Fabfile for Puppet installations
February 11, 2013
Posted by on I will try to automate everything I can, so even when configuring one automation system (Puppet), I’m using another one (Fabric) to do it. I’m using this fabfile always when I need to install another Puppet agent or if I need to install a Puppet server. Tested only with Ubuntu.
Test environment:
Ubuntu 12.10
Puppet 2.7.18
Fabric 1.4.2
If you need help using Fabric:
https://awaseroot.wordpress.com/2012/04/23/fabric-tutorial-1-take-command-of-your-network/
Fab task for Puppet server
@roles("master") @runs_once def pup_master(master): """Configure Puppetmaster [master]""" sudo("apt-get update") sudo("apt-get -y install puppetmaster puppet") sudo("service puppetmaster stop") sudo("rm -r /var/lib/puppet/ssl") sudo("echo 'dns_alt_names = %s' >> /etc/puppet/puppet.conf" % master) sudo("service puppetmaster start") sudo("mkdir -p /etc/puppet/manifests/ /etc/puppet/modules/") # Test module: sudo("mkdir -p /etc/puppet/modules/test/manifests/") sudo('echo include test > /etc/puppet/manifests/site.pp') sudo('echo "class test { file { \\"/tmp/hello\\": content => \\"HelloWorld\\\n\\" } }" > /etc/puppet/modules/test/manifests/init.pp')
This Puppet configuration is based on this guide.
Fab task for Puppet agents
@roles("slaves") def pup(server="puppetmaster.local"): """Configure slaves [server], default: puppetmaster.local""" sudo("apt-get update") sudo("apt-get -y install puppet") sudo("echo '[agent]\nserver = %s' >> /etc/puppet/puppet.conf" % server) sudo('sed s/START=no/START=yes/ /etc/default/puppet > /tmp/puppi') sudo('mv /tmp/puppi /etc/default/puppet') sudo('service puppet restart')
Certificates
Fab task for listing puppet certificate requests:
@roles('master') @runs_once def clist(): """List certificate requests""" sudo("puppet cert --list")
Fab task for signing puppet certificate requests:
@roles('master') @runs_once def csign(agent="--all"): """Sign certificate requests, default=all""" sudo("puppet cert --sign %s" % agent)
This fabfile includes all the necessary tasks and settings. Just replace hosts and usernames with your own.
fabfile.py
from fabric.api import * env.hosts=["ubuntu1.local","ubuntu2.local","ubuntu3.local","puppetmaster.local"] env.roledefs={"slaves":["ubuntu1.local","ubuntu2.local","ubuntu3.local"],"master":["puppetmaster.local"]} env.user="linuxuser" env.skip_bad_hosts=True env.warn_only=True env.timeout=1 env.parallel=True env.linewise=True @roles("master") @runs_once def pup_master(master): """Configure Puppetmaster [master]""" sudo("apt-get update") sudo("apt-get -y install puppetmaster puppet") sudo("service puppetmaster stop") sudo("rm -r /var/lib/puppet/ssl") sudo("echo 'dns_alt_names = %s' >> /etc/puppet/puppet.conf" % master) sudo("service puppetmaster start") sudo("mkdir -p /etc/puppet/manifests/ /etc/puppet/modules/") # Test module: sudo("mkdir -p /etc/puppet/modules/test/manifests/") sudo('echo include test > /etc/puppet/manifests/site.pp') sudo('echo "class test { file { \\"/tmp/hello\\": content => \\"HelloWorld\\\n\\" } }" > /etc/puppet/modules/test/manifests/init.pp') @roles("slaves") def pup(server="puppetmaster.local"): """Configure slaves [server], default: puppetmaster.local""" sudo("apt-get update") sudo("apt-get -y install puppet") sudo("echo '[agent]\nserver = %s' >> /etc/puppet/puppet.conf" % server) sudo('sed s/START=no/START=yes/ /etc/default/puppet > /tmp/puppi') sudo('mv /tmp/puppi /etc/default/puppet') sudo('service puppet restart') @roles('master') @runs_once def clist(): """List certificate requests""" sudo("puppet cert --list") @roles('master') @runs_once def csign(agent="--all"): """Sign certificate requests, default=all""" sudo("puppet cert --sign %s" % agent)
Now all you have to do to get your puppet setup configured is to run these commands:
fab pup_master:
puppetmaster.local
fab pup
fab clist
(to view the certificate requests that should be there if above task succeeded)
fab csign
(to sign the certificates)
You can define the master server in the pup command:
fab pup:puppet.local
You can choose a specific certificate to sign:
fab csign:ubuntu2.local
Now that the fabfile is ready, it’s always easy to set up new machines for puppet:
New Ubuntu install
1. Install ssh-server on it
2. Add the new host(s) to your fabfile
3. Run these commands:
fab pup
fab csign
The fabfile is also on our github:
https://github.com/awaseroot/awaseroot/blob/master/fabric/puppetconf/fabfile.py
Sources
Tero Karvinen – PuppetMaster on Ubuntu 12.04
Pingback: Puppet with Windows clients « awaseroot
Pingback: Aikataulu – Linuxin keskitetty hallinta – ict4tn011-3 keväällä 2013 | Tero Karvinen
Pingback: Aikataulu – Linuxin keskitetty hallinta – ict4tn011-4 syksyllä 2013 | Tero Karvinen