Wednesday, August 27, 2014

Playing with puppet vol V - provisioning centos machines

Today I'll try to setup provisioning of centos machines. I'll boot netinstall iso, install system via kickstart and setup system with puppet.

TOC

Autosigning certificate requests

At first I need to enable and setup puppet autosigning feature because I don't want to sign agent certificate requests manually. Therefore I'll create /etc/puppet/autosign.conf: 

[root@puppet vajko-basic]# cat /etc/puppet/autosign.conf 
*.localdomain
puppet6
puppet5

This tells puppet to automatically sign certificate requests for each agent with 'localdomain' domain plus puppet6 and puppet5 hosts.

Centos 7

I'll start with Centos 7. Provisioned host will be named as 'puppet7'. Here is the kickstart file: 

[hasul@kra html]$ cat ks-puppet7.cfg
#version=RHEL7
# System authorization information
auth --enableshadow --passalgo=sha512

# Use network installation
url --url="http://ftp.linux.cz/pub/linux/centos/7/os/x86_64"
repo --name="puppetlabs-products"  --baseurl=http://yum.puppetlabs.com/el/7/products/x86_64
repo --name="puppetlabs-deps"  --baseurl=http://yum.puppetlabs.com/el/7/dependencies/x86_64

# Run the Setup Agent on first boot
firstboot --enable
ignoredisk --only-use=vda
# Keyboard layouts
keyboard --vckeymap=us --xlayouts='us'
# System language
lang en_US.UTF-8

# Network information
network  --bootproto=dhcp --device=eth0 --ipv6=auto --activate
network  --hostname=puppet7.localdomain
# Root password
rootpw --iscrypted $6$ROabkS5ECgUhFmuo$NcXpLSh7a.F5qV2putPv1s/FOx8gwmZ.JELZLcMrvgeusgSLGR6NhZMmTbLVhw1.n3Db7vj4SsVq19yBPvSp./
# System services
services --enabled=puppet --disabled=chronyd
# System timezone
timezone Europe/Prague --isUtc
# System bootloader configuration
bootloader --location=mbr --boot-drive=vda
autopart --type=lvm
# Partition clearing information
clearpart --all --initlabel --drives=vda
text
shutdown 

%packages
@core
puppet

%end

One thing I need to do by hand is to append ks=http://192.168.122.1/ks_file.cfg to kernel boot options. This can be avoided by using pxe boot or using custom installation iso image.

After succesfull installation I can see in puppet log that basic module was applied: 

[root@puppet7 ~]$ systemctl status puppet
puppet.service - Puppet agent
   Loaded: loaded (/usr/lib/systemd/system/puppet.service; enabled)
   Active: active (running) since Tue 2014-08-26 15:07:50 CEST; 1min 53s ago
 Main PID: 1333 (puppet)
   CGroup: /system.slice/puppet.service
           \-1333 /usr/bin/ruby /usr/bin/puppet agent --no-daemonize

Aug 26 15:09:34 puppet7.localdomain useradd[10716]: new user: name=vajko, UID=1221, GID=1221, home=/home/vajko, shell=/bin/bash
Aug 26 15:09:34 puppet7.localdomain useradd[10716]: add 'vajko' to group 'powerusers'
Aug 26 15:09:34 puppet7.localdomain useradd[10716]: add 'vajko' to shadow group 'powerusers'
Aug 26 15:09:34 puppet7.localdomain puppet-agent[2475]: (/Stage[main]/Basic/User[vajko]/ensure) created
Aug 26 15:09:34 puppet7.localdomain puppet-agent[2475]: (/Stage[main]/Basic/File[/home/vajko/.bashrc]/content) content changed '{md5}2f8222b4f275c4f18e69c34f66d2631...c3651a172'
Aug 26 15:09:34 puppet7.localdomain puppet-agent[2475]: (/Stage[main]/Basic/File[/home/vajko/.bashrc]/mode) mode changed '0644' to '0660'
Aug 26 15:09:34 puppet7.localdomain puppet-agent[2475]: (/Stage[main]/Basic/Ssh_authorized_key[me@kra.localdomain4vajko]/ensure) created
Aug 26 15:09:34 puppet7.localdomain puppet-agent[2475]: (/Stage[main]/Basic/File[/root/.vim/plugin]/ensure) created
Aug 26 15:09:34 puppet7.localdomain puppet-agent[2475]: (/Stage[main]/Basic/File[comments-plugin]/ensure) defined content as '{md5}83925d5459bb4e033f2773ee3d4fd85e'
Aug 26 15:09:34 puppet7.localdomain puppet-agent[2475]: Finished catalog run in 90.55 seconds

Centos 6

Centos 6 host will be named as puppet6. It will be installed with following kickstart configuration: 

[hasul@kra images]$ cat /var/www/html/ks-puppet6.cfg 
# Kickstart file automatically generated by anaconda.

#version=DEVEL
install
url --url=http://ftp.linux.cz/pub/linux/centos/6.5/os/x86_64
lang en_US.UTF-8
keyboard us
network --onboot yes --device eth0 --bootproto dhcp --noipv6 --hostname puppet6
rootpw  --iscrypted $6$PG6wsc8nHMNPMlGD$WsjAzDjWASELLY8zyNfetBknkGgYEF9MFIV/8AvOPSkWAdMOD.FPGXHinGNK1rj7X/FotEzXg9rGmbRWzadxP/
firewall --service=ssh
authconfig --enableshadow --passalgo=sha512
selinux --permissive
timezone --utc Europe/Prague
bootloader --location=mbr --driveorder=vda --append="crashkernel=auto"
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
clearpart --linux --drives=vda


part /boot --fstype=ext4 --size=500
part pv.253002 --grow --size=1
volgroup vg_puppet6 --pesize=4096 pv.253002
logvol / --fstype=ext4 --name=lv_root --vgname=vg_puppet6 --grow --size=1024 --maxsize=51200
logvol swap --name=lv_swap --vgname=vg_puppet6 --grow --size=300 --maxsize=300

repo --name="CentOS"  --baseurl=http://ftp.linux.cz/pub/linux/centos/6.5/os/x86_64 --cost=100
repo --name="puppetlabs-products"  --baseurl=http://yum.puppetlabs.com/el/6/products/x86_64
repo --name="puppetlabs-deps"  --baseurl=http://yum.puppetlabs.com/el/6/dependencies/x86_64

text
poweroff
services --enabled puppet

%packages --nobase
@core
puppet
%end

Puppet agent has applied the catalog: 

[root@puppet6 ~]$ grep puppet-agent /var/log/messages 
.
.
.
Aug 26 16:15:12 puppet6 puppet-agent[1144]: (/Stage[main]/Basic/Ssh_authorized_key[me@kra.localdomain4root]/ensure) created
Aug 26 16:15:12 puppet6 puppet-agent[1144]: (/Stage[main]/Basic/Host[proxy.autocont.cz]/ensure) created
Aug 26 16:15:12 puppet6 puppet-agent[1144]: (/Stage[main]/Basic/File[/root/.bashrc]/content) content changed '{md5}c36f10fd0ff59c3bcce088d7a7a6c410' to '{md5}43a8e13b9b7a5e748ae8789c3651a172'
Aug 26 16:15:12 puppet6 puppet-agent[1144]: (/Stage[main]/Basic/File[/root/.bashrc]/mode) mode changed '0644' to '0660'
Aug 26 16:15:12 puppet6 puppet-agent[1144]: (/Stage[main]/Basic/Group[powerusers]/ensure) created
Aug 26 16:15:12 puppet6 puppet-agent[1144]: (/Stage[main]/Basic/Yumrepo[epel]/ensure) created
Aug 26 16:15:35 puppet6 puppet-agent[1144]: (/Stage[main]/Basic/Package[tree]/ensure) created
Aug 26 16:15:37 puppet6 puppet-agent[1144]: (/Stage[main]/Basic/Package[bash-completion]/ensure) created
Aug 26 16:15:38 puppet6 puppet-agent[1144]: (/Stage[main]/Basic/Package[wget]/ensure) created
Aug 26 16:15:59 puppet6 puppet-agent[1144]: (/Stage[main]/Basic/Package[vim-enhanced]/ensure) created
Aug 26 16:15:59 puppet6 puppet-agent[1144]: (/Stage[main]/Basic/File[vim-config]/content) content changed '{md5}a350a86ba75d8da0d3ae5ad4d49ce60d' to '{md5}2d932152e2a2659805bfda707b909605'
Aug 26 16:15:59 puppet6 puppet-agent[1144]: (/Stage[main]/Basic/File[/root/.vim]/ensure) created
Aug 26 16:16:00 puppet6 puppet-agent[1144]: (/Stage[main]/Basic/Package[telnet]/ensure) created
Aug 26 16:16:00 puppet6 puppet-agent[1144]: (/Stage[main]/Basic/Group[vajko]/ensure) created
Aug 26 16:16:00 puppet6 puppet-agent[1144]: (/Stage[main]/Basic/User[vajko]/ensure) created
Aug 26 16:16:00 puppet6 puppet-agent[1144]: (/Stage[main]/Basic/File[/home/vajko/.bashrc]/content) content changed '{md5}f119c865306c35e64eb00f65d7279664' to '{md5}43a8e13b9b7a5e748ae8789c3651a172'
Aug 26 16:16:00 puppet6 puppet-agent[1144]: (/Stage[main]/Basic/File[/home/vajko/.bashrc]/mode) mode changed '0644' to '0660'
Aug 26 16:16:00 puppet6 puppet-agent[1144]: (/Stage[main]/Basic/Ssh_authorized_key[me@kra.localdomain4vajko]/ensure) created
Aug 26 16:16:00 puppet6 puppet-agent[1144]: (/Stage[main]/Basic/File[/root/.vim/plugin]/ensure) created
Aug 26 16:16:00 puppet6 puppet-agent[1144]: (/Stage[main]/Basic/File[comments-plugin]/ensure) defined content as '{md5}83925d5459bb4e033f2773ee3d4fd85e'
Aug 26 16:16:00 puppet6 puppet-agent[1144]: Finished catalog run in 48.69 seconds

Centos 5

Puppet5 is name of Centos 5 virtual host. Kickstart follows: 

# Kickstart file automatically generated by anaconda.

install
url --url http://ftp.linux.cz/pub/linux/centos/5.10/os/x86_64
lang en_US.UTF-8
keyboard us
network --device eth0 --bootproto dhcp --hostname puppet5
rootpw --iscrypted $1$hSjiB7cU$2Fyzsu/H95nv2JbPZKy9Z1
firewall --enabled --port=22:tcp
authconfig --enableshadow --enablemd5
selinux --enforcing
timezone --utc Europe/Prague
bootloader --location=mbr --driveorder=vda
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
clearpart --linux --drives=vda
part /boot --fstype ext3 --size=100 --ondisk=vda
part pv.7 --size=0 --grow --ondisk=vda
volgroup VolGroup00 --pesize=32768 pv.7
logvol swap --fstype swap --name=LogVol01 --vgname=VolGroup00 --size=512 --grow --maxsize=1024
logvol / --fstype ext3 --name=LogVol00 --vgname=VolGroup00 --size=1024 --grow

repo --name="puppetlabs-products"  --baseurl=http://yum.puppetlabs.com/el/5/products/x86_64
repo --name="puppetlabs-deps"  --baseurl=http://yum.puppetlabs.com/el/5/dependencies/x86_64

text
services --enabled puppet
poweroff

%packages
@core
puppet

After installation it is working like a charm: 

[root@puppet5 ~]# tail /var/log/messages 
Aug 27 16:19:40 puppet5 puppet-agent[2580]: (/Stage[main]/Basic/File[vim-config]/content) content changed '{md5}2b81d91c540af772b554c6d363eff0bb' to '{md5}2d932152e2a2659805bfda707b909605'
Aug 27 16:19:40 puppet5 puppet-agent[2580]: (/Stage[main]/Basic/File[/root/.vim]/ensure) created
Aug 27 16:19:40 puppet5 puppet-agent[2580]: (/Stage[main]/Basic/Group[vajko]/ensure) created
Aug 27 16:19:41 puppet5 puppet-agent[2580]: (/Stage[main]/Basic/User[vajko]/ensure) created
Aug 27 16:19:41 puppet5 puppet-agent[2580]: (/Stage[main]/Basic/File[/home/vajko/.bashrc]/content) content changed '{md5}f119c865306c35e64eb00f65d7279664' to '{md5}43a8e13b9b7a5e748ae8789c3651a172'
Aug 27 16:19:41 puppet5 puppet-agent[2580]: (/Stage[main]/Basic/File[/home/vajko/.bashrc]/mode) mode changed '0644' to '0660'
Aug 27 16:19:41 puppet5 puppet-agent[2580]: (/Stage[main]/Basic/Ssh_authorized_key[me@kra.localdomain4vajko]/ensure) created
Aug 27 16:19:41 puppet5 puppet-agent[2580]: (/Stage[main]/Basic/File[/root/.vim/plugin]/ensure) created
Aug 27 16:19:41 puppet5 puppet-agent[2580]: (/Stage[main]/Basic/File[comments-plugin]/ensure) defined content as '{md5}83925d5459bb4e033f2773ee3d4fd85e'
Aug 27 16:19:41 puppet5 puppet-agent[2580]: Finished catalog run in 40.18 seconds

Next time I'll try to improve provisioning with pxeboot.

Sources

Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)