Build a manageable server infrastructure with Puppet (1)

I have passed the Bó Lè translator a puppet concise tutorial, divided into four parts, this is the first part.

Original address: http://blog.jobbole.com/87679/

This article by Bole Online-Wing translation, Huang Li-min school draft. without permission, no reprint!
English Source: Manue Kiessling. Welcome to join the translation team.

About Puppet

Puppet is a centralized configuration management system for Linux, Unix, and Windows platforms, using its own Puppet description language to manage profiles, users, cron tasks, packages, system services, and more. Puppet these system entities as resources, which are designed to simplify the management of these resources and to properly handle the dependencies between resources.

In this series, the author provides a comprehensive, actionable tutorial to step through the use of Puppet to build a centrally managed Linux server infrastructure.

Target Audience

I believe a class of Linux system administrators will reap the most from this series of tutorials, who are already managing a small-scale network of server systems, wondering how to expand their existing infrastructure, and the time and effort to manage new systems will not be proportional to the number of new systems. Perhaps you are currently managing 5 server systems, and you can ask yourself if there is a better way to manage 50 server systems without additional staffing. Or you've heard of centralized configuration management and puppet, and are eager to try.

Prerequisite

If your computer has a Linux, Windows, or MAC OS X desktop operating system, you have at least 4G of memory, 16G of free disk space, and the CPU can run virtual machines, that's enough. All the information you have to do and need, I will explain it to you in this series of courses.

Begin

I don't have to convince you to use puppet to implement tool-based configuration management, and since you can read it here, you probably already want to use it, so let's start right away.

I promise this is an easy-to-use comprehensive tutorial, so we need to prepare an environment so that we can not only talk about using puppet, but also be able to create a small but real server infrastructure in which we run a puppet server, It will manage a puppet client. In other words, we need two Linux virtual machines.

In this tutorial, I would like to use the two Ubuntu 12.04 LTS precise pangolin system, just because I have the most experience with this Linux distribution. If you use an updated version of Ubuntu or Debian 7.0 Wheezy, the steps described here should not be very different.

The first thing we need to do is download the installation VirtualBox from the Oracle website. This is a free virtual machine management software that we can use to run the two virtual Ubuntu systems mentioned above. When writing this tutorial, VirtualBox's latest release is 4.3.8-92456, you can go to http://download.virtualbox.org/virtualbox/4.3.8/and then download it according to the operating system you use. Virtualbox-4.3.8-92456-win.exe, virtualbox-4.3.8-92456-osx.dmg, or Virtualbox-4.3.8-92456-linux_amd64.run. Once the download is complete, you can install it using the default options.

Once the VirtualBox is installed on your PC, you will need to download the installation media for Ubuntu 12.04 LTS 64-bit server version, you can go to http://releases.ubuntu.com/12.04/and select 64-bit PC (AMD64) server install CD link to download, we will use this ISO to install two virtual machines.

Once the ISO file has been completely downloaded to your computer, you can open VirtualBox and select New ... from the Machine menu .

We started to install the virtual machine, which was treated as a puppet server, so in the pop-up window, we set the name of the virtual machine to puppetserver. Next, set the Type to Linux and set Version to Ubuntu (64bit). Setting the memory size to 512M is sufficient. Let VirtualBox create a hard disk file for the virtual machine (it is sufficient to set the size to 8G).

Now you are ready to launch the newly created virtual machine. VirtualBox will ask you for the installation media, where you will need to point to the path to the Ubuntu ISO file that you have already downloaded.

VirtualBox will start the virtual machine and boot into the Ubuntu installation CD, select English as the language used during the installation process, and then select Install ubuntu Server to continue the installation.

During the installation process, you should make the following settings:

• Language: 中文版
• Country: Choose Your country
• Locale:en_US. UTF-8
• Keyboard: Choose the keyboard layout that best suits your needs
• Default User:ubuntu, password ubuntu
• Encrypt home directory:No
• Time zone: Select your time zone
• Partition:guided–use entire Disk
• When asked what packages need to be installed, select only OpenSSH server.
• Installing grub into the MBR
• Set the system clock to UTC
• Do not install security updates automatically.

Once the first virtual machine is installed, start it and enter it. Then we create a second virtual machine, which is our puppet client. You can refer to the process of installing the first virtual machine, but there is one exception: in the process of installing Ubuntu in VirtualBox, the name of the second VM is set to puppetclientinstead of puppetserver .

After the installation is complete, you can start and enter the second virtual machine as you would the first virtual machine. At this point you will see two VirtualBox windows, all running Ubuntu 12.04, prompting you to enter the login information. Next, we need to do some configuration on the VirtualBox, so you need to log in to two virtual machines (username:ubuntu, Password:ubuntu) and then via the command sudo poweroff To close them.

Internet

Because we are building a puppet server and client, these two virtual machines need to communicate with each other over the network. At the same time, it would be convenient to be able to connect to both VMS from our own computer, so that we can connect to the virtual machine via SSH instead of a small, hard-to-use VirtualBox console. Finally, it is important that the two virtual machines need to be able to connect to the Internet so that the software can be installed.

To achieve this, we need two virtual networks, a host-only network, and a NAT network. Each of the two virtual machines requires two Ethernet adapters, where eth0 is used to connect to the host-only Network andeth1 is used to connect to a NAT network.

The host-only network allows both virtual machines to connect to each other, and allows us to connect to both virtual machines using our own computers. The NAT Network allows the two virtual machines to access the Internet.

The VirtualBox itself has established these two types of networks. Select File , Preference, and then Locate Network, where the NAT Networks tab does not list any networks, But there is always an available network, so we don't need to configure one additional. Then switch to the host-only Networks tab. We need to make sure that a network called vboxnet0 is available. Click on the small screwdriver icon next to the list, in the popup window, you need to confirm that the configuration of Adapter and DHCP Server is as follows.

In the host-only Network, our own computer's IP address is automatically set to 192.168.56.1, our puppetserver virtual machine should be set to 192.168.56.2, The Puppetclient virtual machine should be set to 192.168.56.3.

To do this, we need to open the Settings dialog in two virtual machines, locate the Network, and bind Adapter 1 to host-only Adapter, and set Name to vboxnet0. Then bind Adapter 2 to Nat(Note: not nat Network!) ）。 These configurations must be consistent on both virtual machines.

Now launch two virtual machines and log in to the system using Ubuntu user information. We need to edit the /etc/network/interfaces file within two virtual machines to configure the network interface. For puppetserver , the file is as follows.

/etc/network/interfaces on Puppetserver

12345678910

auto loiface lo inet loopbackauto eth0iface eth0 inet static    address 192.168.56.2    netmask 255.255.255.0auto eth1iface eth1 inet dhcp

For puppetclient , the file is as follows.

/etc/network/interfaces on Puppetclient

12345678910

auto Lo iface Lo inet loopback  auto eth0 iface eth0 inet static      address 192.168 56.3      netmask 255.255 255.0  auto eth1 iface eth1 inet dhcp

As you can see, the only difference in the configuration of these two virtual machines is the IP address. With the configuration above, our virtual machines can access the internet via eth1 and access each other through the static IP addresses set in the eth0 .

In the final step, we need to put the names of the two VMs in the hosts file of the two virtual machines so that we can access them by name instead of by IP address. The contents of the etc/hosts file on the puppetserver virtual machine are as follows.

/etc/hosts on Puppetserver

12345678910

127.0.0.1localhost127.0.1.1puppetserver192.168.56.3puppetclient# The following lines are desirable for IPv6 capable hosts::1ip6-localhost ip6-loopbackfe00::0 ip6-localnetff00::0 ip6-mcastprefixff02::1 ip6-allnodesff02::2 ip6-allrouters

The contents of the /etc/hosts file on the puppetclient virtual machine are as follows.

/etc/hosts on Puppetclient

12345678910

127.0.0.1localhost127.0.1.1puppetclient192.168.56.2puppetserver# The following lines are desirable for IPv6 capable hosts::1ip6-localhost ip6-loopbackfe00::0 ip6-localnetff00::0 ip6-mcastprefixff02::1 ip6-allnodesff02::2 ip6-allrouters

After restarting two virtual machines, you should be able to successfully run the ping puppetclient command from the puppetserver virtual machine, which in turn can be puppetclient The virtual machine is successfully connected to the puppetserver virtual machine, and you should be able to successfully run ping 192.168.56.2 and ping 192.168.56.3on your computer.

Build Puppet Server

Now that we have built a virtual machine for the puppet server and the puppet client, Ubuntu is installed on the virtual machine, and the network is configured and running, we can start building the puppet server system.

The Ubuntu Software Library gives us everything you need to make the server system a puppet server, and we don't need to install any software manually or operate an external package.

In order to install the necessary packages, we need to log on to the puppetserver virtual machine using Ubuntu users and then run the following command.

On the Puppetserver VM

12	~# <strong>sudo apt-getupdate~# <strong>sudo apt-getinstall puppetmaster

We don't need to do any other steps, now the puppet server can be run with a reasonable default configuration.

Build Puppet Client

Establishing a Puppet client (or using a puppet term, proxy ) and running it on a puppetclient virtual machine is not much different from establishing a puppet server. First we need to install the puppet client package.

On the Puppetclient VM

12	~# sudo apt-getupdate~# sudo apt-getinstall puppet

Then we need to edit the etc/puppet/puppet.conf file to tell the domain name of the puppet proxy puppet server, so we need to add a line to the file:server=puppetserver .

/etc/puppet/puppet.conf on Puppetclient

12345678910111213141516

[main]server=puppetserverlogdir=/var/log/puppetvardir=/var/lib/puppetssldir=/var/lib/puppet/sslrundir=/var/run/puppetfactpath=$vardir/lib/factertemplatedir=$confdir/templatesprerun_command=/etc/puppet/etckeeper-commit-prepostrun_command=/etc/puppet/etckeeper-commit-post[master]# These are needed when the puppetmaster is run by passenger# and can safely be removed if webrick is used.ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY

After this is set up, the client can connect to the Puppet master process on the puppetserver virtual machine, but it cannot actually communicate with the server because it is not already in the list of verified and allowed clients. To achieve this, we need to initiate the first connection from the client to the server.

In the Puppetclient VM

1	~# sudo puppet agent --verbose --no-daemonize --onetime

This initiates a connection to the Puppet master process that listens on port 8140 on the puppetserver virtual machine. The output of this connection will be verbose, and then the client (proxy) will not continue to run in the future daemon. At the same time, it will only run once, that is, the agent process will end when the connection is closed.

If all the configurations are correct, the output for the first run is shown below.

On the Puppetclient VM, after you run the Puppet agent,

1234	info: Creating a new SSL key for puppetclientinfo: Creating a new SSL certificate request for puppetclientinfo: Certificate Request fingerprint (md5): 20:74:A7:BD:69:5D:50:8D:6A:79:67:6E:DC:5E:41:E0Exiting; no certificate found and waitforcert is disabled

This may seem like a mistake, but it's actually not. The client has already made the server aware of its information through this operation, but the server has not yet accepted the client. Next, we must sign the SSL authentication request that the puppetclient virtual machine has created and send it to the server. We can view the list of authentication requests that have not yet been signed on the server by the following command.

On the Puppetserver VM

~# sudo puppet cert --list

This command prints the following list.

On the Puppetserver VM

"puppetclient" (20:74:A7:BD:69:5D:50:8D:6A:79:67:6E:DC:5E:41:E0)

Now we can sign this request so that we can allow the client to receive information about the server in the next connection.

On the Puppetserver VM

1234	~# sudo puppet cert --sign puppetclientnotice: Signed certificate request forpuppetclientnotice: Removing file Puppet::SSL::CertificateRequest puppetclient at ‘/var/lib/puppet/ssl/ca/requests/puppetclient.pem‘

Switching back to the puppetclient virtual machine, we are now able to initialize a full connection to the server.

On the Puppetserver VM

12345678

~# sudo puppet agent --verbose --no-daemonize --onetimeinfo: Caching certificate for puppetclientinfo: Caching certificate_revocation_list for cainfo: Caching catalog for puppetclientinfo: Applying configuration version ‘1395687915‘info: Creating state file /var/lib/puppet/state/state.yamlnotice: Finished catalog run in 0.02 seconds

That's it-our puppet infrastructure is fully built and ready to run. However, there is nothing that can be done in this infrastructure. Our goal is to manage the configuration on puppetclient VMS by running Puppet Masteron the puppetserver virtual machine. However, we do not currently have any information defined to trigger configuration changes for the client. That's what we're going to use puppet to build a manageable server infrastructure: The second part will cover the content.

Build a manageable server infrastructure with Puppet (1)