<-- Back
Time to complete: 10 minutes
In this lab we will:
- install the Puppet Agent on the agent container
Make sure your agent container is started, and get logged in.
docker start agent
docker exec -it agent /bin/bash
To install the puppet agent on the agent node, we can take advantage of a feature of the PE Master: The PE Master makes available the agent installer behind its own web server. You can use wget or curl to download the installer script and then pipe it through bash.
- To use wget
wget --no-check-certificate --secure-protocol=TLSv1 -O - https://puppet:8140/packages/current/install.bash | bash
- To use curl
curl -k --tlsv1 https://puppet:8140/packages/current/install.bash | bash
If you'd like to browse what else is accessible via that web server, try opening https://localhost:22140/packages in your workstation's web browser.
(Remember we port-forwarded 8140 to 22140 on our hosting workstation)
Go ahead an install the agent if you haven't already done so, and then try running the puppet agent...
Run the puppet agent manually. This will cause an SSL certificate request to be generated and sent to the puppetmaster.
[root@agent ~]# puppet agent -t
Info: Creating a new SSL key for agent.example.com
Info: Caching certificate for ca
Info: Caching certificate_request for agent.example.com
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
Next, We need to sign the agent's cert on the master, so switch to your puppet window/terminal and issue the following commands on the puppet master as root:
puppet cert list
puppet cert sign agent.example.com
The puppet cert list command shows any outstanding certificate signing requests. You should see the one that was just generated by your agent run.
[root@puppet ~]# puppet cert list
"agent.example.com" (SHA256) 31:EA:4D:60:DE:44:E8:E1:A1:1A:2E:48:1E:81:CA:40:43:4A:A7:39:E8:B9:61:63:F3:0F:CF:2E:B7:CC:98:22
The puppet cert sign agent.example.com command signs the cert, and removes the signing request.
[root@puppet ~]# puppet cert sign agent.example.com
Notice: Signed certificate request for agent.example.com
Notice: Removing file Puppet::SSL::CertificateRequest agent.example.com at '/etc/puppetlabs/puppet/ssl/ca/requests/agent.example.com.pem'
Now, back on the agent node: Let's run puppet again (be sure you're running as root)
puppet agent -t
You should see a lot of output to the screen showing the changes that are being applied. (Puppet is installing and configuring MCollective on the agent.) However, because puppet runs automatically in the background every 5 minutes prior to its certificate being signed, there is a small chance that the first puppet run will occur before you're able to do a manual run. In that case, you should see a little output as in the second puppet run (no changes made.)
Run puppet a second time, and you should get a clean run with no changes.
puppet agent -t
For brevity, I've not included the output on this page, but it's available for viewing here:
- Puppet Run Output: 04-Puppet-Agent-Run-Output.md
At this point we have 3 running containers, but only 2 running the puppet agent:
- a Puppet Master node (hostname puppet.example.com) that also runs an agent to configure itself
- a Puppet Agent node (hostnamne agent.example.com) that runs an agent, and where we will test code and learn more about PE
- a GitLab server that we haven't used yet, but will in a later lab...
If you login to the PE Console, you should see these two agents on the 'Nodes' page. We will not install the puppet agent on the GitLab container at this time, as it is running in an Ubuntu-based container, and our Puppet Master is running un a CentOS 6 container, and only has the centos packages available out-of-the-box. We can update the Puppet Master to download packages for other operating systems though. Since the GitLab container is based on an Ubuntu 16.04 image, we can add the following class to our PE Master via the PE Console:
pe_repo::platform::ubuntu_1604_amd64
- Navigate to: Nodes --> Classification --> All Nodes --> PE Infrastructure --> PE Master
- Click Classes Tab
- Add new class: pe_repo::platform::ubuntu_1604_amd64 and click "Add Class"
- Click "Commit 1 change" at the bottom right of the page
- Run puppet on the Puppet Master with:
puppet agent -t
When Puppet runs, it will download the installation packages for Ubuntu, and then you should be able to install the Puppet Agent on your GitLab container as well. However!
We're using Docker in a way it's not really intended to be used. A docker container does not necessarily contain a full operating systems release. In fact, it would be rare to. Docker container images are built to contain only the minimum packages to run the application.
In the case of the GitLab container image, it doesn't come with systemd, which is assumed to be there by Puppet. Puppet wont be able to manage servies, without systemd installed in the container. Oh well...
<-- Back to Contents
Copyright © 2016 by Mark Bentley