Monday, October 24, 2016

automate web server deployment with puppet

*** term
- puppet-master: the server that store all configurations
- puppet-agent: the server that will draw configuration from master, so if the master designates it to be a webserver, it will become one

*** setup information
puppet-mater: hostname: master1
                         ip: 192.168.202.242
puppet-agent1: hostname client1
                         ip: 192.168.202.243
puppet-agent2: hostname client2
                         ip: 192.168.202.249

the configuration below will use name instead of ip address, so you have to edit hosts file or name server to map the ip addresses to the correct hostnames



*** on pupper-master
1- install packages
$ sudo apt-get install  puppet-master puppet-module-puppetlabs-apache

2- update puppet configuration file,
[main]
ssldir = /var/lib/puppet/ssl
server = master1

[master]
vardir = /var/lib/puppet
cadir  = /var/lib/puppet/ssl/ca
dns_alt_names = puppet


- restart puppet master service
$ sudo  /etc/init.d/puppet-master restart

3- create manifest for client1 and client2, for deploying webserver
$ sudo mkdir  /etc/puppet/code/environments/production/manifests/

- create file /etc/puppet/code/environments/production/manifests/client1-webserver.pp with the following content

node 'client1', 'client2' {
  class { 'apache': }             # use apache module
  apache::vhost { 'webserver.test':  # define vhost resource
    port    => '80',
    docroot => '/var/www/html'
  }

file {'/var/www/html/index.html':                                            # resource type file and filename
  ensure  => present,                                               # make sure it exists
  mode    => '0644',                                                # file permissions
  content => "this webserver is deployed by puppet",  # note the ipaddress_eth0 fact
}

}
node default {}



4- apply the above manifest to catalog
$ puppet apply /etc/puppet/code/environments/production/manifests/client1-webserver.pp



*** on client
 1- install packages
$ sudo apt-get install  puppet-agent puppet-module-puppetlabs-apache

2- update puppet configuration file,
[main]
ssldir = /var/lib/puppet/ssl
server = master1

[master]
vardir = /var/lib/puppet
cadir  = /var/lib/puppet/ssl/ca
dns_alt_names = puppet


- restart puppet master service
$ sudo  /etc/init.d/puppet-agent restart


*** finalize it

1- after puppet-agent restart it will sent certificate to master to master have to approve it first

- list all certificate
$ puppet cert list --all 
   "client2" (SHA256) 01:2C:60:DF:40:FA:40:90:39:77:E9:31:76:BE:9F:4F:C2:62:3F:A6:78:0E:A8:90:27:85:80:64:DA:3A:62:19
+ "client1" (SHA256) 7E:7E:C3:0E:3C:D0:56:34:64:55:15:BE:4C:88:DE:B4:98:DE:78:D5:BE:66:DC:E6:E2:78:D0:A8:EC:03:8C:83


- there's no plus (+) sign on "client2", so you have to sign it
$ puppet cert sign client2

2- on client we can use the following command to test
$ puppet agent --test
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for client1
Info: Applying configuration version '1477308382'
Notice: Applied catalog in 0.29 seconds




3- the client will periodically (30 min) retrieve the configuration from master and adjust its setting to what we have configure on the master, but you also can apply the catalog right away after we have updated on master with the following command
$ sudo  puppet catalog apply --terminus rest

- snapshot of the web server that we deploy using puppet


No comments:

Post a Comment