Deploy OpenSource Puppet 4 with multiple puppet masters. Part III. Setting up puppet-db with Puppet
→ Deploying OpenSource Puppet 4 with multiple Puppet masters. Part I. Preparatory
→ Deploying OpenSource Puppet 4 with multiple Puppet masters. Part II. Puppet Masters Setup
Let's set up the settings for the puppet-db node in the puppet-environments.git repository.
In the puppet-environments.git repository, add the puppet-db settings to the manifests / nodes.pp file:
')
I want to thank Ken Barber for his help in setting up . Initially, I cloned the puppet-db module repository, made changes to it in terms of postgresql data placement, and installed an already modified module. He suggested how to do better.
Do not forget to create the directory /media/data/postgresql/9.4/main if you plan to use non-standard database allocation:
Let's fix the changes in the repository so that they get to the puppet servers. For any postgresql datadir placement, run:
Don't forget to set the puppetmaster settings in /etc/puppetlabs/puppet/puppet.conf on the puppet-db server.
Send a request to add a certificate for the puppet-db server to puppet-master01:
Confirm the certificate for puppet-master01:
After that, the settings made in nodes.pp will be automatically applied to puppet-db: the postgresql server and the puppet-db service will be installed and configured.
Add the following lines to the manifests / nodes.pp file:
Or such, if you need to configure ntp (without using hiera):
Fix the changes in the repository:
And send the changes to the gitolite3 server:
Apply the changes on puppet-master01 and puppet-master02 servers:
Check if the connection settings for puppet-db on puppet-master01 and puppet-master02 have been applied:
Check if the ntp settings on puppet-master01 and puppet-master02 apply:
To simplify debugging, hiera make a symbolic link to the hiera configuration file on puppet-master01 and puppet-master02:
Create a file manifests / site.pp, and connect hiera using hiera_include ('classes'). Content site.pp:
On the puppet-master01 and puppet-master02 servers in the /etc/puppetlabs/puppet/hiera.yaml file, the default hierarchy settings are set:
Create a default configuration in the common.yaml file, which will be used for all nodes, and set up the ntp client settings:
Create a directory for storing configurations of individual nodes in hiera:
The name of the configuration files will correspond to the names of the node certificates (% {:: trusted.certname}).
Similarly, in the file hieradata / nodes / puppet-master02.example.com.
With the standard postgresql datadir layout, everything is simple:
But for this case, there was no simple solution. I do not know how critical the presence of the pg_trgm extension in postgresql is for the functioning of puppet-db. Just in case, I decided not to remove this extension.
The fact is that in hiera you cannot just take and declare resources (Defining resource types), as in Puppet language:
I tried several not very successful options for adding resources using hiera:
→ serverfault.com/questions/549720/hiera-include-equivalent-for-resource-types/549807
→ graviline.ru/index/show/41130
Not yet found the tedivm-hieratic module . The creator of the module declares support for Puppet 3.x, but it also worked in Puppet 4. In Puppetfile, you need to register another module:
Include hieratic in manifests / site.pp:
And then you can set the config for non-standard placement of datadir for postgresql hieradata / nodes / puppet-db.yaml:
If you configured the nodes through hiera, you need to remember to remove the node settings from manifets / nodes.pp.
Committing Changes:
Applying settings to puppet-db:
As a result, we obtain the Puppet infrastructure, which can be expanded further by adding additional puppet-master nodes as the load on the existing servers increases. Now you can start writing manifests for managed nodes. But more about that some other time.
→ Deploying OpenSource Puppet 4 with multiple Puppet masters. Part II. Puppet Masters Setup
Setting up puppet-db with Puppet
Let's set up the settings for the puppet-db node in the puppet-environments.git repository.
In the case of the standard postgresql datadir placement
In the puppet-environments.git repository, add the puppet-db settings to the manifests / nodes.pp file:
')
node default { } node puppet-db { class { 'puppetdb': listen_addresses => '0.0.0.0', } } In case of non-standard datadir placement for postgresql
I want to thank Ken Barber for his help in setting up . Initially, I cloned the puppet-db module repository, made changes to it in terms of postgresql data placement, and installed an already modified module. He suggested how to do better.
node default { } node 'puppet-db.example.com' { class { 'puppetdb': listen_address => '0.0.0.0', manage_dbserver => false, } class { '::postgresql::globals': manage_package_repo => true, version => '9.4', } class { '::postgresql::server': datadir => '/media/data/postgresql/9.4/main', } postgresql::server::extension { 'pg_trgm': database => 'puppetdb', } } Do not forget to create the directory /media/data/postgresql/9.4/main if you plan to use non-standard database allocation:
aspetrenko@puppet-db:~$ sudo mkdir -p /media/data/postgresql/9.4 Commit changes to the repository
Let's fix the changes in the repository so that they get to the puppet servers. For any postgresql datadir placement, run:
aspetrenko@aspetrenko-pc:~/sgl-git/puppet-environments$ git add manifests/nodes.pp aspetrenko@aspetrenko-pc:~/sgl-git/puppet-environments$ git commit manifests/nodes.pp -m "Add puppet-db config to nodes.pp" aspetrenko@aspetrenko-pc:~/sgl-git/puppet-environments$ git push -u origin production Applying puppet-db settings
Don't forget to set the puppetmaster settings in /etc/puppetlabs/puppet/puppet.conf on the puppet-db server.
Send a request to add a certificate for the puppet-db server to puppet-master01:
aspetrenko@puppet-db:~$ sudo -i puppet agent --enable aspetrenko@puppet-db:~$ sudo -i puppet agent --test --waitforcert 60 Confirm the certificate for puppet-master01:
aspetrenko@puppet-master01:/etc/puppetlabs/code/environments/production$ sudo -i puppet cert list "puppet-db.example.com" (SHA256) 9C:98:4C:D8:A9:B6:9D:27:5A:9D:A8:5F:15:E2:D8:99:6F:CF:0E:34:5B:B5:5C:BC:23:0D:6E:E0:84:BA:3F:05 aspetrenko@puppet-master01:/etc/puppetlabs/code/environments/production$ sudo -i puppet cert --sign puppet-db.example.com Signing Certificate Request for: "puppet-db.example.com" (SHA256) 9C:98:4C:D8:A9:B6:9D:27:5A:9D:A8:5F:15:E2:D8:99:6F:CF:0E:34:5B:B5:5C:BC:23:0D:6E:E0:84:BA:3F:05 After that, the settings made in nodes.pp will be automatically applied to puppet-db: the postgresql server and the puppet-db service will be installed and configured.
Connect puppet-master01 and puppet-master02 to puppet-db
Add the following lines to the manifests / nodes.pp file:
node 'puppet-master01.example.com' { class { 'puppetdb::master::config': puppetdb_server => 'puppet-db.example.com', } } node 'puppet-master02.example.com' { class { 'puppetdb::master::config': puppetdb_server => 'puppet-db.example.com', } } Or such, if you need to configure ntp (without using hiera):
node 'puppet-master01.example.com' { class {'::ntp': servers => [ 'time.example.com', '0.pool.ntp.org' ], } class { 'puppetdb::master::config': puppetdb_server => 'puppet-db.example.com', } } node 'puppet-master02.example.com' { class {'::ntp': servers => [ 'time.example.com', '0.pool.ntp.org' ], } class { 'puppetdb::master::config': puppetdb_server => 'puppet-db.example.com', } } Fix the changes in the repository:
aspetrenko@aspetrenko-pc:~/sgl-git/puppet-environments$ git commit manifests/nodes.pp -m "Setup puppet-db server for puppet-master01 and puppet-master02" And send the changes to the gitolite3 server:
aspetrenko@aspetrenko-pc:~/sgl-git/puppet-environments$ git push -u origin production Apply the changes on puppet-master01 and puppet-master02 servers:
sudo -i puppet agent --test Check if the connection settings for puppet-db on puppet-master01 and puppet-master02 have been applied:
cat /etc/puppetlabs/puppet/puppetdb.conf [main] server_urls = https://puppet-db.example.com:8081/ soft_write_failure = false Check if the ntp settings on puppet-master01 and puppet-master02 apply:
cat /etc/ntp.conf | grep server # Set up servers for ntpd with next options: # server - IP address or DNS name of upstream NTP server # prefer - select preferrable server server time.example.com iburst server 0.pool.ntp.org iburst Hiera setting
To simplify debugging, hiera make a symbolic link to the hiera configuration file on puppet-master01 and puppet-master02:
sudo ln -s /etc/puppetlabs/puppet/hiera.yaml /etc/hiera.yaml Create a file manifests / site.pp, and connect hiera using hiera_include ('classes'). Content site.pp:
aspetrenko@aspetrenko-pc:~/sgl-git/puppet-environments$ cat manifests/site.pp hiera_include('classes') On the puppet-master01 and puppet-master02 servers in the /etc/puppetlabs/puppet/hiera.yaml file, the default hierarchy settings are set:
:hierarchy: - "nodes/%{::trusted.certname}" - common Create a default configuration in the common.yaml file, which will be used for all nodes, and set up the ntp client settings:
aspetrenko@aspetrenko-pc:~/sgl-git/puppet-environments$ cat hieradata/common.yaml --- classes: - ntp ntp::servers: - time.example.com # - 1.pool.ntp.org # - 2.pool.ntp.org # - 3.pool.ntp.org Create a directory for storing configurations of individual nodes in hiera:
aspetrenko@aspetrenko-pc:~/sgl-git/puppet-environments$ mkdir hieradata/nodes The name of the configuration files will correspond to the names of the node certificates (% {:: trusted.certname}).
Alternative implementation using hiera, the same settings that were specified above in manifests / nodes.pp
Puppet-master configuration
aspetrenko@aspetrenko-pc:~/sgl-git/puppet-environments$ cat hieradata/nodes/puppet-master01.example.com.yaml --- classes: - puppetdb::master::config puppetdb::master::config::puppetdb_server: 'puppet-db.example.com' Similarly, in the file hieradata / nodes / puppet-master02.example.com.
Configuration for puppet-db
Standard datadir placement for postgresql
With the standard postgresql datadir layout, everything is simple:
aspetrenko@aspetrenko-pc:~/sgl-git/puppet-environments$ cat hieradata/nodes/puppet-db.example.com.yaml --- classes: - puppetdb puppetdb::listen_address: '0.0.0.0' Custom datadir placement for postgresql
But for this case, there was no simple solution. I do not know how critical the presence of the pg_trgm extension in postgresql is for the functioning of puppet-db. Just in case, I decided not to remove this extension.
The fact is that in hiera you cannot just take and declare resources (Defining resource types), as in Puppet language:
postgresql::server::extension { 'pg_trgm': database => 'puppetdb', } I tried several not very successful options for adding resources using hiera:
→ serverfault.com/questions/549720/hiera-include-equivalent-for-resource-types/549807
→ graviline.ru/index/show/41130
Not yet found the tedivm-hieratic module . The creator of the module declares support for Puppet 3.x, but it also worked in Puppet 4. In Puppetfile, you need to register another module:
mod 'tedivm-hieratic' # Hieratic allows Puppet Resources to be created directly in Hiera. Include hieratic in manifests / site.pp:
include hieratic And then you can set the config for non-standard placement of datadir for postgresql hieradata / nodes / puppet-db.yaml:
--- classes: - puppetdb - postgresql::globals - postgresql::server puppetdb::listen_address: '0.0.0.0' puppetdb::manage_dbserver: false postgresql::globals::manage_package_repo: true postgresql::globals::version: '9.4' postgresql::server::datadir: '/media/data/postgresql/9.4/main' postgresql_server_extension: pg_trgm: name: 'pg_trgm' database: 'puppetdb' Configuration application
If you configured the nodes through hiera, you need to remember to remove the node settings from manifets / nodes.pp.
Committing Changes:
aspetrenko@aspetrenko-pc:~/sgl-git/puppet-environments$ git add --all aspetrenko@aspetrenko-pc:~/sgl-git/puppet-environments$ git commit -a -m "Hiera config" aspetrenko@aspetrenko-pc:~/sgl-git/puppet-environments$ git push -u origin production Applying settings to puppet-db:
aspetrenko@puppet-db:~$ sudo -i puppet agent --test As a result, we obtain the Puppet infrastructure, which can be expanded further by adding additional puppet-master nodes as the load on the existing servers increases. Now you can start writing manifests for managed nodes. But more about that some other time.
Source: https://habr.com/ru/post/316486/
All Articles