Puppet-Team Howto

  1. Puppet-Team Howto
  2. Installation and configuration
  3. Data Entry
    1. Projects Management
    2. Environments Management
    3. Masters Management
    4. Nodes Management
  4. Security
    1. Trust masters
    2. Trust nodes
  5. Using GIT reposiotries
  6. Running
    1. Push configurations
    2. Run puppet everywhere
    3. Enable or disable puppet everywhere
  7. Additional features
    1. Files and rsync
    2. External repositories

This simple document describe a classic standard use-case of puppet-team.

Architecture (small resolution)

Installation and configuration

At first, we need to install puppet team 

# yum -y install puppet-team

Then, we've got to init puppet-team internal database 

# puppet-team-init

Are you sure to init database? (yes/no) y
Creating and init db...                      [ OK ]

Data Entry

Projects Management

Puppet-team can manage different kind of resources. We focus our attention on "projects", a simple way to keep separated different puppet's configurations. 

# puppet-team-project --add alfa

Create puppet production location...         [ OK ]
Create GIT repository...                     [ OK ]
Setting right permissions...                 [ OK ]
Populating with project contents...          [ OK ]

Done

# puppet-team-project --add beta

Create puppet production location...         [ OK ]
Create GIT repository...                     [ OK ]
Setting right permissions...                 [ OK ]
Populating with project contents...          [ OK ]

Done

To see what we've done, we can use "--list" option: 

# puppet-team-project --list

alfa
beta

Environments Management

In our sample we need two different environments: production and development.

Environments are really confortable when we're going to push our configurations over the network...

By default, puppet-team uses "default" evironment for every master and note registered into the system. 

# puppet-team-environment --add development
# puppet-team-environment --add production

With "--list" is possible to see all defined environments: 

# puppet-team-environment --list

default
development
production

Masters Management

Master is one of the most important element in puppet-team architecture: it runs puppet-master daemon for a specific environment.

In our case we need to add three master nodes: pup-master-1, pup-master-2 and pup-master-3. In this step we can also define the right environment for each master. 

# puppet-team-master --add pup-master-1 --env production
# puppet-team-master --add pup-master-2 --env development
# puppet-team-master --add pup-master-3 --env production

As usual, with "--list" (and "--show-details") we can see the result: 

# puppet-team-master --list --show-details

HostName      Environment  Trusted     PushedTag 
------------  -----------  ----------  ----------
pup-master-1  production   false                 
pup-master-2  development  false                 
pup-master-3  production   false

Now it's time to set right project to right master: 

# puppet-team-project --set alfa --master pup-master-1
# puppet-team-project --set alfa --master pup-master-2
# puppet-team-project --set beta --master pup-master-3

To check projects and masters: 

# puppet-team-project --show-masters --proj alfa

pup-master-1
pup-master-2

# puppet-team-project --show-masters --proj beta

pup-master-3

Nodes Management

Final step in data-entry process is nodes definition. Every node has to be defined into puppet-team with appropiate master and right environment: 

# puppet-team-node --add web-1 --env production --master pup-master-1
# puppet-team-node --add nfs-1 --env production --master pup-master-1
# puppet-team-node --add web-2 --env development --master pup-master-2
# puppet-team-node --add nfs-2 --env development --master pup-master-2
# puppet-team-node --add ftp-1 --env production --master pup-master-3

Verify with "--list" and "--show-details": 

# puppet-team-node --list --show-details

HostName    Environment  Master        Trusted   
----------  -----------  ------------  ----------
ftp-1       production   pup-master-3  false     
nfs-1       production   pup-master-1  false     
nfs-2       development  pup-master-2  false     
web-1       production   pup-master-1  false     
web-2       development  pup-master-2  false

Security

Trust masters

Optionally we can use ssh keys to skip entering password every time we need to run puppet-team (it uses ssh for remote comunications...).

It's possible to do this step manually or we can use "puppet-team-ca" to semplify our job. Now wa haven't got any dedicated users on puppet-master servers, so we have to use "root" account (--root parameter), at least just for now.... 

# puppet-team-ca --trust-masters --root

Using current ssh keys...
root@pup-master-1's password: *******
root@pup-master-2's password: *******
root@pup-master-3's password: *******

As usual, we can see our result by "--list" and "--show-details" options (note "Trusted" column): 

# puppet-team-master --list --show-details

HostName      Environment  Trusted     PushedTag 
------------  -----------  ----------  ----------
pup-master-1  production   true                  
pup-master-2  development  true                  
pup-master-3  production   true

Trust nodes

It's the same if you want to trust all nodes: 

ca on nodes.......

Using GIT reposiotries

When we've created projects "alfa" and "beta", puppet-team automatically added a git repository for each project in own home dir under /repo directory.

So we've got now two GIT repositories: alfa and beta, and all users are able to clone and use this repositories.

Here an example in order to clone repository on different machine. Plese, have a look of git web sito to know all the features concerning git. 

$ git-clone root@puppet-team:/var/lib/puppet-team/repo/alfa alfa

Initialized empty Git repository in /tmp/mydir/alfa/.git/
root@puppet-team's password:  *****

remote: Generating pack...
remote: Done counting 5 objects.
Deltifying 5 objects...
 100% (5/5)remote:  done
Total 5 (delta 0), reused 0 (delta 0)
Indexing 5 objects...
 100% (5/5) done

Edit and work with puppet's config files: 

$ vi notes/readme.txt
...
$ git-status 

# On branch master
# Untracked files:
#   (use "git add <file>..." to include in what will be committed)
#
#       notes/readme.txt
nothing added to commit but untracked files present (use "git add" to track)

Add nad commit your work: 

$ git-add notes/readme.txt
$ git-commit -m "First commit"

Created commit bd81c62: First commit
 1 files changed, 1 insertions(+), 0 deletions(-)
 create mode 100644 notes/readme.txt

Finally we can push our configuration files to central puppet-team configurations repository: 

$ git-pull
Already up-to-date.

$ git-push

updating 'refs/heads/master'
  from 2d23f28614b19f5f86a809ebf28023f768d9470f
  to   bd81c62a7868037a6d22e340fcbaf070833d73df
Generating pack...
Done counting 6 objects.
Result has 4 objects.
Deltifying 4 objects...
 100% (4/4) done
Writing 4 objects...
 100% (4/4) done
Total 4 (delta 1), reused 0 (delta 0)
refs/heads/master: 2d23f28614b19f5f86a809ebf28023f768d9470f -> bd81c62a7868037a6d22e340fcbaf070833d73df

"Alfa" is a pure git repository, so you can manage it as you wish (tag, branch and so on...): 

# cd /var/lib/puppet-team/repo/alfa
# git-tag v1.0

Puppet-Team set shared access to its repositories using "ptusers" group. All users into this group are able to read and write git repositories. In this sequence we use root account only to semplify the whole process.

Running

Push configurations

Run puppet everywhere

Enable or disable puppet everywhere

Additional features

Files and rsync

Sometimes it's very important to keep aligned some files out of git repository. An example in yum repository.

It's quite difficult (and very expensive!) getting rpms into git repository. A simple scheduled rsync could be an easy way to do this task.

Puppet-team...

External repositories

Attachments