested Certificates:
vvm02 (SHA256) EF:BE:B3:75:00:CE:ED:99:FA:6E:FB:FB:A1:94:4B:34:B4:EF:01:B0:BE:41:74:0D:3D:2A:73:EA:15:14:FE:69
vvm03 (SHA256) 78:E8:66:A5:6D:48:27:8C:36:99:28:8A:C0:8E:2C:45:FE:D3:5D:F1:FC:EF:4C:B3:A2:06:AE:84:70:41:77:21
vvm04 (SHA256) 5B:27:6B:CD:DC:4C:64:D0:F0:86:AE:12:A9:FD:F4:3B:83:1F:D4:D3:FF:08:AC:1C:1D:F4:38:A2:2D:6C:B0:7F
Run puppet cert sign command to sign a request.
[root@vvm01 ~]#puppetserver ca sign --certname vvm02
Output:
Successfully signed certificate request for vvm02
The puppet master can now communicate to the client machine and control the node.
If you have multiple signing requests from nodes, you can sign all the requests in one command.
[root@vvm01 ~]# puppetserver ca sign --all
Successfully signed certificate request for vvm02
Successfully signed certificate request for vvm03
Successfully signed certificate request for vvm04
[root@vvm01 ~]#
Sometimes, you may need to revoke the certificate of a particular node to read them back.
Replace the <hostname> with your client hostname.
The puppet master can now communicate to the client machine and control the node.
If you have multiple signing requests from nodes, you can sign all the requests in one command.
[root@vvm01 ~]# puppetserver ca sign --all
Successfully signed certificate request for vvm02
Successfully signed certificate request for vvm03
Successfully signed certificate request for vvm04
[root@vvm01 ~]#
Sometimes, you may need to revoke the certificate of a particular node to read them back.
Replace the <hostname> with your client hostname.
[root@vvm01 ~]# puppetserver ca revoke --certname vvm02
[root@vvm01 ~]# puppetserver ca clean --certname vvm02
After removing the certificate, if you want to reconnect to vvm02 to vvm01(puppet master) then follow the below steps.
1. Move the files from the below locations & rerun the test.
[root@vvm02 ~]# mv /etc/puppetlabs/puppet/ssl/private_keys/ /root/
[root@vvm02 ~]# mv /etc/puppetlabs/puppet/ssl/certs/ /root
[root@vvm02 ~]# puppet agent --test
2. Reinstall the puppet agent.
You can list all of the signed and unsigned requests with the below command.
[root@vvm01 ~]# puppetserver ca list --all
Output:
Signed Certificates:
vvm01 (SHA256) F3:6D:6A:85:84:20:90:78:C5:66:94:10:0C:10:6D:F1:6D:13:FD:99:CA:58:64:B3:68:C0:44:74:70:17:2C:C4 alt names: ["DNS:vvm01", "DNS:vvm01"]
vvm02 (SHA256) 73:99:23:4F:F0:0C:30:CA:F3:5B:7B:BE:85:8F:15:B3:F4:C7:EA:AF:E2:C4:16:82:07:CF:E5:64:F7:1B:55:D4
vvm03 (SHA256) 5E:AC:C8:BF:4F:C1:B9:1B:5E:BD:9E:90:A2:A5:D1:31:1E:B0:70:BA:01:7B:8E:0A:7D:52:2C:23:69:1B:37:AB
vvm04 (SHA256) 34:10:B0:B9:44:5D:3B:39:80:05:2D:39:0B:63:D3:E4:BC:5B:2B:D2:0C:56:6C:58:3F:49:6B:17:E5:4D:03:78
Verify Puppet Client
Once the Puppet Server has signed your client certificate, run the following command on the client machine to test it.
[root@vvm02 ~]# puppet agent --test
Output:
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Caching catalog for vvm04
Info: Applying configuration version '1583641427'
Notice: Applied catalog in 0.02 seconds
[root@vvm02 ~]#
Manifest.
Manifest is a data file which contains client configuration’s, written in Puppet’s declarative language or a Ruby DSL and saved with an extension of .pp file. (pp = puppet program)
Puppet manifest file is located at /etc/puppetlabs/code/environments/production/manifests/
Manifest is a data file which contains client configuration’s, written in Puppet’s declarative language or a Ruby DSL and saved with an extension of .pp file. (pp = puppet program)
Puppet manifest file is located at /etc/puppetlabs/code/environments/production/manifests/
1. Create the code in .pp file.
2. Validate the code using "puppet parser validate filename.pp"
3. Perform dry run "puppet agent -tv --noop" and check the result.
4. Implement it on client server using "puppet agent -t"
Task-1: Create /etc/motd and /etc/issue on all the servers.
[root@vvm01 ]#vi file.pp
file {'motd': #Creation of /etc/motd file
path => '/etc/motd',
content => '###############################################################
# Welcome to CentOS-Linux
# All connections are monitored and recorded
# Disconnect IMMEDIATELY if you are not an authorized user!
###############################################################
',
}
file { '/etc/issue': ### Creation of /etc/issue file
ensure => present,
content => "\S
Kernel \r on an \m
Today is \d \t @ \n",
mode => '0644',
owner => 'root',
group => 'root',
path => $issue_file_path,
}
Perform the below activity on vvm01 node.
[root@vvm01 ]# groupadd localadmin
[root@vvm01 ]# useradd -g localadmin admin
[root@vvm01 ]# passwd admin
[root@vvm01 ]# puppet resource user admin
[root@vvm01 ]# puppet resource group localadmin
group { 'localadmin':
ensure => 'present',
provider => 'groupadd',
}
user { 'admin':
ensure => 'present',
groups => ['localadmin'],
home => '/home/admin',
password => '$6$OzsxT9l/$lN/jt59efODN79LlzMjhRHBxsGK78iGUjHM.kfJuATNcAq01ogHV8In5Gx6UqL1xNDfFwolNwNJXtoyMlue6O0',
password_max_age => 99999,
password_min_age => 0,
password_warn_days => 7,
provider => 'useradd',
shell => '/bin/bash',
managehome => true,
}
augeas { "sudo-localadmin":
context => "/files/etc/sudoers",
changes => [
"set spec[user = 'admin']/user admin",
"set spec[user = 'admin']/host_group/host ALL",
"set spec[user = 'admin']/host_group/command ALL",
"set spec[user = 'admin']/host_group/command/tag NOPASSWD",
"set spec[user = 'admin']/host_group/command/runas_user ALL",
],
}
Task-3: Disable root login & timeout on all servers.
[root@vvm01 ]# vi ssh_login.pp
augeas { "sshd_config":
changes => [
"set /files/etc/ssh/sshd_config/PermitRootLogin no",
"set /files/etc/ssh/sshd_config/LoginGraceTime 2m",
],
}
exec { 'sshd':
command => '/usr/bin/systemctl restart sshd'
}
Task-4: Execute command using puppet manifest.
[root@vvm01 ]# vi command.pp
exec { 'date':
command => '/usr/bin/date >> /root/abc'
}
$packages = ['ftp', 'elinks', 'curl' ,'nfs-utils',]
package { $packages:
ensure => "installed"
}
Task-6: Create condition statement using "IF" and "CASE"
[root@vvm01 ]# vi condition.pp
$my_variable = 'three'
if $my_variable == 'one' {
notify {'The value of our variable is one': }
}
elsif $my_variable == 'two' {
notify {'The value of our variable is two': }
}
else {
notify {"The value of our variable is $my_variable": }
}
case $my_variable {
'one': {
notify {'The value of our variable is one by case': }
}
default : {
notify {"The value of our variable is ${my_variable} by case": }
}
}
"set spec[user = 'admin']/host_group/command/runas_user ALL",
],
}
[root@vvm01 ]# vi ssh_login.pp
augeas { "sshd_config":
changes => [
"set /files/etc/ssh/sshd_config/PermitRootLogin no",
"set /files/etc/ssh/sshd_config/LoginGraceTime 2m",
],
}
exec { 'sshd':
command => '/usr/bin/systemctl restart sshd'
}
Task-4: Execute command using puppet manifest.
[root@vvm01 ]# vi command.pp
exec { 'date':
command => '/usr/bin/date >> /root/abc'
}
Task-5: Using "FOR LOOP" to install multiple packages on servers.
[root@vvm01 ]# vi package.pp$packages = ['ftp', 'elinks', 'curl' ,'nfs-utils',]
package { $packages:
ensure => "installed"
}
Task-6: Create condition statement using "IF" and "CASE"
[root@vvm01 ]# vi condition.pp
$my_variable = 'three'
if $my_variable == 'one' {
notify {'The value of our variable is one': }
}
elsif $my_variable == 'two' {
notify {'The value of our variable is two': }
}
else {
notify {"The value of our variable is $my_variable": }
}
case $my_variable {
'one': {
notify {'The value of our variable is one by case': }
}
default : {
notify {"The value of our variable is ${my_variable} by case": }
}
}
Task-7: Create manifest using facter as variable.
[root@vvm02 ~]# facter operatingsystemCentOS
[root@vvm01 ~]# vi facter.pp
if $::operatingsystem =='CentOS' {
notify {" Installing on CentOS" :}
}
Note: Facter command provide complete inventory of system.
Task-8: Create directory nfs_disk and mount nfs partition on all servers.
[root@vvm01 ~]# vi nfs.pp
file { '/nfs_disk':ensure => 'directory',
group => root,
owner => root,
}
mount { '/nfs_disk':
ensure => 'mounted',
atboot => false,
device => 'vm01:/nfs_share',
fstype => 'nfs',
options => 'defaults',
pass => 0,
}
Task-9: Create manifest for installation and configuration of Apache on vvm02, mariadb on vvm3 and vsftp on vvm04
[root@vvm01 manifests]# cat service.pp
######## Package installation on VVM02 ###################
node 'vvm02' { # Applies only to mentioned vvm02
package { "httpd": # Install HTTPD package
ensure => present,
}
service { "httpd": # Service httpd start
ensure => running,
require => Package["httpd"], # Required httpd package to start the service
}
file { "/var/www/html/index.html": # Create index.html file.
ensure => file,
content => "Welcome to Puppet!!",
notify => Service["httpd"], # if the any change is index.html it will restart the httpd services.
replace => false, # if the any change is index.html it will not overwrite the index.html with old one.
}
exec { 'firewall-cmd':
command => '/bin/firewall-cmd --add-service http',
command => '/bin/firewall-cmd --add-service http --permanent',
}
exec { "test":
command => '/bin/echo apache2 is installed on vvm02 > /nfs_disk/vvm02_status.txt',
onlyif => '/bin/which httpd',
}
command => '/bin/firewall-cmd --add-service http',
command => '/bin/firewall-cmd --add-service http --permanent',
}
exec { "test":
command => '/bin/echo apache2 is installed on vvm02 > /nfs_disk/vvm02_status.txt',
onlyif => '/bin/which httpd',
}
}
######## Package installation on VVM03 ###################
node 'vvm03' { # Applies only to mentioned vvm03
package { "mariadb-server": # Install mariadb package
ensure => present,
}
service { "mariadb": # Service mariadb start
ensure => running,
require => Package["mariadb-server"], # Required maridb package to start the service
}
exec { "test":
command => '/bin/echo mariadb-server is installed on vvm03 > /nfs_disk/vvm03_status.txt',
onlyif => '/bin/which mysql',
}
}
######## Package installation on VVM04 ###################
node 'vvm04' { # Applies only to mentioned vvm02
package { "vsftpd": # Install vsftpd package
ensure => present, #
}
service { "vsftpd": # Service vsftpd start
ensure => running,
require => Package["vsftpd"], # Required vsftpd package to start the service
}
exec { 'firewall-cmd':
command => '/bin/firewall-cmd --add-service ftp',
command => '/bin/firewall-cmd --add-service ftp --permanent',
}
}
[root@vvm01 manifests]#
Task-10: Install and configure NTP Client on all nodes using modules
[root@vvm01 modules]# pwd
/etc/puppetlabs/code/environments/production/modules
Create the below directory
[root@vvm01 modules]# mkdir -p ntpconfig/{files,templates,manifests}
[root@vvm01 modules]# tree ntpconfig/
ntpconfig/
├── files
│ └── ntp.conf
├── manifests
│ └── init.pp
└── templates
3 directories, 2 files
Create the below file ntp.conf
[root@vvm01 modules]# cat ntpconfig/files/ntp.conf
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
server vvm01
driftfile /var/lib/ntp/drift
keys /etc/ntp/keys
Create the below file manifest
[root@vvm01 modules]# cat ntpconfig/manifests/init.pp
class ntpconfig {
service { 'ntpd': # Start NTP Service
ensure => running,
require => [ # Required ntp packages and configuration file
Package['ntp'],
File['/etc/ntp.conf'],
],
}
package { 'ntp':
ensure => present,
before => Service['ntpd'], # Before starting the server check ntp package.
}
file { '/etc/ntp.conf': # It will copy the ntp.conf file to client server.
ensure => file,
mode => '0600',
source => 'puppet:///modules/ntpconfig/ntp.conf',
before => Service['ntpd'],
}
}
class ntpconfig {
service { 'ntpd': # Start NTP Service
ensure => running,
require => [ # Required ntp packages and configuration file
Package['ntp'],
File['/etc/ntp.conf'],
],
}
package { 'ntp':
ensure => present,
before => Service['ntpd'], # Before starting the server check ntp package.
}
file { '/etc/ntp.conf': # It will copy the ntp.conf file to client server.
ensure => file,
mode => '0600',
source => 'puppet:///modules/ntpconfig/ntp.conf',
before => Service['ntpd'],
}
}
Main manifest file to call NTP module
Note: Do not install on vvm01 servers since it NTP master.
[root@vvm01 modules]# vi /etc/puppetlabs/code/environments/production/manifests/ntp.pp
if $::hostname != "vvm01" {
include ntpconfig
}
[root@vvm01 modules]#
Task-11: Create LVM Partition on VVM03 Servers
[root@vvm01 modules]# puppet module install puppetlabs-lvm
[root@vvm01 modules]# cd /etc/puppetlabs/code/environments/production/modules/lvm/manifests/
[root@vvm01 modules]# mv init.pp init.pp-old
[root@vvm01 modules]# vi init.pp
class lvm {
lvm::volume { 'app-lv01':
ensure => present,
vg => 'app-vg01',
pv => '/dev/sdb',
fstype => 'xfs',
size => '1G',
}
lvm::volume { 'app-lv02':
ensure => present,
vg => 'app-vg01',
pv => '/dev/sdb',
fstype => 'xfs',
size => '1G',
}
}
[root@vvm01 modules]# cd /etc/puppetlabs/code/environments/production/manifests
[root@vvm01 modules]# vi vvm03.pp
node vvm03 {
include lvm
file { '/app_disk1':
ensure => 'directory',
group => root,
owner => root,
}
file { '/app_disk2':
ensure => 'directory',
group => root,
owner => root,
}
mount { '/app_disk1':
ensure => 'mounted',
atboot => false,
device => '/dev/app-vg01/app-lv01',
fstype => 'xfs',
options => 'defaults',
pass => 0,
}
mount { '/app_disk2':
ensure => 'mounted',
atboot => false,
device => '/dev/app-vg01/app-lv02',
fstype => 'xfs',
options => 'defaults',
pass => 0,
}
}
[root@vvm01 modules]#
Task-12: Check LVM Partition and extend if required on VVM03 Servers.
[root@vvm01 modules]# vi disk-check.pp
node vvm03 {
$total = $mountpoints['/app_disk1']['size_bytes']
$used = $mountpoints['/app_disk1']['used_bytes']
$free = ( ($used * 100 ) / $total )
if $free > 85 {
notify {'Disk utilization is above threshold': }
lvm::volume { 'app-lv01':
ensure => present,
vg => 'app-vg01',
pv => '/dev/sdb',
fstype => 'xfs',
size => '1G',
}
}
else {
notify {"Disk utilization if ok ": }
}
}
[root@vvm01 modules]#
Task-13: Installation of the web server on different OS
[root@vvm01 ~]#vi web-package.pp
if $::operatingsystem == 'CentOS' {
package { httpd:
ensure => latest
}
}
if $::operatingsystem == ‘RedHat’ {
package { httpd:
ensure => latest
}
}
if $::operatingsystem == 'Ubuntu' {
package { apache2:
ensure => latest
}
}
if $::operatingsystem == 'windows' {
notify {'This Windows and working on IIS is in progress': }
}
}
[root@vvm01 ~]#
Task-14: Update host file on Windows servers (c:\windows\System32\drivers\etc).
[root@pup01 manifests]# cat win-host.pp
if $::osfamily =='windows' {
host { 'ans01.darole.org' :
ensure => present,
host_aliases => [ 'ans01.darole.org' ],
ip => '172.16.1.223'
}
}
if $::osfamily =='windows' {
host { 'ans01.darole.org' :
ensure => present,
host_aliases => [ 'ans01.darole.org' ],
ip => '172.16.1.223'
}
}
Task-15: Start zabbix server in windows servers.
[root@pup01 manifests]# cat win-service.pp
if $::osfamily =='windows' {
service { 'TermService':
ensure=> running,
enable => true,
}
service { 'Zabbix Agent':
ensure=> running,
enable => true,
}
}
[root@pup01 manifests]#
if $::osfamily =='windows' {
service { 'TermService':
ensure=> running,
enable => true,
}
service { 'Zabbix Agent':
ensure=> running,
enable => true,
}
}
[root@pup01 manifests]#
Task-16: Create new file in windows servers.
[root@pup01 manifests]# cat win-file.pp
if $::osfamily =='windows' {
file { 'c:\puppet-file.txt':
ensure => file,
owner => 'Administrator',
group => 'Users',
mode => '0644',
content =>
'################################################################
# Welcome to Darole.org #
# All Connection are monitored and recorded #
# Disconnect IMMEDIATELY if you are not an authorized user !!! #
################################################################ ',
}
}
[root@pup01 manifests]#
if $::osfamily =='windows' {
file { 'c:\puppet-file.txt':
ensure => file,
owner => 'Administrator',
group => 'Users',
mode => '0644',
content =>
'################################################################
# Welcome to Darole.org #
# All Connection are monitored and recorded #
# Disconnect IMMEDIATELY if you are not an authorized user !!! #
################################################################ ',
}
}
[root@pup01 manifests]#
Task-17: Add Facter values to vvm02
[root@vvm02 ~]#export FACTER_enviroment="production"
[root@vvm02 ~]#
[root@vvm02 ~]# facter enviroment
production
[root@vvm02 ~]#
[root@vvm01 ]# puppet config print all
Puppet store all the report on below location
[root@vvm01 ]# puppet config print report
true
[root@vvm01 ]# puppet config print reportdir
/opt/puppetlabs/puppet/cache/reports
Puppet store all the yaml file on below location
[root@vvm01 manifests]# puppet config print yamldir
/opt/puppetlabs/server/data/puppetserver/yaml[[root@vvm01 ~]# ls /opt/puppetlabs/server/data/puppetserver/reports/vvm04
202003141541.yaml 202003141641.yaml[root@vvm01 ~]# tail /opt/puppetlabs/server/data/puppetserver/reports/vvm04/202003141641.yaml
changed: false
out_of_sync: false
skipped: false
change_count: 0
out_of_sync_count: 0
events: []
corrective_change: false
corrective_change: false
catalog_uuid: 821d02db-fe75-4062-b3da-ea7be54449f3
cached_catalog_status: not_used
[root@vvm01 ~]#
Run puppet agent in foreground and debug mode:
#puppet agent --test --debug
Run a dry-run puppet without making any change to the system:
#puppet agent --test --noop
Run puppet using an environment different from the default one:
#puppet agent --test --environment testing
Wait for certificate approval (by default 120 seconds) in the first Puppet run (useful during automated first time installation if PuppetMaster's autosign is false):
#puppet agent --test --waitforcert 120
Resource
This command provides simple facilities for converting current system state into Puppet code, along with some ability to modify the current state using Puppet's RAL
https://puppet.com/docs/puppet/latest/type.html
[root@vvm01 ~]# /opt/puppetlabs/bin/puppet resource --types
cron
exec
file
filebucket
group
host
mount
notify
package
resources
schedule
scheduled_task
selboolean
selmodule
service
ssh_authorized_key
sshkey
stage
tidy
user
whit
yumrepo
zfs
zone
zpool
[root@vvm01 ~]#
The below command will provide you detail parameter of user resource.
[root@vvm01 modules]# puppet describe user
The below command will provide you detail of user vdarole exist on server vvm02
[root@vvm02 ~]# puppet resource user vdarole
user { 'vdarole':
ensure => 'present',
gid => 1000,
home => '/home/vdarole',
password => '$6$PPrVOJSt$ELwTKHKzLnV7YFDHqs4ZxPWo1lDvrDRmmU92JfV326qWiyqtjEI/gXBFUdLi/jTkV3tpD79BqHfNERgP3DVy2/',
password_max_age => 99999,
password_min_age => 0,
password_warn_days => 7,
provider => 'useradd',
shell => '/bin/bash',
uid => 1000,
}
The below command will provide you detail of configuration file exist on server vvm02
[root@vvm02 ~]# puppet resource file /etc/httpd/conf/httpd.conf
file { '/etc/httpd/conf/httpd.conf':
ensure => 'file',
content => '{md5}f5e7449c0f17bc856e86011cb5d152ba',
ctime => '2020-03-10 21:53:38 +0530',
group => 0,
mode => '0644',
mtime => '2019-08-06 19:14:34 +0530',
owner => 0,
provider => 'posix',
selrange => 's0',
selrole => 'object_r',
seltype => 'httpd_config_t',
seluser => 'system_u',
type => 'file',
}
The below command will provide you detail of service running on server vvm02
[root@vvm02 ~]# puppet resource service httpd
service { 'httpd':
ensure => 'running',
enable => 'false',
provider => 'systemd',
}
[root@vvm02 ~]#
The below command will provide you detail of package http on server vvm02
[root@vvm02 ~]# puppet resource package httpd
package { 'httpd':
ensure => '2.4.6-90.el7.centos',
provider => 'yum',
}
The below command will provide you detail of user vdarole exist on server vvm02
[root@vvm02 ~]# puppet resource user vdarole
user { 'vdarole':
ensure => 'present',
gid => 1000,
home => '/home/vdarole',
password => '$6$PPrVOJSt$ELwTKHKzLnV7YFDHqs4ZxPWo1lDvrDRmmU92JfV326qWiyqtjEI/gXBFUdLi/jTkV3tpD79BqHfNERgP3DVy2/',
password_max_age => 99999,
password_min_age => 0,
password_warn_days => 7,
provider => 'useradd',
shell => '/bin/bash',
uid => 1000,
}
The below command will provide you detail of configuration file exist on server vvm02
[root@vvm02 ~]# puppet resource file /etc/httpd/conf/httpd.conf
file { '/etc/httpd/conf/httpd.conf':
ensure => 'file',
content => '{md5}f5e7449c0f17bc856e86011cb5d152ba',
ctime => '2020-03-10 21:53:38 +0530',
group => 0,
mode => '0644',
mtime => '2019-08-06 19:14:34 +0530',
owner => 0,
provider => 'posix',
selrange => 's0',
selrole => 'object_r',
seltype => 'httpd_config_t',
seluser => 'system_u',
type => 'file',
}
The below command will provide you detail of service running on server vvm02
[root@vvm02 ~]# puppet resource service httpd
service { 'httpd':
ensure => 'running',
enable => 'false',
provider => 'systemd',
}
[root@vvm02 ~]#
The below command will provide you detail of package http on server vvm02
[root@vvm02 ~]# puppet resource package httpd
package { 'httpd':
ensure => '2.4.6-90.el7.centos',
provider => 'yum',
}
The below video is for how to Installation and Configuration Puppet 6 Master and Client on CentOS7 with multiple examples manifests.
In the below links are for how to Installation and Configuration Puppet agent on Ubuntu and Windows
In this video, I had covered how to install LVM module and use it for disk management.
Windows agent installation
https://downloads.puppetlabs.com/windows/puppet6/index.html
puppet resource service puppet ensure=running enable=true
puppet agent --test
Puppet Agent installation script.
[root@zap01 ~]# cat puppet-installation.sh
#!/bin/bash
# Purpose: Puppet Agent Installation script.
# Version: 1.0
# Created Date: 8-Aug-2022
# Modified Date:
# Author : Vallabh Darole
echo "### Install puppet repository ###"
rpm -Uvh https://yum.puppet.com/puppet6-release-el-7.noarch.rpm
echo "### Install puppet agent ###"
yum install -y puppet-agent
echo "### Update the configuration file ###"
cat > /etc/puppetlabs/puppet/puppet.conf <<EOF
[main]
certname = `hostname`
server = pup01
environment = production
runinterval = 1h
EOF
echo "### Starting and Enabling puppet agent ###"
/opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true
sleep 3
echo "### Registering the puppet agent ###"
/opt/puppetlabs/bin/puppet agent --test
[root@zap01 ~]#
suse01:~ # cat suse-puppet-installation.sh
#!/bin/bash
# Purpose: Puppet Agent Installation script for suse-15.
# Version: 1.0
# Created Date: 8-Aug-2022
# Modified Date:
# Author : Vallabh Darole
### Install puppet repository ###
rpm -Uvh https://yum.puppet.com/puppet6-release-sles-15.noarch.rpm
### Install puppet agent ###
zypper install puppet-agent -y
### Update the configuration file ###
cat > /etc/puppetlabs/puppet/puppet.conf <<EOF
[main]
certname = `hostname`
server = pup01
environment = production
runinterval = 1h
EOF
### Starting and Enabling puppet agent ###
/opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true
### Registering the puppet agent ###
/opt/puppetlabs/bin/puppet agent --test
suse01:~ #
root@wpress01:~# cat ubuntu-puppet-agent-installation.sh
#!/bin/bash
# Purpose: Puppet Agent Installation script for Ubuntu 18.
# Version: 1.0
# Created Date: 8-Aug-2022
# Modified Date:
# Author : Vallabh Darole
### Install puppet repository ###
wget https://apt.puppetlabs.com/puppet6-release-bionic.deb
dpkg -i puppet6-release-bionic.deb
apt update
### Install puppet agent ###
apt install -y puppet-agent
### Update the configuration file ###
cat > /etc/puppetlabs/puppet/puppet.conf <<EOF
[main]
certname = `hostname`
server = pup01
environment = production
runinterval = 1h
EOF
### Starting and Enabling puppet agent ###
/opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true
### Registering the puppet agent ###
/opt/puppetlabs/bin/puppet agent --test
root@wpress01:~#
Create user ansible with password less login
Create user ansible on ansible server
[root@ans01 ]# useradd --uid 4001 ansible
Set password to ansible user.
[root@ans01 ]# passwd ansible
Copy the password of ansible user from shadow file.
[root@ans01 ]# cat /etc/shadow | grep ansible
Generate authorized key for ansible user.
[ansible@ans01 ~]$ ssh-keygen
Create module for authorized_keys (below file stucture) in module folder (/etc/puppetlabs/code/environments/production/module)
[root@pup01 ansfile]# tree
.
├── files
│ └── authorized_keys
└── manifests
└── init.pp
Copy the authorized_keys to below location
[root@pup01 modules]# cat ansfile/files/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDkUVQI3Agc/zbgkeU6MhdtboeuJc3jdU9Y9ONWHa8oOuMGjR/DP5MrQ+Ce5noZBpr1xLvMSIQIA0TeDnJHe+Kg8afi5P1kdfYD11II6YZqDZcBmbEtY7lHl6zCsZJiublFwW2bidHZp0e1sifNceV9MJYXQy9jpzUswyRyLFUq6uYizGkYxcKJoegBT18pEO0638KkJ2EaXbJwhl9Edc5K17fE0r1oqgzzBgeqeREO+mkpskPxy8aCp1xivyPu6ZArzfd0Ri5toLAsnADohJEi0Ku313UbvgjsOjxjr1z783xgBpu3qcBFq0cL3GpH/ZYaCvQogs3yfJHFj6WoBkR/ ansible@ans01.darole.org
Write below manifest for coping the authorized_keys in module directory
[root@pup01 modules]# cat ansfile/manifests/init.pp
class ansfile {
file {'/home/ansible/.ssh/authorized_keys':
ensure => file,
source => 'puppet:///modules/ansfile/authorized_keys',
owner => 'ansible',
group => 'ansible',
mode => '0600',
}
}
[root@pup01 modules]#
Write the main manifests in to create ansible user with password-less login on all Linux servers
[root@pup01 manifests]# cat user-creation.pp
if $::kernel =='Linux' {
user { 'ansible':
ensure => 'present',
home => '/home/ansible',
password => '$6$Xqu9Qn5Q$Srxo5qVd7NxVtA.U/WtXaktHYXRB5YZIlctuho8L85DkX0bTzL/KdB0GfessD4QCsjfUfZFFFbGadRjtlokWt0',
password_max_age => 99999,
password_min_age => 0,
password_warn_days => 7,
provider => 'useradd',
shell => '/bin/bash',
uid => 4001,
managehome => true
}
augeas { "sudo-ansible":
context => "/files/etc/sudoers",
changes => [
"set spec[user = 'ansible']/user ansible",
"set spec[user = 'ansible']/host_group/host ALL",
"set spec[user = 'ansible']/host_group/command ALL",
"set spec[user = 'ansible']/host_group/command/runas_user ALL",
"set spec[user = 'ansible']/host_group/command/tag NOPASSWD",
],
}
file { '/home/ansible/.ssh/':
ensure => 'directory',
group => 4001,
owner => 4001,
mode => '0600',
}
include ansfile
}
Write the main manifests to create password-less login
In the below example we have to copy the ssh-key of ansible user to vallabh user on web02.
[root@web01 ~]#cat beta.pp
$public_key = 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCsl1x5Up1D/J3wynXEQPMPyMNsEXXnH0h2OtPZklzZdSBpiYZAbIP0Ou8zknzDtM77sbEDWnr0ASCQlJskXPoXIHE7Ls1Da8GNskuODbmOXrXZ7KChApE6UrjnLVKWfEi9WJn7x5MeUDwDSx2/5u8sEw7ALqpMU14tK1aGvKXnfYxh1GDXMA1Ln49ylHOFDc5A1I5h1mf+HoqEVEuDX1xrAeBHtXCCwtuVdTIG5SRN+xkPYmIbJInV9yGOp0Z2k2VJd0SBLwMmnX8XX9iyu5uoBPy7Ne5i9LTMuWZ5XlmfT3RhFsYlNj46Gu8O0xY5M0UhiQPCQjKd4Qdx4hHhccvd'
class ssh_node1 {
ssh_authorized_key { 'ansible@web01':
ensure => present,
user=> 'vallabh',
type => 'ssh-rsa',
key => $public_key ,
}
}
node web02 {
include ssh_node1
}
[root@web01 ~]#
https://hostadvice.com/how-to/how-to-deploy-iis-and-asp-net-with-the-puppet-module/
https://www.ipswitch.com/blog/managing-windows-with-puppet
https://www.ipswitch.com/blog/running-powershell-scripts-in-puppet
No comments:
Post a Comment