Puppet

From ArchWiki

From Puppet web site:

Puppet is IT automation software that helps system administrators manage infrastructure throughout its lifecycle, from provisioning and configuration to patch management and compliance. Using Puppet, you can easily automate repetitive tasks, quickly deploy critical applications, and proactively manage change, scaling from 10s of servers to 1000s, on-premise or in the cloud.

Installation

Install the puppet package. Alternatively, install puppet-gitAUR for the development version.

If you want to install a puppet master you can install the puppetserverAUR package, the documentation for which is in Puppet server.

Configuration

Puppet's main configuration file is puppet.conf which is located at /etc/puppetlabs/puppet/puppet.conf.

There are 3 sections to place settings depending if it is a master/agent: [main], [agent] and [master].

Bare minimum of settings are:

  • server: The hostname of the puppet server. Default: puppet
  • report: Most users should set this to true.
  • pluginsync: Most users should set this to true.
  • certname: The certified name of the machine (unique identifier). Default: fqdn

Puppet will look for node configuration in /etc/puppetlabs/code/environments/production/manifests/site.pp.

After starting puppet by daemon/cron/standalone, it will generate certificates in /etc/puppetlabs/puppet/ssl/ directory. You need to accept this certificate in the puppet master:

# puppet cert sign name

Notes on bindaddress for puppet master.

The default value for bindaddress is 0.0.0.0, which makes puppet listen on IPv4 only: bindaddress = 0.0.0.0

To make puppet master listen on IPv6, set the bindaddress value to: bindaddress = ::

To make puppet listen on both interface, set the value to: bindaddress = *

Facter

Facter is a companion program of puppet that gathers facts about the system it runs on.

Commands:

# puppet facts find facter
# facter -p
Note: Facter is installed by default as a dependency of puppet.

Puppet Resources

Packages

Pacman is supported by puppet. Installing packages works out of the box since puppet 3.1.0.

Services

Since puppet 3.2.1, systemd on Arch Linux is fully supported.

See systemctl for details on how to use the provided units.

Puppet Bolt

Puppet Bolt is standalone piece of software that was introduced by puppet to allow applying tasks without the need for puppet agent and puppet server (like Ansible/Salt). Of course many advantages of the master/agent-design are then lost, but if you need to send one-time commands, puppet bolt is the right tool for you.

For example restarting a webserver or deleting the mailqueue is done better with puppet bolt whereas keeping a package to the most current version should be done with standard puppet configuration management.

Installing Bolt on Arch

To use Bolt on Arch to run tasks (that may target the local system or remote targets), the only needed package is puppet-boltAUR. More information can be found in its Documentation and official hands-on lab.

Targeting Arch with Bolt

When Bolt is run against an Arch target (regardless of whether Bolt itself is invoked on Arch), some functionality does not work out of the box. In general, when diagnosing mysterious Bolt failures on Arch targets, information about the cause of the failure is available via the debug log level, for example:

$ bolt apply --target arch --log-level debug ...

Execute bolt help for the command nomenclature.

Using Bolt to install Puppet

The puppet_agent::install Bolt task (which is invoked automatically as part of bolt apply and several other pieces of Bolt functionality) does not support installing the Puppet agent on Arch Linux. Attempts to do this may encounter errors like Sorry Arch is not supported yet in the Bolt debug logs.

Fortunately, Bolt can use a pre-installed version of Puppet. To set this up, install Puppet manually using the instructions in the "Installation" section above, then ensure that which is installed. which is required due to this Bolt issue; if it is not present the Sorry Arch is not supported yet error may continue to occur in Bolt even after Puppet is correctly installed on the target.

Bolt Binary-location Expectations

A lot of Bolt functionality, including bolt apply, expects several Puppet-related binaries to be installed in /opt/puppetlabs/bin, which is not done by the default puppet package. Until this is resolved, errors like this may occur in the Bolt debug logs:

/tmp/7b7dae3f-c3d9-4482-af14-a7e94a98b6cd/custom_facts.rb: bad interpreter: /opt/puppetlabs/puppet/bin/ruby: no such file or directory

To work around this issue, symlink the installed Ruby into the expected location:

$ mkdir -p /opt/puppetlabs/puppet/bin
$ ln -s $(type -p ruby) /opt/puppetlabs/puppet/bin/ruby

If additional Bolt failures occur due to other binaries not being installed in that folder, you can symlink /usr/bin to it:

$ rm /opt/puppetlabs/puppet/bin/ruby
$ rm -r /opt/puppetlabs/puppet/bin
$ ln -s /usr/bin /opt/puppetlabs/puppet/bin