linux configuration management utilizing puppet
TRANSCRIPT
Linux Configuration Management Utilizing PuppetMark Stanislav <[email protected]>
Test-Bed Environment
• MacBook Pro - 2.5GHz Intel Core 2 Duo with 4GB RAM
• Mac OS 10.6
• VMWare Fusion 3.1.0
• Internal VM network environment
Servers Deployed
Hostname IP Address RAM Purpose
puppet 172.16.172.3 512MB Puppet Master
monitor 172.16.172.4 256MB Munin/Nagios
syslog 172.16.172.5 128MB Centralized Syslog
sql 172.16.172.6 128MB Dedicated MySQL
web 172.16.172.7 128MB Dedicated Apache
ldap 172.16.172.8 128MB OpenLDAP
All guest virtual machines are CentOS 5.5 x86_64
19 Puppet Modules CreatedModule Purpose Module Purpose
bind DNS Server ntp NTP Time Syncronizationforeman Puppet Dashboard postfix Localhost SMTP
httpd Apache Webserver puppet Puppet Master/Clientsldap LDAP Server/Clients rkhunter Root kit/File Integrity
logwatch Log Report Summary ssh OpenSSH Server/Clientsmcollective Multiple Host Execution stunnel stunnel Server/Clients
munin System Metric Baseline sudo sudomysql SQL Database syslog rsyslog Server/Clientsnagios Host/Service Monitoring yum Yum Repositoriesnrpe Nagios Host-Client
CentOS Puppet Client Configuration Steps• rpm -Uvh http://download.fedora.redhat.com/pub/epel/5Server/x86_64/epel-release-5-3.noarch.rpm
• yum install puppet
• Edit /etc/puppet/puppet.conf with the following contents:
• Edit /etc/hosts with the following contents:
• service puppet start && chkconfig puppet on
• puppetca --sign <hostname>.nita.local (Executed on Puppet Master)
• puppetd -t
[main] pluginsync = true vardir = /var/lib/puppet logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl factpath = $vardir/lib/facter reports = log, foreman
[puppetd] catalog_format=marshal report = true runinterval = 3000 classfile = $vardir/classes.txt localconfig = $vardir/localconfig
127.0.0.1 localhost.localdomain localhost <hostname> <hostname>.nita.local172.16.172.3 puppet puppet.nita.local
Major Successes• Automated configuration/maintaining of six disparate server hosts
• Creation of 19 modules; 18 of which were implemented fully
• rsyslog + stunnel for secure centralized logging of all servers
• Automatic host creation for Nagios and Munin with custom metrics/checks
• Webserver running WordPress with MySQL backend between two hosts + phpMyAdmin
• Logwatch & rkhunter daily e-mail reporting for integrity checks
• Foreman web management of Puppet with e-mail reporting
• Mercurial repository with HgWebdir web frontend
• LDAP server + client configuration with phpLDAPAdmin web frontend
Failures/Issues
• Unable to easily support 6 virtual machines on host environment leading to latent deployment of files from the Puppet Master to hosts
• Burdensome configuration adjustments needed to support more than one OS. Original efforts to support CentOS & Debian proved overtly difficult
• LDAP server configuration was less than adequate; did not integrate support for web services
• Module structure was fairly inconsistent going back and forth with changes to modules after more was learned each time
Screenshots
• The following screenshots depict various applications and servers running as they were deployed by Puppet
• Nagios has a large amount of alerts/errors/pending due to issues with maintaining all six VMWare hosts online at one time
• No configuration was done manually outside of a Puppet module
VMWare Fusion Guests
Puppet Servers w/ hostname + important processes + uname -a
rsyslog centralized logs
mcollective commands executed
Foreman Web Inteface to Puppet
Mecurial + HgWebdir
Munin
Nagios
WordPress
phpMyAdmin
phpLDAPAdmin