{"id":286,"date":"2016-10-21T06:00:00","date_gmt":"2016-10-21T14:00:00","guid":{"rendered":"https:\/\/andrewwippler.com\/?p=286"},"modified":"2017-05-28T10:37:13","modified_gmt":"2017-05-28T18:37:13","slug":"deploying-puppet-open-source","status":"publish","type":"post","link":"https:\/\/andrewwippler.com\/2016\/10\/21\/deploying-puppet-open-source\/","title":{"rendered":"Deploying Puppet Open Source"},"content":{"rendered":"

Update: (5\/28\/17) <\/b>yes, there is the puppet\/r10k which supercedes the zack\/r10k. While you are free to deviate from the article in your own environment, the below steps still work as intended. I will have to update this article as well as explain why having r10k and dynamic environments is a good idea.<\/p>\n

In this guide we will go over best practices to deploy Puppet Open Source using the recommended workflow (r10k), PuppetDB, and the foreman. You can deploy Puppet server on any of their supported *nix distributions. In this tutorial we will assume it to be on CentOS 7 as this seems to have the best support.<\/p>\n

<\/p>\n

The overall scope of this tutorial is as follows:<\/p>\n

    \n
  1. Set up foreman<\/li>\n
  2. Set up a control repo<\/li>\n
  3. Download r10k module<\/li>\n
  4. Run puppet apply on r10k.pp (with web hook)<\/li>\n
  5. Set up PuppetDB<\/li>\n<\/ol>\n

    Foreman installation is the easiest. Just head over to https:\/\/www.theforeman.org\/manuals\/1.12\/index.html#2.1Installation<\/a>, select CentOS 7 and follow the 5 easy steps. The defaults are fine, but if you want to provision hosts on Digital Ocean or Amazon Web Services, be sure to use interactive mode (the -i<\/code> switch on foreman-installer<\/code>) and configure those settings. You can also re-run the installer as it will remember previous settings. Since the foreman installer is built with puppet, it will not override any settings – just enforce them. This allows running the foreman-installer<\/code> on an already provisioned puppetserver<\/code> non-destructive.<\/p>\n

    The control repo is the next step and is also very easy to perform. Just fork the Puppet control-repo<\/a> to a local git repository or private git location. Instructions are included in the repo on how to set it up on a gitlab server.<\/p>\n

    Once foreman<\/code> has installed completely, install the zack\/r10k<\/code> module to manage r10k by running puppet module install zack-r10k<\/code>. This downloads all prerequisites for managing r10k and getting the ball rolling on a great DevOps practice. You will then need to apply a new puppet manifest to manage r10k’s installation and configuration. You can do that by creating r10k-install.pp<\/code> with the following contents:<\/p>\n

    #Fixes Puppet 4 path for webhook\nfile {'\/usr\/local\/bin\/puppet':\n  ensure => link,\n  target => '\/opt\/puppetlabs\/bin\/puppet',\n}\n\nclass { 'r10k':\n  # Point this to your forked control-repo\n  remote       => 'git@localgitrepo:puppet\/control-repo.git',\n  # You will need to create this ssh-key pair\n  git_settings => {\n     'private_key' => '\/etc\/puppetlabs\/puppetserver\/r10k',\n  }\n}\n\n# Instead of running via mco, run r10k directly\nclass {'r10k::webhook::config':\n  use_mcollective  => false,\n  # replace the file names with the correct cert names\n  public_key_path  => '\/etc\/puppetlabs\/puppet\/ssl\/certs\/puppet.example.org.pem',\n  private_key_path => '\/etc\/puppetlabs\/puppet\/ssl\/private_keys\/puppet.example.org.pem',\n}\n\n# this exposes https:\/\/0.0.0.0:8088\/payload for git webhooks\nclass {'r10k::webhook':\n  use_mcollective => false,\n  user            => 'root',\n  group           => '0',\n  require         => Class['r10k::webhook::config'],\n}<\/code><\/pre>\n
    With that file saved, run puppet apply r10k.pp<\/code>. This will enforce and set up r10k.<\/p>\n
    One of the last things I do on a new Puppet 4 installation is set up PuppetDB. PuppetDB is used to collect exported resources and return them to nodes that want them (i.e. the built-in nagios plugin). By now you should already have puppet installed and working without error. To add PuppetDB into the environment, it is as simple as editing the Puppetfile<\/code> in your control repo to have mod 'puppetlabs\/puppetdb'<\/code> and matching the dependencies for the PuppetDB module<\/a>. Next edit your site.pp<\/code> manifest to include the following:<\/p>\n
    node 'puppet' {\n  # Configure puppetdb and its underlying database\n  class { 'puppetdb': }\n  # Configure the Puppet master to use puppetdb\n  class { 'puppetdb::master::config': }\n\n  # ... r10k stuff should go here. Make sure to add the module and its dependencies to the Puppetfile!\n}<\/code><\/pre>\n
    On the next puppet run, you should have a solid Puppet environment. Your next step would be to set up the git webhook. This is so that every time you push changes to the repo, r10k updates them on your puppet master. Welcome to the club \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"
    Update: (5\/28\/17) yes, there is the puppet\/r10k which supercedes the zack\/r10k. While you are free to deviate from the article in your own environment, the below steps still work as intended. I will have to update this article as well as explain why having r10k and dynamic environments is a good idea. In this guide […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[55],"tags":[60,29,26],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[],"jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/andrewwippler.com\/wp-json\/wp\/v2\/posts\/286"}],"collection":[{"href":"https:\/\/andrewwippler.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/andrewwippler.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/andrewwippler.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/andrewwippler.com\/wp-json\/wp\/v2\/comments?post=286"}],"version-history":[{"count":9,"href":"https:\/\/andrewwippler.com\/wp-json\/wp\/v2\/posts\/286\/revisions"}],"predecessor-version":[{"id":505,"href":"https:\/\/andrewwippler.com\/wp-json\/wp\/v2\/posts\/286\/revisions\/505"}],"wp:attachment":[{"href":"https:\/\/andrewwippler.com\/wp-json\/wp\/v2\/media?parent=286"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/andrewwippler.com\/wp-json\/wp\/v2\/categories?post=286"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/andrewwippler.com\/wp-json\/wp\/v2\/tags?post=286"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}