Puppet Configuration on Amazon Web Services

What is Configuration Management

Configuration management (CM) is a governance and systems engineering process for ensuring consistency among physical and logical assets in an operational environment. The configuration management process seeks to identify and track individual configuration items (CIs), documenting functional capabilities and inter-dependencies. Administrators, technicians and software developers can use configuration management tools to verify the effect a change to one configuration item has on other systems.

In simple words, to get over the hassle of maintaining the desired or acquiring new configuration state for a vast number of systems/servers , the implementation of CM becomes really important.

Agenda

This article focuses on step wise configuration of puppet on amazon web services cloud platform.

CM on cloud platform (AWS) , using opensource puppet:

The setup of puppet might be slightly different as compared to configuring puppet on-premises.

The below mentioned tried and tested steps will help you configuring puppet and using it for management of huge infrastructure just by making some small manifest files.

With the below steps we kick start the journey of configuration of puppet on EC2

• Launch an EC2 instance in AWS portal , in our case we would be using Ubuntu 14.04 LTS
• Choose the server type and select the number of instances that you wish to launch and test your configuration with.
• Select the security group and make sure that you open port 8140 as puppet clients(nodes) talk to the master on that port.
• Here we will refer to client nodes as agents and master as master.
• Lets give an appropriate hostname to the server for first as AWS has DNS names with the ip address, hence on the master server (Ubuntu) run the below mentioned commands,

sudo hostname puppetmaster.test.org (as suitable)

hostname -i or hostname -f

• Repeat the same for client (agent) server

hostname puppetagent.test.org

hostname -i or  hostname -u

• On the master server (we will now make the two server familiar to each other)

echo agentip puppetagent.test.org >>/etc/hosts

(use your agent ip and agent hostname)

• On the agent server (repeat the above step)

echo masterip puppetmaster.test.org >> /etc/hosts

• Now try and ping master to agent and agent to master,the communication would be successful.
• On the master server , first install puppet master,

 apt-get update 

apt-get install puppetmaster

• Now install puppet agent on the agent node,

apt-get update 

apt-get install puppet

• Now start the agent service by using the below command

systemctl enable puppet  or service puppet start or systemctl start puppet

• Now we will edit the puppet.conf file in the below shown manner on the agent node

 vi /etc/puppet/puppet.conf            

add below [main ] section

server=puppetmaster.test.org (hostname of master)

then save the file.

• Push the certificate from agent to master , it will not communicate for the first time,run the below command ,so on the agent node run ,

puppet agent --no-daemonize --onetime –verbose

• Now switch to the master server ans run ,

puppet cert list all  #it show all cert list sign and unsigned

puppet cert sign puppetagent.test.org

puppet agent --fingerprint # sign the cert requests from the   clients and do the administrations centrally through the Puppet Master server

• Now we are ready to get started with the configuration, lets take a small example of the manifest file,
• Puppet Master: Write manifests file

 cd /etc/puppet/manifests/   

vi site.pp     

# testing installation of git package    

node "puppetagent.test.org" {   

package { 'git':          

name  => 'git',          

ensure => installed,         

}         

} 

 Now save the manifest file 

puppet parser validate site.pp # it will check only syntax error

• Lets play a bit with when we want to make the configuration changes and what is the time interval in which agent pulls configuration from master.

Runinterval →  Change runinterval for apply manifest file on client (Agent node ) from master (server) How often puppet agent applies the catalog. Note that a runinterval of 0 means “run continuously” rather than “never run.” If you want puppet agent to never run, you should start it with the --no-client option. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). ● Default: 30m

Add main below 

vi /etc/puppet/puppet.conf 

        runinterval = 5m  

• On the puppet agent server,

puppet agent -t

#manually apply the manifests file on agent it take information from  master manifests file .

git –version 

Note: Any script is written in site.pp because puppet agent first checks   from site.pp . Every 30 mints Puppet agent check from master manifest file, if any modified is done it collect automatically and deploy on Puppet agent.

Now you are free to play around with your manifest files and install and configure multiple packages on multiple servers in one go.

Note: All the commands are written in italics font.

Any suggestions ans questions are most welcome. Please feel free to drop a text.