Skip to content

Latest commit

 

History

History
161 lines (110 loc) · 5.64 KB

04-Install-Puppet-Agent.md

File metadata and controls

161 lines (110 loc) · 5.64 KB

<-- Back


Lab #4: Install the Puppet Agent


Overview

Time to complete: 10 minutes

In this lab we will:

  • install the Puppet Agent on the agent container

Pre-installation Steps

Make sure your agent container is started, and get logged in.

     docker start agent
     docker exec -it agent /bin/bash

Install the Agent

To install the puppet agent on the agent node, we can take advantage of a feature of the PE Master: The PE Master makes available the agent installer behind its own web server. You can use wget or curl to download the installer script and then pipe it through bash.

  • To use wget
     wget --no-check-certificate --secure-protocol=TLSv1 -O - https://puppet:8140/packages/current/install.bash | bash
  • To use curl
     curl -k --tlsv1 https://puppet:8140/packages/current/install.bash | bash

If you'd like to browse what else is accessible via that web server, try opening https://localhost:22140/packages in your workstation's web browser.

(Remember we port-forwarded 8140 to 22140 on our hosting workstation)

Go ahead an install the agent if you haven't already done so, and then try running the puppet agent...

Run the Puppet Agent

Run the puppet agent manually. This will cause an SSL certificate request to be generated and sent to the puppetmaster.

     [root@agent ~]# puppet agent -t
     Info: Creating a new SSL key for agent.example.com
     Info: Caching certificate for ca
     Info: Caching certificate_request for agent.example.com
     Info: Caching certificate for ca
     Exiting; no certificate found and waitforcert is disabled

Sign the Certificate

Next, We need to sign the agent's cert on the master, so switch to your puppet window/terminal and issue the following commands on the puppet master as root:

     puppet cert list
     puppet cert sign agent.example.com

The puppet cert list command shows any outstanding certificate signing requests. You should see the one that was just generated by your agent run.

     [root@puppet ~]# puppet cert list
       "agent.example.com" (SHA256) 31:EA:4D:60:DE:44:E8:E1:A1:1A:2E:48:1E:81:CA:40:43:4A:A7:39:E8:B9:61:63:F3:0F:CF:2E:B7:CC:98:22

The puppet cert sign agent.example.com command signs the cert, and removes the signing request.

     [root@puppet ~]# puppet cert sign agent.example.com
     Notice: Signed certificate request for agent.example.com
     Notice: Removing file Puppet::SSL::CertificateRequest agent.example.com at '/etc/puppetlabs/puppet/ssl/ca/requests/agent.example.com.pem'

Now, back on the agent node: Let's run puppet again (be sure you're running as root)

     puppet agent -t

You should see a lot of output to the screen showing the changes that are being applied. (Puppet is installing and configuring MCollective on the agent.) However, because puppet runs automatically in the background every 5 minutes prior to its certificate being signed, there is a small chance that the first puppet run will occur before you're able to do a manual run. In that case, you should see a little output as in the second puppet run (no changes made.)

Run the Puppet Agent Again

Run puppet a second time, and you should get a clean run with no changes.

     puppet agent -t

Puppet Agent Clean Run

For brevity, I've not included the output on this page, but it's available for viewing here:


At this point we have 3 running containers, but only 2 running the puppet agent:

  • a Puppet Master node (hostname puppet.example.com) that also runs an agent to configure itself
  • a Puppet Agent node (hostnamne agent.example.com) that runs an agent, and where we will test code and learn more about PE
  • a GitLab server that we haven't used yet, but will in a later lab...

If you login to the PE Console, you should see these two agents on the 'Nodes' page. We will not install the puppet agent on the GitLab container at this time, as it is running in an Ubuntu-based container, and our Puppet Master is running un a CentOS 6 container, and only has the centos packages available out-of-the-box. We can update the Puppet Master to download packages for other operating systems though. Since the GitLab container is based on an Ubuntu 16.04 image, we can add the following class to our PE Master via the PE Console:

     pe_repo::platform::ubuntu_1604_amd64
  1. Navigate to: Nodes --> Classification --> All Nodes --> PE Infrastructure --> PE Master
  2. Click Classes Tab
  3. Add new class: pe_repo::platform::ubuntu_1604_amd64 and click "Add Class"
  4. Click "Commit 1 change" at the bottom right of the page
  5. Run puppet on the Puppet Master with: puppet agent -t

When Puppet runs, it will download the installation packages for Ubuntu, and then you should be able to install the Puppet Agent on your GitLab container as well. However!

We're using Docker in a way it's not really intended to be used. A docker container does not necessarily contain a full operating systems release. In fact, it would be rare to. Docker container images are built to contain only the minimum packages to run the application.

In the case of the GitLab container image, it doesn't come with systemd, which is assumed to be there by Puppet. Puppet wont be able to manage servies, without systemd installed in the container. Oh well...


<-- Back to Contents


Copyright © 2016 by Mark Bentley