Install Puppet Server, Puppet agent and deploy a DB package
A. Puppet-master (/etc/hosts)
172.16.20.35 puppet-master
172.16.20.36 node-2
172.16.20.37 node-3
B. Node-2 (/etc/hosts)
172.16.20.35 puppet-master
172.16.20.36 node-2
C. Node-3 (/etc/hosts)
172.16.20.35 puppet-master
172.16.20.37 node-3
**********************************************************************************
A. Server (Puppet Master) - Installation
1. Install Puppetlabs repo:
# wget https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm .
# rpm -ivh puppetlabs-release-el-6.noarch.rpm
Preparing... ########################################### [100%]
1:puppetlabs-release ########################################### [100%]
2. Install Puppet-server (puppetmaster):
# yum install puppet-server
3. # rpm -qa | grep puppet
puppetlabs-release-6-11.noarch
puppet-server-3.8.3-1.el6.noarch
puppet-3.8.3-1.el6.noarch
**********************************************************************************
B. Setup Puppet Master (Puppet server)
1. Set up Puppet server (puppet master):
# hostname
puppet-master
i. vi /etc/hosts
172.16.20.35 puppet-master
172.16.20.36 node-2
172.16.20.37 node-3
ii. vi /etc/puppet/puppet.conf
[main]
dns_alt_names = puppet-master
iii. Configure IPTABLES (firewall) to allow agents to connect to Puppet master (listens on
8140 ). I allowed full subnet (as it was internal to systems)
# iptables -I INPUT -p tcp -s 172.16.20.0/24 -j ACCEPT
**********************************************************************************
C. Puppet Agent - Installation
# wget https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm .
# rpm -ivh puppetlabs-release-el-6.noarch.rpm
Preparing... ########################################### [100%]
1:puppetlabs-release ########################################### [100%]
# yum install puppet
# rpm -qa | grep puppet
puppetlabs-release-6-11.noarch
puppet-3.8.3-1.el6.noarch
**********************************************************************************
D. Set up Puppet-Node (Agent):
# hostname
node-3
i. vi /etc/hosts
172.16.20.35 puppet-master
172.16.20.37 node-3
ii. vi /etc/puppet/puppet.conf
[agent]
server=puppet-master
**********************************************************************************
E. Start the services:
1. start puppet server:
[root@puppet-master puppet]# service puppetmaster start
Starting puppetmaster: [ OK ]
2. Lets run Puppet agent (not as a service):
puppet agent --no-daemonize --verbose
**********************************************************************************
F. Certificates (request/sign):
1. [root@puppet-master ~]# puppet cert list --all
+ "puppet-master" (43:43:B9:97:5E:37:BB:2C:A4:68:A0:77:46:5D:1E:03) (alt names:
"DNS:puppet-master")
2. # puppet agent --no-daemonize --verbose
Info: Creating a new SSL key for node-3
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for node-3
Info: Certificate Request fingerprint (SHA256):
19:E1:73:24:17:B2:7B:30:19:92:1B:D0:85:73:47:B0:92:93:6F:18:AA:AA:55:CA:7F:4D:63:F5:D2:51:1A:0B
Info: Caching certificate for ca
3. [root@puppet-master puppet]# puppet cert list --all
"node-3" (SHA256)
19:E1:73:24:17:B2:7B:30:19:92:1B:D0:85:73:47:B0:92:93:6F:18:AA:AA:55:CA:7F:4D:63:F5:D2:51:1A:0B
+ "puppet-master" (SHA1) CD:97:B4:FA:EE:B4:6F:D0:8C:54:FF:BB:42:3A:C4:B6:EF:8F:F9:66 (alt names: "DNS:puppet-master")
4. [root@puppet-master puppet]# puppet cert sign node-3
Notice: Signed certificate request for node-3
Notice: Removing file Puppet::SSL::CertificateRequest node-3 at
'/var/lib/puppet/ssl/ca/requests/node-3.pem'
5. [root@puppet-master puppet]# puppet cert list --all
+ "node-3" (SHA256)
0B:48:96:10:85:78:A3:AD:95:9A:6E:42:24:0B:8E:4F:63:5F:D2:7F:69:7B:14:1E:AB:23:C7:37:6C:8D:F2:DA
+ "puppet-master" (SHA1) CD:97:B4:FA:EE:B4:6F:D0:8C:54:FF:BB:42:3A:C4:B6:EF:8F:F9:66 (alt names: "DNS:puppet-master")
**********************************************************************************
G. Puppet in Operation:
1. Lets create a 'site.pp' file on Puppet Master under '/etc/puppet/manifests/'; Worth noting,
'site.pp' is the main entry point for 'puppet agent'
node 'node-3' {
package { 'finger':ensure=>installed }
}
2. On the puppet agent (node-2), lets run the agent manually now as # puppet agent -t --
verbose;
[root@node-3 ~]# puppet agent -t --verbose
info: Caching certificate for node-3
info: Caching certificate_revocation_list for ca
info: Caching catalog for node-3
info: Applying configuration version '1443009146'
notice: /Stage[main]//Node[node-3]/Package[finger]/ensure: created
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 3.26 seconds
********************************************************************************
H. Deploying a MySQL Database Server package (using puppetlabs-mysql module)
1. Search
# puppet module search mysql | egrep puppetlabs
Notice: Searching https://forgeapi.puppetlabs.com ...
puppetlabs-mysql Installs, configures, and m... @puppetlabs mysql rhel
gajdaw-mysql Deprecated! Use puppetlabs/... @gajdaw mysql
create
2. Install Module on Puppet server:
# puppet module install puppetlabs-mysql
3. Check the Module Readme file;
If you want a server installed with the default options you can run
`include '::mysql::server'`.
If you need to customize options, such as the root
password or `/etc/my.cnf` settings, then you must also pass in an override hash:
~~~
class { '::mysql::server':
root_password => 'strongpassword',
remove_default_accounts => true,
override_options => $override_options
}
### Creating a database
To use `mysql::db` to create a database with a user and assign some privileges:
~~~
mysql::db { 'mydb':
user => 'myuser',
password => 'mypass',
host => 'localhost',
grant => ['SELECT', 'UPDATE'],
}
*********************************************************************************
I. Now, lets create a /etc/puppet/manifests/site.pp with Mysql class to be deployed. The recipe given
below; Note: "site.pp" file is entry point for the "puppet agent" when invoked on nodes.
cat /etc/puppet/site.pp
node 'node-3' {
# Install finger package
package { 'finger':
ensure=>installed
}
# Install Mysql server package using puppetlabs-mysql module
class { 'mysql::server':
root_password => 'root',
remove_default_accounts => true,
}
# Create a database mydb with the following
mysql::db { 'mydb':
user => 'bijit',
password => 'bijit',
host => 'localhost',
grant => ['SELECT', 'UPDATE'],
}
}
**********************************************************************************
J. Execute the Puppet agent on Node-3:
# puppet agent -t --verbose
observe the catalog run as shown below;
**********************************************************************************
Info: Loading facts
Info: Caching catalog for node-3
Info: Applying configuration version '1443055262'
Notice: /Stage[main]/Main/Node[node-3]/Package[finger]/ensure: created
Notice: /Stage[main]/Mysql::Server::Install/Package[mysql-server]/ensure: created
Notice: /Stage[main]/Mysql::Server::Config/File[mysql-config-file]/content:
--- /etc/my.cnf 2015-06-22 13:08:02.000000000 +0000
+++ /tmp/puppet-file20150924-22941-8kbruj-0 2015-09-24 00:41:26.295000002 +0000
@@ -1,10 +1,49 @@
+### MANAGED BY PUPPET ###
+
+[client]
+port = 3306
+socket = /var/lib/mysql/mysql.sock
+
+[isamchk]
+key_buffer_size = 16M
+
[mysqld]
-datadir=/var/lib/mysql
-socket=/var/lib/mysql/mysql.sock
-user=mysql
-# Disabling symbolic-links is recommended to prevent assorted security risks
-symbolic-links=0
+basedir = /usr
+bind-address = 127.0.0.1
+datadir = /var/lib/mysql
+expire_logs_days = 10
+key_buffer_size = 16M
+log-error = /var/log/mysqld.log
+max_allowed_packet = 16M
+max_binlog_size = 100M
+max_connections = 151
+myisam_recover = BACKUP
+pid-file = /var/run/mysqld/mysqld.pid
+port = 3306
+query_cache_limit = 1M
+query_cache_size = 16M
+skip-external-locking
+socket = /var/lib/mysql/mysql.sock
+ssl = false
+ssl-ca = /etc/mysql/cacert.pem
+ssl-cert = /etc/mysql/server-cert.pem
+ssl-key = /etc/mysql/server-key.pem
+thread_cache_size = 8
+thread_stack = 256K
+tmpdir = /tmp
+user = mysql
[mysqld_safe]
-log-error=/var/log/mysqld.log
-pid-file=/var/run/mysqld/mysqld.pid
+log-error = /var/log/mysqld.log
+nice = 0
+socket = /var/lib/mysql/mysql.sock
+
+[mysqldump]
+max_allowed_packet = 16M
+quick
+quote-names
+
+
+
+!includedir /etc/my.cnf.d
+
Info: Computing checksum on file /etc/my.cnf
Info: /Stage[main]/Mysql::Server::Config/File[mysql-config-file]: Filebucketed /etc/my.cnf to
puppet with sum 8ace886bbe7e274448bc8bea16d3ead6
Notice: /Stage[main]/Mysql::Server::Config/File[mysql-config-file]/content: content changed
'{md5}8ace886bbe7e274448bc8bea16d3ead6' to '{md5}d0d209eb5ed544658b3f1a72274bc3ed'
Notice: /Stage[main]/Mysql::Server::Config/File[/etc/my.cnf.d]/ensure: created
Notice: /Stage[main]/Mysql::Server::Installdb/Exec[mysql_install_db]/returns: executed
successfully Notice: /Stage[main]/Mysql::Server::Service/Service[mysqld]/ensure: ensure changed
'stopped' to 'running'
Info: /Stage[main]/Mysql::Server::Service/Service[mysqld]: Unscheduling refresh on
Service[mysqld]
Notice: /Stage[main]/Mysql::Server::Root_password/Mysql_user[root@localhost]/password_hash:
defined 'password_hash' as '*81F5E21E35407D884A6CD4A731AEBFB6AF209E1B'
Notice: /Stage[main]/Mysql::Server::Root_password/File[/root/.my.cnf]/ensure: defined content
as '{md5}43dc0a91e40ed08b266077472a9b0e49'
Notice: /Stage[main]/Main/Node[node-3]/Mysql::Db[mydb]/Mysql_user[bijit@localhost]/ensure:
created
Notice: /Stage[main]/Main/Node[node-3]/Mysql::Db[mydb]/Mysql_database[mydb]/ensure:
created
Notice: /Stage[main]/Main/Node[node-
3]/Mysql::Db[mydb]/Mysql_grant[bijit@localhost/mydb.*]/ensure: created
Notice: /Stage[main]/Mysql::Server::Account_security/Mysql_database[test]/ensure: removed
Notice: /Stage[main]/Mysql::Server::Account_security/Mysql_user[root@node-3]/ensure:
removed
Notice: /Stage[main]/Mysql::Server::Account_security/Mysql_user[@localhost]/ensure: removed
Notice: /Stage[main]/Mysql::Server::Account_security/Mysql_user[root@127.0.0.1]/ensure:
removed
Notice: /Stage[main]/Mysql::Server::Account_security/Mysql_user[@node-3]/ensure: removed
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 28.48 seconds
**********************************************************************************
Think, when you need to deploy the same MySQL setup on 100+ systems !! ;)
