1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
|
---
title: 'Setting up puppet lab with virtual box'
date: 2022-07-08T08:48:10+02:00
draft: true
---
In this post we'll set up a nice little lab for getting started with Puppet. My choice of hypervisor is VirtualBox, but you can also use VMWare or Hyper-V.
<!--more-->
## Setting up our network in VirtualBox
For this lab we're going to use a NAT Network, which in VirtualBox means that the virtual machines can talk to eachother, the host AND the internet.
1. Open VirtualBox and **Preferences**
2. Go to **Network** tab
3. Click the **+** icon to add a new NAT Network
4. Double click on the created NAT Network
5. Change **Network Name** to "PuppetLab"
6. Change **Network CIDR** to `10.10.10.0/24`
7. Click **OK**
Or you can issue these commands.
```bash
# add new natnetwork
VBoxManage netnetwork add --netname PuppetLab --network "10.10.10.0/24" --dhcp on --enable
# to verify that our natnetwork was created
VBoxManage list natnetworks
# if you need to remove a natnetwork configuration
VBoxManage natnetwork remove --netname <name>
```
## Setting up a base image
We are going to start with setting up a base image/machine that has the core tools needed. This way we can clone the base machine when we need a new one, instead of going through the whole installation process from scratch every time.
### Create a new virtual machine
1. Create a new virtual machine in Virtual Box
2. Type will be Linux/Ubuntu(64-bit)
3. Give it a dynamically allocated harddrive of 20 GB
4. Download and mount ubuntu 20.04 ISO
5. Set the "PuppetLab" NAT Network as in the **Network** tab
6. Start the machine
7. Run through the installer with defaults, but make sure to check for "Install Open SSH server"
### Operating system setup
When the installer has finished and rebooted we'll login and start configuring our base.
#### Update all packages
Make sure our packages are up-to-date.
```bash
sudo apt update && sudo apt upgrade -y
```
#### Add the puppet platform on apt
Enable the Puppet platform on Apt.
Source: [Installing Puppet](https://puppet.com/docs/puppet/7/install_puppet.html#enable_the_puppet_platform_apt)
```bash
wget https://apt.puppet.com/puppet7-release-focal.deb
sudo dpkg -i puppet7-release-focal.deb
sudo apt update
```
#### Install NTP
Install NTP for time syncing.
```bash
sudo apt install ntp
```
#### Add puppet master IP to hosts file
Instead of manually adding the Puppet master's IP address to `/etc/hosts` each time, we just add it to our base since every Puppet agent will need it. We will setup the Puppet master later with this IP address.
```bash
sudo su
echo '10.10.10.101 puppet' >> /etc/hosts
```
## Setting up the Puppet master
Start off by cloning our base machine.
1. Right click on the base machine in VirtualBox
2. Choose **Clone...**
3. In the dialog change the following settings:
1. **Name:** puppet-master
2. **MAC Address Policy:\*** Generate new MAC addresses for all network adapters
4. Click **Continue** and then **Clone**
5. Start your puppet-master machine
### Set a static IP address
Our Puppet master needs a static IP address so that it always has the same IP address. Remember we added the `10.10.10.101` address to `/etc/hosts` file for our base. So the Puppet master must have a static IP as `10.10.10.101`.
First we need to find our gateway and network card name.
```bash
$ ip r s
default via 10.10.10.1 dev enp0s3 proto dhcp src 10.10.10.4 metric 100
10.10.10.0/24 dev enp0s3 proto kernel scope link src 10.10.10.4
10.10.10.1 dev enp0s3 proto dhcp scope link src 10.10.10.4 metric 100
```
`default via 10.10.10.1` means that the traffic goes via `10.10.10.1` which again means that this is our gateway. `enp0s3` is our network card device name. This will be different from hypervisor to hypervisor.
Ubuntu 20.04 uses Netplan as the default network management tool, so we need to edit the `.yaml` file under `/etc/netplan`. On my machine its `/etc/netplan/00-installer-config.yaml`. On your machine it might be something else, usually either one of:
- `/etc/netplan/00-installer-config.yaml`
- `/etc/netplan/50-cloud-init.yaml`
- `/etc/netplan/01-netcfg.yaml`
Open up the file in `vi` or `nano` and edit the following:
```yaml
network:
version: 2
ethernets:
enp0s3: # Replace with the name of your network card
dhcp4: false
addresses:
- 10.10.10.101/24
gateway4: 10.10.10.1
nameservers:
addresses: [8.8.8.8, 1.1.1.1]
```
Then run `sudo netplan apply` to apply the changes and `ip addr show dev enp0s3` to show that the new IP address has been set.
### Set hostname
Our Puppet master needs a new hostname.
```bash
sudo hostnamectl set-hostname puppet
```
And then reboot the machine.
```bash
sudo reboot
```
### Install the puppetserver
Since we already added the puppet platform to Apt in our base machine, we can just go ahead and install it through apt.
```bash
# install puppetserver
sudo apt install puppetserver
# reload bash to update $PATH
bash -l
# verify that we see the puppetserver binary
puppetserver -v
```
### Lower the Java Heap size for the Puppet Server service
Since we are experimenting with this on a low end virtual machine, we must lower the Java Heap size so that it doesn't allocate as much memory. The default is 2GB of RAM, but our VM only has 1GB.
Open up `/etc/default/puppetserver` and change the following:
```
# Modify this
JAVA_ARGS="-Xms2g -Xmx2g"
# To look like this
JAVA_ARGS="-Xms512m -Xmx512m"
```
This will change the puppetserver to only allocate 512MB.
Now reboot the machine again.
### Enable the puppetserver service
NOTE: this step must excuted after changing the Java Heap size or else the puppetserver service will fail because of too little RAM.
```bash
sudo systemctl enable --now puppetserver
```
## Setting up a Puppet agent
As with the Puppet master we'll clone from our base machine. When done, power up the machine.
### Set a static IP address
Go ahead and do the same as with puppet master, but use the IP address `10.10.10.111`.
### Set hostname
```bash
sudo hostnamectl set-hostname agent01
sudo reboot
```
### Verify that we can contact Puppet master
To verify that our puppet agent server can contact and communicate with our puppet master server, we can simply ping it. Remember we set `puppet` to resolve to `10.10.10.101` in our `/etc/hosts` file. Use `ctrl+c` to cancel ping.
```bash
$ ping puppet
PING puppet (10.10.10.101) 56(84) bytes of data.
64 bytes from puppet (10.10.10.101): icmp_seq=1 ttl=64 time=0.604 ms
64 bytes from puppet (10.10.10.101): icmp_seq=2 ttl=64 time=0.437 ms
64 bytes from puppet (10.10.10.101): icmp_seq=3 ttl=64 time=0.383 ms
^C
--- puppet ping statistics ---
3 packets transmitted, 3 recieved, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 0.383/0.474/0.604/0.094 ms
```
### Setting up puppet-agent
Since we already added the Puppet platform to apt we can go ahead and install the puppet-agent.
```bash
sudo apt install puppet-agent
# reload bash to update $PATH
bash -l
# verify that we see the puppet binary
which puppet
```
## Exercise 01
Now, as an exercise try to add another server and install and configure puppet agent.
## Setting up CA
On both the agents run `sudo /opt/puppetlabs/bin/puppet agent -t`. You should see something like this.
```bash
Info: Creating a new RSA SSL key for agent01
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for agent01
Info: Certificate Request fingerprint (SHA256): 27.24:61:E0:2E:D1:14:D5:9C:B0:B2:D1:83:B6:36:E9:CC:18:5D:AB:FF:3B:CB:E7:C7:7B:F0:7E:44:D4:CF:D8
Info: Certificate for agent01 has not been signed yet
Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (agent01).
Exiting now because the waitforcert setting is set to 0.
```
Now on the puppet master server run the following, as root or with sudo, to list all certificate requests.
```bash
$ sudo /opt/puppetlabs/bin/puppetserver ca list
agent01 (SHA256) <fingerprint>
agent02 (SHA256) <fingerprint>
```
To authorize the certificate for `agent01` we can run this command from the puppet master.
```bash
$ sudo /opt/puppetlabs/bin/puppetserver ca sign --certname agent01
Successfully signed certificate request for agent01
```
Then go back to **agent01** and run `sudo /opt/puppetlabs/bin/puppet agent -t` again and you should see something likes this.
```bash
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for agent01
Info: Certificate Request fingerprint (SHA256): 27.24:61:E0:2E:D1:14:D5:9C:B0:B2:D1:83:B6:36:E9:CC:18:5D:AB:FF:3B:CB:E7:C7:7B:F0:7E:44:D4:CF:D8
Info: Downloaded certificate for agent01 from https://puppet:8140/puppet-ca/v1
Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for agent01
Info: Applying configuration version '1657279166'
Notice: Applied catalog in 0.01 seconds
```
> NOTE: If you get the `Notice: Run of Puppet configuration client already in progress; [...]` just simply try again shortly.
Now do the same for **agent02**.
|
