{"id":286,"date":"2016-10-21T06:00:00","date_gmt":"2016-10-21T14:00:00","guid":{"rendered":"https:\/\/andrewwippler.com\/?p=286"},"modified":"2017-05-28T10:37:13","modified_gmt":"2017-05-28T18:37:13","slug":"deploying-puppet-open-source","status":"publish","type":"post","link":"https:\/\/andrewwippler.com\/2016\/10\/21\/deploying-puppet-open-source\/","title":{"rendered":"Deploying Puppet Open Source"},"content":{"rendered":"
Update: (5\/28\/17) <\/b>yes, there is the puppet\/r10k which supercedes the zack\/r10k. While you are free to deviate from the article in your own environment, the below steps still work as intended. I will have to update this article as well as explain why having r10k and dynamic environments is a good idea.<\/p>\n
In this guide we will go over best practices to deploy Puppet Open Source using the recommended workflow (r10k), PuppetDB, and the foreman. You can deploy Puppet server on any of their supported *nix distributions. In this tutorial we will assume it to be on CentOS 7 as this seems to have the best support.<\/p>\n
<\/p>\n
The overall scope of this tutorial is as follows:<\/p>\n
Foreman installation is the easiest. Just head over to https:\/\/www.theforeman.org\/manuals\/1.12\/index.html#2.1Installation<\/a>, select CentOS 7 and follow the 5 easy steps. The defaults are fine, but if you want to provision hosts on Digital Ocean or Amazon Web Services, be sure to use interactive mode (the The control repo is the next step and is also very easy to perform. Just fork the Puppet control-repo<\/a> to a local git repository or private git location. Instructions are included in the repo on how to set it up on a gitlab server.<\/p>\n Once With that file saved, run One of the last things I do on a new Puppet 4 installation is set up PuppetDB. PuppetDB is used to collect exported resources and return them to nodes that want them (i.e. the built-in nagios plugin). By now you should already have puppet installed and working without error. To add PuppetDB into the environment, it is as simple as editing the On the next puppet run, you should have a solid Puppet environment. Your next step would be to set up the git webhook. This is so that every time you push changes to the repo, r10k updates them on your puppet master. Welcome to the club \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":" Update: (5\/28\/17) yes, there is the puppet\/r10k which supercedes the zack\/r10k. While you are free to deviate from the article in your own environment, the below steps still work as intended. I will have to update this article as well as explain why having r10k and dynamic environments is a good idea. In this guide […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[55],"tags":[60,29,26],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[],"jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/andrewwippler.com\/wp-json\/wp\/v2\/posts\/286"}],"collection":[{"href":"https:\/\/andrewwippler.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/andrewwippler.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/andrewwippler.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/andrewwippler.com\/wp-json\/wp\/v2\/comments?post=286"}],"version-history":[{"count":9,"href":"https:\/\/andrewwippler.com\/wp-json\/wp\/v2\/posts\/286\/revisions"}],"predecessor-version":[{"id":505,"href":"https:\/\/andrewwippler.com\/wp-json\/wp\/v2\/posts\/286\/revisions\/505"}],"wp:attachment":[{"href":"https:\/\/andrewwippler.com\/wp-json\/wp\/v2\/media?parent=286"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/andrewwippler.com\/wp-json\/wp\/v2\/categories?post=286"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/andrewwippler.com\/wp-json\/wp\/v2\/tags?post=286"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}-i<\/code> switch on
foreman-installer<\/code>) and configure those settings. You can also re-run the installer as it will remember previous settings. Since the foreman installer is built with puppet, it will not override any settings – just enforce them. This allows running the
foreman-installer<\/code> on an already provisioned
puppetserver<\/code> non-destructive.<\/p>\n
foreman<\/code> has installed completely, install the
zack\/r10k<\/code> module to manage r10k by running
puppet module install zack-r10k<\/code>. This downloads all prerequisites for managing r10k and getting the ball rolling on a great DevOps practice. You will then need to apply a new puppet manifest to manage r10k’s installation and configuration. You can do that by creating
r10k-install.pp<\/code> with the following contents:<\/p>\n
#Fixes Puppet 4 path for webhook\nfile {'\/usr\/local\/bin\/puppet':\n ensure => link,\n target => '\/opt\/puppetlabs\/bin\/puppet',\n}\n\nclass { 'r10k':\n # Point this to your forked control-repo\n remote => 'git@localgitrepo:puppet\/control-repo.git',\n # You will need to create this ssh-key pair\n git_settings => {\n 'private_key' => '\/etc\/puppetlabs\/puppetserver\/r10k',\n }\n}\n\n# Instead of running via mco, run r10k directly\nclass {'r10k::webhook::config':\n use_mcollective => false,\n # replace the file names with the correct cert names\n public_key_path => '\/etc\/puppetlabs\/puppet\/ssl\/certs\/puppet.example.org.pem',\n private_key_path => '\/etc\/puppetlabs\/puppet\/ssl\/private_keys\/puppet.example.org.pem',\n}\n\n# this exposes https:\/\/0.0.0.0:8088\/payload for git webhooks\nclass {'r10k::webhook':\n use_mcollective => false,\n user => 'root',\n group => '0',\n require => Class['r10k::webhook::config'],\n}<\/code><\/pre>\n
puppet apply r10k.pp<\/code>. This will enforce and set up r10k.<\/p>\n
Puppetfile<\/code> in your control repo to have
mod 'puppetlabs\/puppetdb'<\/code> and matching the dependencies for the PuppetDB module<\/a>. Next edit your
site.pp<\/code> manifest to include the following:<\/p>\n
node 'puppet' {\n # Configure puppetdb and its underlying database\n class { 'puppetdb': }\n # Configure the Puppet master to use puppetdb\n class { 'puppetdb::master::config': }\n\n # ... r10k stuff should go here. Make sure to add the module and its dependencies to the Puppetfile!\n}<\/code><\/pre>\n