diff options
Diffstat (limited to 'content/posts/setting_up_puppet_lab_with_virtual_box.md')
| -rw-r--r-- | content/posts/setting_up_puppet_lab_with_virtual_box.md | 291 |
1 files changed, 291 insertions, 0 deletions
diff --git a/content/posts/setting_up_puppet_lab_with_virtual_box.md b/content/posts/setting_up_puppet_lab_with_virtual_box.md new file mode 100644 index 0000000..d8d2102 --- /dev/null +++ b/content/posts/setting_up_puppet_lab_with_virtual_box.md @@ -0,0 +1,291 @@ +--- +title: 'Setting up puppet lab with virtual box' +date: 2022-07-08T08:48:10+02:00 +draft: true +--- + +In this post we'll set up a nice little lab for getting started with Puppet. My choice of hypervisor is VirtualBox, but you can also use VMWare or Hyper-V. + +<!--more--> + +## Setting up our network in VirtualBox + +For this lab we're going to use a NAT Network, which in VirtualBox means that the virtual machines can talk to eachother, the host AND the internet. + +1. Open VirtualBox and **Preferences** +2. Go to **Network** tab +3. Click the **+** icon to add a new NAT Network +4. Double click on the created NAT Network +5. Change **Network Name** to "PuppetLab" +6. Change **Network CIDR** to `10.10.10.0/24` +7. Click **OK** + +Or you can issue these commands. + +```bash +# add new natnetwork +VBoxManage netnetwork add --netname PuppetLab --network "10.10.10.0/24" --dhcp on --enable + +# to verify that our natnetwork was created +VBoxManage list natnetworks + +# if you need to remove a natnetwork configuration +VBoxManage natnetwork remove --netname <name> +``` + +## Setting up a base image + +We are going to start with setting up a base image/machine that has the core tools needed. This way we can clone the base machine when we need a new one, instead of going through the whole installation process from scratch every time. + +### Create a new virtual machine + +1. Create a new virtual machine in Virtual Box +2. Type will be Linux/Ubuntu(64-bit) +3. Give it a dynamically allocated harddrive of 20 GB +4. Download and mount ubuntu 20.04 ISO +5. Set the "PuppetLab" NAT Network as in the **Network** tab +6. Start the machine +7. Run through the installer with defaults, but make sure to check for "Install Open SSH server" + +### Operating system setup + +When the installer has finished and rebooted we'll login and start configuring our base. + +#### Update all packages + +Make sure our packages are up-to-date. + +```bash +sudo apt update && sudo apt upgrade -y +``` + +#### Add the puppet platform on apt + +Enable the Puppet platform on Apt. + +Source: [Installing Puppet](https://puppet.com/docs/puppet/7/install_puppet.html#enable_the_puppet_platform_apt) + +```bash +wget https://apt.puppet.com/puppet7-release-focal.deb +sudo dpkg -i puppet7-release-focal.deb +sudo apt update +``` + +#### Install NTP + +Install NTP for time syncing. + +```bash +sudo apt install ntp +``` + +#### Add puppet master IP to hosts file + +Instead of manually adding the Puppet master's IP address to `/etc/hosts` each time, we just add it to our base since every Puppet agent will need it. We will setup the Puppet master later with this IP address. + +```bash +sudo su +echo '10.10.10.101 puppet' >> /etc/hosts +``` + +## Setting up the Puppet master + +Start off by cloning our base machine. + +1. Right click on the base machine in VirtualBox +2. Choose **Clone...** +3. In the dialog change the following settings: + 1. **Name:** puppet-master + 2. **MAC Address Policy:\*** Generate new MAC addresses for all network adapters +4. Click **Continue** and then **Clone** +5. Start your puppet-master machine + +### Set a static IP address + +Our Puppet master needs a static IP address so that it always has the same IP address. Remember we added the `10.10.10.101` address to `/etc/hosts` file for our base. So the Puppet master must have a static IP as `10.10.10.101`. + +First we need to find our gateway and network card name. + +```bash +$ ip r s +default via 10.10.10.1 dev enp0s3 proto dhcp src 10.10.10.4 metric 100 +10.10.10.0/24 dev enp0s3 proto kernel scope link src 10.10.10.4 +10.10.10.1 dev enp0s3 proto dhcp scope link src 10.10.10.4 metric 100 +``` + +`default via 10.10.10.1` means that the traffic goes via `10.10.10.1` which again means that this is our gateway. `enp0s3` is our network card device name. This will be different from hypervisor to hypervisor. + +Ubuntu 20.04 uses Netplan as the default network management tool, so we need to edit the `.yaml` file under `/etc/netplan`. On my machine its `/etc/netplan/00-installer-config.yaml`. On your machine it might be something else, usually either one of: + +- `/etc/netplan/00-installer-config.yaml` +- `/etc/netplan/50-cloud-init.yaml` +- `/etc/netplan/01-netcfg.yaml` + +Open up the file in `vi` or `nano` and edit the following: + +```yaml +network: + version: 2 + ethernets: + enp0s3: # Replace with the name of your network card + dhcp4: false + addresses: + - 10.10.10.101/24 + gateway4: 10.10.10.1 + nameservers: + addresses: [8.8.8.8, 1.1.1.1] +``` + +Then run `sudo netplan apply` to apply the changes and `ip addr show dev enp0s3` to show that the new IP address has been set. + +### Set hostname + +Our Puppet master needs a new hostname. + +```bash +sudo hostnamectl set-hostname puppet +``` + +And then reboot the machine. + +```bash +sudo reboot +``` + +### Install the puppetserver + +Since we already added the puppet platform to Apt in our base machine, we can just go ahead and install it through apt. + +```bash +# install puppetserver +sudo apt install puppetserver + +# reload bash to update $PATH +bash -l + +# verify that we see the puppetserver binary +puppetserver -v +``` + +### Lower the Java Heap size for the Puppet Server service + +Since we are experimenting with this on a low end virtual machine, we must lower the Java Heap size so that it doesn't allocate as much memory. The default is 2GB of RAM, but our VM only has 1GB. + +Open up `/etc/default/puppetserver` and change the following: + +``` +# Modify this +JAVA_ARGS="-Xms2g -Xmx2g" + +# To look like this +JAVA_ARGS="-Xms512m -Xmx512m" +``` + +This will change the puppetserver to only allocate 512MB. + +Now reboot the machine again. + +### Enable the puppetserver service + +NOTE: this step must excuted after changing the Java Heap size or else the puppetserver service will fail because of too little RAM. + +```bash +sudo systemctl enable --now puppetserver +``` + +## Setting up a Puppet agent + +As with the Puppet master we'll clone from our base machine. When done, power up the machine. + +### Set a static IP address + +Go ahead and do the same as with puppet master, but use the IP address `10.10.10.111`. + +### Set hostname + +```bash +sudo hostnamectl set-hostname agent01 +sudo reboot +``` + +### Verify that we can contact Puppet master + +To verify that our puppet agent server can contact and communicate with our puppet master server, we can simply ping it. Remember we set `puppet` to resolve to `10.10.10.101` in our `/etc/hosts` file. Use `ctrl+c` to cancel ping. + +```bash +$ ping puppet +PING puppet (10.10.10.101) 56(84) bytes of data. +64 bytes from puppet (10.10.10.101): icmp_seq=1 ttl=64 time=0.604 ms +64 bytes from puppet (10.10.10.101): icmp_seq=2 ttl=64 time=0.437 ms +64 bytes from puppet (10.10.10.101): icmp_seq=3 ttl=64 time=0.383 ms +^C +--- puppet ping statistics --- +3 packets transmitted, 3 recieved, 0% packet loss, time 2004ms +rtt min/avg/max/mdev = 0.383/0.474/0.604/0.094 ms +``` + +### Setting up puppet-agent + +Since we already added the Puppet platform to apt we can go ahead and install the puppet-agent. + +```bash +sudo apt install puppet-agent + +# reload bash to update $PATH +bash -l + +# verify that we see the puppet binary +which puppet +``` + +## Exercise 01 + +Now, as an exercise try to add another server and install and configure puppet agent. + +## Setting up CA + +On both the agents run `sudo /opt/puppetlabs/bin/puppet agent -t`. You should see something like this. + +```bash +Info: Creating a new RSA SSL key for agent01 +Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml +Info: Creating a new SSL certificate request for agent01 +Info: Certificate Request fingerprint (SHA256): 27.24:61:E0:2E:D1:14:D5:9C:B0:B2:D1:83:B6:36:E9:CC:18:5D:AB:FF:3B:CB:E7:C7:7B:F0:7E:44:D4:CF:D8 +Info: Certificate for agent01 has not been signed yet +Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (agent01). +Exiting now because the waitforcert setting is set to 0. +``` + +Now on the puppet master server run the following, as root or with sudo, to list all certificate requests. + +```bash +$ sudo /opt/puppetlabs/bin/puppetserver ca list +agent01 (SHA256) <fingerprint> +agent02 (SHA256) <fingerprint> +``` + +To authorize the certificate for `agent01` we can run this command from the puppet master. + +```bash +$ sudo /opt/puppetlabs/bin/puppetserver ca sign --certname agent01 +Successfully signed certificate request for agent01 +``` + +Then go back to **agent01** and run `sudo /opt/puppetlabs/bin/puppet agent -t` again and you should see something likes this. + +```bash +Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml +Info: Creating a new SSL certificate request for agent01 +Info: Certificate Request fingerprint (SHA256): 27.24:61:E0:2E:D1:14:D5:9C:B0:B2:D1:83:B6:36:E9:CC:18:5D:AB:FF:3B:CB:E7:C7:7B:F0:7E:44:D4:CF:D8 +Info: Downloaded certificate for agent01 from https://puppet:8140/puppet-ca/v1 +Info: Using environment 'production' +Info: Retrieving pluginfacts +Info: Retrieving plugin +Info: Caching catalog for agent01 +Info: Applying configuration version '1657279166' +Notice: Applied catalog in 0.01 seconds +``` + +> NOTE: If you get the `Notice: Run of Puppet configuration client already in progress; [...]` just simply try again shortly. + +Now do the same for **agent02**. |