Legido Wiki

User Tools

Site Tools

Trace:
informatica:linux:puppet

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
informatica:linux:puppet [2012/05/30 10:34] javiinformatica:linux:puppet [2015/04/13 20:19] (current) – external edit 127.0.0.1
Line 4: Line 4:
  
 Sistema para centralizar configuraciones e instalacion de paquetes... Sistema para centralizar configuraciones e instalacion de paquetes...
- 
  
 ===== Instalación y configuración del servidor ===== ===== Instalación y configuración del servidor =====
Line 22: Line 21:
  
 1.2 Nodos 1.2 Nodos
 +
 +  sudo mkdir /etc/puppet/manifests/nodes/
  
 <code> <code>
Line 45: Line 46:
   sudo mkdir -p /etc/puppet/modules/modulo1/{files,templates,manifests}   sudo mkdir -p /etc/puppet/modules/modulo1/{files,templates,manifests}
  
-<code> +  /etc/puppet/modules/modulo1/files/modulo1.txt
-/etc/puppet/modules/modulo1/files/modulo1.txt+
  
 Simplemente un archivo vacio Simplemente un archivo vacio
-</code> 
  
 <code> <code>
Line 69: Line 68:
 En este ejemplo: En este ejemplo:
  
-  * Instalamos (si no lo esta) el paquete 'sudo' +* Instalamos (si no lo esta) el paquete 'sudo'\\ 
-  * Copiamos el archivo puppet_server.domain.com:/etc/puppet/modules/modulo1/files/modulo1.txt puppet_client_1.domain.com:/tmp/modulo1.txtNotese que la URL es puppet:///modules/modulo1/modulo1.txt+* Copiamos el archivo
 +  puppet_server.domain.com:/etc/puppet/modules/modulo1/files/modulo1.txt 
 +A: 
 +  puppet_client_1.domain.com:/tmp/modulo1.txt 
 +Notese que la URL es
 +  puppet:///modules/modulo1/modulo1.txt 
 +* **Importante**: el archivo (/etc/puppet/modules/modulo1/files/modulo1.txt) debe ser accesible por el usuario 'puppet', que es el que ejecuta el cliente
  
 2. Arrancar/reiniciar/parar servicio 2. Arrancar/reiniciar/parar servicio
Line 109: Line 114:
   /var/log/puppet/masterhttp.log   /var/log/puppet/masterhttp.log
   /var/log/daemon.log   /var/log/daemon.log
 +
 +
 +
 +
  
  
Line 117: Line 126:
   sudo aptitude update; sudo aptitude install puppet -R   sudo aptitude update; sudo aptitude install puppet -R
  
-2. Configurar para que se puede arrancar como demonio+2. Configurar para que se puede arrancar como demonio:
  
-  sudo cp /etc/default/puppet /etc/default/puppet.oldsudo vim /etc/default/puppet+  sudo mv /etc/default/puppet /etc/default/puppet.old 
 +  sudo vim /etc/default/puppet
  
-Y dejar la siguiente linea asi:+<code> 
 +# Start puppet on boot? 
 +START=yes
  
-  ... +# Startup options 
-  START=yes +DAEMON_OPTS="--verbose" 
-  ...+</code> 
 + 
 +Si quisieramos redirigir el log a otro archivo podriamos usar la siguiente config, pero a mi no me va del todo bien (hay mensajes que creo que no se registran, aparece continuamente una entrada diciendo que el log se reabre...
 + 
 +<code> 
 +# Start puppet on boot? 
 +START=yes 
 + 
 +# Startup options 
 +DAEMON_OPTS="--verbose --logdest /var/log/puppet.log" 
 +</code> 
 + 
 + 
 +3. Definir el nombre del servidor al que se conecta: 
 + 
 +  sudo cp /etc/puppet/puppet.conf /etc/puppet/puppet.conf.old 
 +  sudo vim /etc/puppet/puppet.conf 
 + 
 +Y anyadirle: 
 + 
 +  server=puppet_server.domain.com
  
-3. Arrancar el cliente:+4. Arrancar el cliente:
  
 **OJO** para que todo vaya bien probablemente el nodo deberia estar definido en el servidor previamente **OJO** para que todo vaya bien probablemente el nodo deberia estar definido en el servidor previamente
Line 134: Line 166:
   Restarting puppet agent.   Restarting puppet agent.
  
-4. Comprobar logs:+5. Comprobar logs:
  
 <code> <code>
Line 160: Line 192:
  
   May 29 15:04:18 test5 puppet-agent[11081]: (/Stage[main]/Test3/Package[bzip2]/ensure) change from purged to present failed: Execution of '/usr/bin/apt-get -q -y -o DPkg::Options::=--force-confold install bzip2' returned 100: Reading package lists...#012Building dependency tree...#012Reading state information...#012Suggested packages:#012  bzip2-doc#012The following NEW packages will be installed:#012  bzip2#0120 upgraded, 1 newly installed, 0 to remove and 4 not upgraded.#012Need to get 50.5 kB of archives.#012After this operation, 164 kB of additional disk space will be used.#012WARNING: The following packages cannot be authenticated!#012  bzip2#012E: There are problems and -y was used without --force-yes   May 29 15:04:18 test5 puppet-agent[11081]: (/Stage[main]/Test3/Package[bzip2]/ensure) change from purged to present failed: Execution of '/usr/bin/apt-get -q -y -o DPkg::Options::=--force-confold install bzip2' returned 100: Reading package lists...#012Building dependency tree...#012Reading state information...#012Suggested packages:#012  bzip2-doc#012The following NEW packages will be installed:#012  bzip2#0120 upgraded, 1 newly installed, 0 to remove and 4 not upgraded.#012Need to get 50.5 kB of archives.#012After this operation, 164 kB of additional disk space will be used.#012WARNING: The following packages cannot be authenticated!#012  bzip2#012E: There are problems and -y was used without --force-yes
- 
- 
  
 ===== Arrancar servicios para probar ===== ===== Arrancar servicios para probar =====
Line 198: Line 228:
   notice: Signed certificate request for dns.jj.com   notice: Signed certificate request for dns.jj.com
   notice: Removing file Puppet::SSL::CertificateRequest dns.jj.com at '/var/lib/puppet/ssl/ca/requests/dns.jj.com.pem'   notice: Removing file Puppet::SSL::CertificateRequest dns.jj.com at '/var/lib/puppet/ssl/ca/requests/dns.jj.com.pem'
 +
 +
  
 ===== Revocar certificado ===== ===== Revocar certificado =====
  
-<code> +2 formas:
-sudo puppet cert --clean dns.jj.com+
  
 +  sudo puppet cert --clean dns.jj.com
 +o
 +  sudo puppetca --clean dns.jj.com
 +
 +<code>
 notice: Revoked certificate with serial 3 notice: Revoked certificate with serial 3
 notice: Removing file Puppet::SSL::Certificate dns.jj.com at '/var/lib/puppet/ssl/ca/signed/dns.jj.com.pem' notice: Removing file Puppet::SSL::Certificate dns.jj.com at '/var/lib/puppet/ssl/ca/signed/dns.jj.com.pem'
 notice: Removing file Puppet::SSL::Certificate dns.jj.com at '/var/lib/puppet/ssl/certs/dns.jj.com.pem' notice: Removing file Puppet::SSL::Certificate dns.jj.com at '/var/lib/puppet/ssl/certs/dns.jj.com.pem'
 </code> </code>
 +
 +
 +
 +===== Arrancar puppetmaster como otro usuario =====
 +
 +<code>
 +sudo cp /etc/init.d/puppetmaster /etc/init.d/puppetmaster.bak
 +sudo vim /etc/init.d/puppetmaster
 +</code>
 +
 +Y cambiar solo esta linea:
 +
 +  chown USUARIO:USUARIO /var/run/puppet
 +
 +<code>
 +sudo cp /etc/puppet/puppet.conf /etc/puppet/puppet.conf.bak
 +sudo vim /etc/puppet/puppet.conf
 +</code>
 +
 +Y anyadir esta linea en la seccion [main]:
 +
 +<code>
 +[main]
 +...
 +user=usuario
 +</code>
 +
 +Reiniciar:
 +
 +  sudo /etc/init.d/puppetmaster restart
 +
 +
 +
 +===== Instalar modulos =====
 +
 +http://docs.puppetlabs.com/puppet/2.7/reference/modules_installing.html
 +
 +
 +
 +===== Errores / bugs =====
 +
 +**err: Could not call revoke: Cannot convert into OpenSSL::BN**
 +
 +  sudo rm -fr /var/lib/puppet/ssl/ca/requests/mysql-monitor-1.dev.jj.com.pem
 +
 +---------------------------------------------------------------------------------------------------------------------
 +
 +  * La funcion split() no va bien en la version 2.6. Actualizar a la 2.7.x (me funciona en la 2.7.18)
 +
 +http://docs.puppetlabs.com/references/latest/function.html#split
 +
 +---------------------------------------------------------------------------------------------------------------------
 +
 +**Could not request certificate: The certificate retrieved from the master does not match the agent's private key.#012Certificate fingerprint: FB:8A:80:D1:51:E1:7B:A6:79:64:1F:56:E8:1B:D9:68#012To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate.#012On the master:#012  puppet cert clean mumble-1.dev.local.jamgo.org#012On the agent:#012  rm -f /var/lib/puppet/ssl/certs/mumble-1.dev.local.jamgo.org.pem#012  puppet agent -t**
 +
 +1. (Servidor) Eliminar el certificado:
 +
 +  sudo rm -fr /var/lib/puppet/ssl/ca/signed/mumble-1.dev.local.jamgo.org.pem
 +
 +2. (Cliente) Eliminar certificados:
 +
 +  sudo su
 +  rm -fr /var/lib/puppet/ssl/*
 +
informatica/linux/puppet.1338374071.txt.gz · Last modified: (external edit)