Fabfile for Puppet installations

3 Comments Posted by on February 11, 2013

I will try to automate everything I can, so even when configuring one automation system (Puppet), I’m using another one (Fabric) to do it. I’m using this fabfile always when I need to install another Puppet agent or if I need to install a Puppet server. Tested only with Ubuntu.

Test environment:
Ubuntu 12.10
Puppet 2.7.18
Fabric 1.4.2

If you need help using Fabric:
https://awaseroot.wordpress.com/2012/04/23/fabric-tutorial-1-take-command-of-your-network/

Fab task for Puppet server

@roles("master")
@runs_once
def pup_master(master):
    """Configure Puppetmaster [master]"""
    sudo("apt-get update")
    sudo("apt-get -y install puppetmaster puppet")
    sudo("service puppetmaster stop")
    sudo("rm -r /var/lib/puppet/ssl")
    sudo("echo 'dns_alt_names = %s' >> /etc/puppet/puppet.conf" % master)
    sudo("service puppetmaster start")
    sudo("mkdir -p /etc/puppet/manifests/ /etc/puppet/modules/")
    # Test module:
    sudo("mkdir -p /etc/puppet/modules/test/manifests/")
    sudo('echo include test > /etc/puppet/manifests/site.pp')
    sudo('echo "class test { file { \\"/tmp/hello\\": content => \\"HelloWorld\\\n\\" } }" > /etc/puppet/modules/test/manifests/init.pp')

This Puppet configuration is based on this guide.

Fab task for Puppet agents

@roles("slaves")
def pup(server="puppetmaster.local"):
    """Configure slaves [server], default: puppetmaster.local"""
    sudo("apt-get update")
    sudo("apt-get -y install puppet")
    sudo("echo '[agent]\nserver = %s' >> /etc/puppet/puppet.conf" % server)
    sudo('sed s/START=no/START=yes/ /etc/default/puppet > /tmp/puppi')
    sudo('mv /tmp/puppi /etc/default/puppet')
    sudo('service puppet restart')

Certificates

Fab task for listing puppet certificate requests:

@roles('master')
@runs_once
def clist():
    """List certificate requests"""
    sudo("puppet cert --list")

Fab task for signing puppet certificate requests:

@roles('master')
@runs_once
def csign(agent="--all"):
    """Sign certificate requests, default=all"""
    sudo("puppet cert --sign %s" % agent)

This fabfile includes all the necessary tasks and settings. Just replace hosts and usernames with your own.

fabfile.py

from fabric.api import *

env.hosts=["ubuntu1.local","ubuntu2.local","ubuntu3.local","puppetmaster.local"]
env.roledefs={"slaves":["ubuntu1.local","ubuntu2.local","ubuntu3.local"],"master":["puppetmaster.local"]}
env.user="linuxuser"
env.skip_bad_hosts=True
env.warn_only=True
env.timeout=1
env.parallel=True
env.linewise=True

@roles("master")
@runs_once
def pup_master(master):
    """Configure Puppetmaster [master]"""
    sudo("apt-get update")
    sudo("apt-get -y install puppetmaster puppet")
    sudo("service puppetmaster stop")
    sudo("rm -r /var/lib/puppet/ssl")
    sudo("echo 'dns_alt_names = %s' >> /etc/puppet/puppet.conf" % master)
    sudo("service puppetmaster start")
    sudo("mkdir -p /etc/puppet/manifests/ /etc/puppet/modules/")
    # Test module:
    sudo("mkdir -p /etc/puppet/modules/test/manifests/")
    sudo('echo include test > /etc/puppet/manifests/site.pp')
    sudo('echo "class test { file { \\"/tmp/hello\\": content => \\"HelloWorld\\\n\\" } }" > /etc/puppet/modules/test/manifests/init.pp')

@roles("slaves")
def pup(server="puppetmaster.local"):
    """Configure slaves [server], default: puppetmaster.local"""
    sudo("apt-get update")
    sudo("apt-get -y install puppet")
    sudo("echo '[agent]\nserver = %s' >> /etc/puppet/puppet.conf" % server)
    sudo('sed s/START=no/START=yes/ /etc/default/puppet > /tmp/puppi')
    sudo('mv /tmp/puppi /etc/default/puppet')
    sudo('service puppet restart')

@roles('master')
@runs_once
def clist():
    """List certificate requests"""
    sudo("puppet cert --list")

@roles('master')
@runs_once
def csign(agent="--all"):
    """Sign certificate requests, default=all"""
    sudo("puppet cert --sign %s" % agent)

Now all you have to do to get your puppet setup configured is to run these commands:
fab pup_master:puppetmaster.local
fab pup
fab clist (to view the certificate requests that should be there if above task succeeded)
fab csign (to sign the certificates)

You can define the master server in the pup command:
fab pup:puppet.local

You can choose a specific certificate to sign:
fab csign:ubuntu2.local

Now that the fabfile is ready, it’s always easy to set up new machines for puppet:

New Ubuntu install
1. Install ssh-server on it
2. Add the new host(s) to your fabfile
3. Run these commands:
fab pup
fab csign

The fabfile is also on our github:
https://github.com/awaseroot/awaseroot/blob/master/fabric/puppetconf/fabfile.py

Sources

Tero Karvinen – PuppetMaster on Ubuntu 12.04

Fabric, Puppet, Ubuntu , ,

3 responses to “Fabfile for Puppet installations

  1. Pingback: Puppet with Windows clients « awaseroot

  2. Pingback: Aikataulu – Linuxin keskitetty hallinta – ict4tn011-3 keväällä 2013 | Tero Karvinen

  3. Pingback: Aikataulu – Linuxin keskitetty hallinta – ict4tn011-4 syksyllä 2013 | Tero Karvinen

Leave a comment