ic_banknote_smile_128ic_business_128ic_checkmark_128ic_client_team_manager_128ic_code_file_128ic_code_files_128ic_corporate_cloud_platforms_128ic_crossplatform_apps_128ic_developer_128ic_development_team_128ic_enterprise_128ic_faster_timeframe_128ic_graph_down_128ic_information_finder_128ic_junior_developer_128ic_managed_team_128ic_message_128ic_mobile_app_startups_128ic_mobile_development_128ic_mobile_development_up_128ic_mobile_devices_128ic_multiplatform_128ic_multiplatform_white_128ic_pricetag_128ic_project_checklist_128ic_project_management_128ic_project_management_team_128ic_research_and_development_team_128ic_scalable_team_128ic_senior_developer_128ic_smaller_codebase_128ic_smaller_price_128ic_startup_128ic_team_manager_128ic_three_times_faster_128K&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxArrow_Dropdownic_001_google+_16ic_002_xing_16Group 2ic_003_facebook_16ic_004_linkedIn_16Groupic_005_message_16ic_006_upload_16ic_007_remove_16ic_008_email_16ic_009_attachment_16ic_010_file_16ic_011_name_16ic_012_arrow_left_16ic_013_arrow_right_16ic_014_arrow_down_16ic_015_arrow_up_16ic_016_dropdown_arrow_down_16ic_016_dropdown_arrow_leftic_016_dropdown_arrow_rightic_017_K&C_dropdown_arrow_up_16ic_018_language_16ic_019_Quote_16ic_020_+_16ic_021_=_16ic_022_phone_16ic_023_twitter_16ic_024_position_16ic_025_company_16ic_026_search_16ic_027_mobile_16ic_028_fax_16ic_029_location_16ic_030_enlarge_16ic_031_downscale_16ic_032_contactic_download_normal_16pxic_033_skype_16ic_006_download_16 copyic_Interest_based_64ic_acrivate_card_64ic_api_client_64ic_application_architecture_64ic_application_architecture_ white_64ic_application_development_user_64ic_arrow_down_64ic_automated_backups_64ic_automated_infrastructure_provisioning_64ic_automated_infrastructure_provisioning_white_64ic_automated_storage_64ic_automated_storage_64ic_automation_64ic_avaliability_across_the_world_64ic_avaliability_across_the_world_white_64ic_brackets_64ic_brackets_64ic_build_64ic_build_64ic_business_64ic_business_partnership_64ic_business_partnership_white_64ic_business_64ic_calculator_64ic_calendar_64ic_car_rent_64ic_card_renewal_64ic_chat_64ic_chat_bubbles_64ic_chat_bubbles_64ic_chat_white_64ic_checklist_64ic_checkmark_64ic_checkmark_white_64ic_clock_64ic_clock_white_64ic_cloud_media_64ic_cluster_64ic_cluster_white_64ic_code_base_optimization_64ic_coding_64ic_coding_white_64ic_commenting_widget_64ic_commenting_widget_64ic_containers_64ic_containers_white_64ic_continious_64ic_continious_delivery_64ic_continious_delivery_white_64ic_continious_release_64ic_continious_release_white_64ic_continious_white_64ic_cost_saving_64ic_cost_saving_white_64ic_cpu_load_64ic_credit_card_64ic_crossplatform_app_development_64ic_crossplatform_app_development_white_64ic_custom_crm_64ic_custom_crm_64ic_independence_consulring_64ic_database_calls_64ic_database_calls_white_64ic_dedicated_teams_64ic_dedicated_teams_64ic_desktop_application_user_64ic_desktop_application_user_64ic_desktop_code_64ic_desktop_code_white_64ic_developer_64ic_developer_white_64ic_development_64ic_devops_64ic_documents_64ic_documents_graph_64ic_documents_graph_white_64ic_documents_white_64ic_download_presentation_64ic_education_64ic_email_open_64ic_email_open_white_64ic_environment_healthcheckic_euro_64ic_euro_white_64ic_failure_solved_64ic_globe_outlines_64ic_good_quality_64ic_high_load_websites_64ic_high_load_websites_white_64ic_hotel_booking_64ic_inability_64ic_inability_white_64ic_increase_64ic_increasing_team_64ic_independence_64ic_integration_64ic_it_outsourcing_64ic_it_outsourcing_64ic_knowledge_sharing_64ic_mobile_devices_64ic_laptop_user_64ic_laptop_user_64ic_launch_64ic_launch_white_64ic_learning_64ic_learning_two_white_64ic_lighthouse_64ic_link_64ic_load_balancer_64ic_load_balancer_64ic_load_card_64ic_lock_64ic_lock_white_64ic_low_cost_64ic_low_load_websites_64ic_maintenance_tools_64ic_maintenance_tools_white_64ic_media_player_64ic_messaging_platforms_64ic_microservice_architecture_64ic_microservices_64ic_microservices_64ic_mobile_app_64ic_mobile_content_64ic_mobile_development_64ic_mobile_development_white_64ic_mobile_devices_64ic_mobile_devices_white_64ic_mobile_payments_64ic_mobile_social_media_applications_64ic_mobile_workflows_64ic_money_transfers_64ic_multimedia_sharing_64ic_multimedia_sharing_white_64ic_my_garage_64ic_no_access_64ic_no_access_white_64ic_no_oldschool_64ic_online_marketplaces_64ic_online_trading_64ic_pair_device_64ic_parallels_64ic_parallels_white_64ic_passcode_64ic_performance_64ic_performance_issues_64ic_performance_issues_white_64ic_performance_white_64ic_plane_64ic_plane_white_64ic_plus_64ic_pricetags_64ic_product_64ic_product_search_64ic_product_white_64ic_productivity_tools_64ic_productivity_tools_64ic_project_delivery_64ic_project_delivery_white_64ic_project_management_64ic_project_management_collaboration_64ic_project_management_team_64ic_project_risks_reduced_64ic_quality_mark_64ic_quality_mark_white_64ic_question_64ic_react_native_64ic_response_time_64ic_response_time_white_64ic_rest_api_64ic_retail_64ic_transparency_consulting_64ic_scale_up_64ic_scale_up_white_64ic_self_healing_64ic_self_healing_64 copyic_send_money_64ic_server_64ic_server_white_64ic_shopping_64ic_sleep_mode_64ic_small_is_beautiful_64ic_smaller_price_64ic_social_benefits_64ic_social_connections_64ic_socket_64ic_spare_parts_for_cars_64ic_spare_parts_for_cars_white_64ic_speedometer_64ic_performance_consulting_64ic_speedometer_white_64ic_startup_64ic_target_64ic_team_64ic_testing_64ic_testing_checklist_64ic_testing_checklist_64ic_testing_white_64ic_three_times_faster_64ic_touch_64ic_touch_id_64ic_touch_white_64ic_transparency_64ic_ui_design_desktop_64ic_ui_design_mobile_64ic_ui_design_mobile_white_64ic_umbrella_64ic_umbrella_white_64ic_up_and_down_scaling_64ic_up_and_down_scaling_64ic_users_64ic_users_white_64ic_ux_design_64ic_ux_design_desktop_64ic_ux_design_white_64ic_vehicle_64ic_web_based_search_64ic_web_based_search_white_64ic_web_browser_code_64ic_web_browser_developer_mode_64ic_web_browser_user_64ic_web_development_64ic_web_development_white_64ic_web_portals_64ic_web_portals_64ic_web_user_64ic_web_user_white64ic_workflow_64ic_workflow_steps_64ic_workflow_steps_white_64ic_workflow_white_64ic_working_environment_64

DevOps with Puppet: Tips on Setting it up for Configuring Servers

Today I will describe briefly how Puppet works, as well as basic configuration and installation of the server and two clients.


Puppet is an open-source configuration management tool that is used for software update and configuration on client servers. With Puppet, going to the servers and updating them manually will no longer be needed, as all you’ll have to do is monitor if the servers are operating correctly.

How we apply Puppet

So, let's begin. We have 3 servers with OS installed. We’re typically using CentOS 6.5.

Installing the server:

Hostname «puppets1»


Connect the repository and update the system. If the repository is outdated, it will update

rpm -ivh http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-7.noarch.rpm
yum update -y

Set up the puppet server

yum install -y puppet-server

Configuration files are called manifests. They can be found in the directory /etc/puppet/manifests


Standard Manifest - site.pp. Puppet searches for it in the first place.

The basic element of the manifest is a resource. A resource is a file, cron task, package, or user service.


Let’s make changes to the file /etc/puppet/manifests/site.pp

file { "/etc/passwd":
owner => "root",
group => "bin",
mode => 644,
}

This resource launches verification of the /etc/passwd file owner, and if it differs from the root, Puppet sets the root user as the owner of the file. The same occurs with the group and permissions.


(node) is the most important element in the configuration file. In a nutshell, it’s the type of the machine where puppet configuration will be deployed.


Here’s an example of NGINX manifest for node server{n} Nginx.pp:

class nginx {
  package { 'nginx':
    ensure => latest
  }
  service { 'nginx':
    ensure => running,
    enable => true,
    require => Package['nginx']
  }
}
node /^server(\d+)$/ {
  include nginx
}

Run puppetmaster:

/etc/init.d/puppetmaster start

Installing and configuring the Puppet client

Hostname «puppet c1»


Set up the repository:

rpm -ivh http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-7.noarch.rpm
yum update -y

Set up the puppet client:

yum install puppet
chkconfig puppet on
service puppet start

Run the command on the client:

puppet agent --server puppets1 --waitforcert 60 --test

Add the node on the server:

puppet cert --list
puppet cert --sign puppetc1

Check if our puppet works on the client:

chmod 777 /etc/passwd
puppet agent --server puppets1 --waitforcert 60 --test

Info: Retrieving pluginfacts

Info: Retrieving plugin

Info: Caching catalog for puppetc2.ln.ua

Info: Applying configuration version ‘1404892414’

Notice: /Stage[main]/Main/File[/etc/passwd]/mode: mode changed ‘0777’ to ‘0644’

Notice: Finished catalog run in 6.15 seconds

Next, let’s edit the site.pp on the server:

node 'puppetc1' {
        include nmap
        include nginx
}
 
 
class nmap {
        package { "nmap":
                ensure => "latest",
        }
}
import '/etc/puppet/manifests/nginx.pp'

On the client, run the command:

puppet agent --server puppets1 --waitforcert 60 --test

Info: Retrieving pluginfacts

Info: Retrieving plugin

Info: Caching catalog for puppetc2.ln.ua

Info: Applying configuration version ‘1404892414’

Notice: /Stage[main]/Nmap/Package[nmap]/ensure: created

Notice: /Stage[main]/Nginx/Package[nginx]/ensure: created

Notice: /Stage[main]/Nginx/Service[nginx]/ensure: ensure changed ‘stopped’ to ‘running’

Info: /Stage[main]/Nginx/Service[nginx]: Unscheduling refresh on Service[nginx] Notice: Finished catalog run in 34.49 seconds

tail /var/log/yum.log

Jul 09 12:47:53 Installed: 2:nmap-5.51-3.el6.x86_64

Jul 09 12:48:07 Installed: nginx-1.0.15-5.el6.x86_64


As we can see, we have two packages set up on the client that we have registered in site.pp.


Now, let’s add a couple of lines in the config file so that we don’t have to run puppet manually:

server=puppets1
node_name=puppetc1
cerntname=puppetc1

Run puppet:

/etc/init.d/puppet start

By default, there is a check with the master every 30 minutes.

Writing manifests and classes

On the server, edit manifests/site.pp

$emailaddress="reports@example.com"
 
import '/etc/puppet/classes/*-class.pp'
import "/etc/puppet/nodes/*.pp"

classes directory - for the location of classes files

nodes directory - for settings files of our server clients

$emailaddress - set the values to send reports by email


Class basic-class.pp: 

class basic-class{
 
        package { "mailx":
                ensure => "latest",
        }
 
	file {'motd':
                ensure  => file,
                path    => '/etc/motd',
                mode    => 0644,
                content => "WARRNING: Welcome to ${fqdn} ( ${operatingsystem} ${operatingsystemrelease} )
          It`s private server. Your login will be registered!
          Have a nice work!
        ",
	}
}

For basic settings, we need the latest version of the mailx package, which we indicate by ensure => latest  We also make changes to the motd file for the salutation after a successful login to the system. Puppet already has in its arsenal such variables as: 


${Fqdn} - Fully Qualified Domain Name of your host

${Operatingsystem} - Defines the version of your operating system. In my case, it’s CentOS

${Operatingsystemrelease} - Defines the version of your operating system. At the moment of finishing this article, I had a version 6.6 system installed.


The next class software-class.pp is required for installation and removal of the needed and not needed packages:

class software {
 
$removepackeges = [ "sendmail", "exim" ]
$installpackeges = [ "nmap", "iptraf", "postfix", "mc", "nano", "sudo" ]
 
 
        package {$removepackeges : ensure => purged, }
        package { $installpackeges :   ensure => "installed", }
}

$Removepackeges - lists the packages for removal

$Installpackeges - lists the packages to be installed


Now let’s view the ssh-config-class.pp class 

class sshdconfig {
        package { "openssh-server":
                ensure => "latest",
                allow_virtual => true,
        }
 
	service { "sshd":
                ensure  => "running",
                enable  => "true",
                require => Package["openssh-server"],
        }
 
	file { "/etc/ssh/sshrc" :
                mode    => 755,
                owner   => "root",
                group   => "root",
                require => Package["openssh-server"],
                source => "puppet:///files/ssh/sshrc",
        }
 
	file { "/etc/ssh/ssh_banner":
                mode    => 644,
                owner   => "root",
                group   => "root",
                require => Package["openssh-server"],
                source => "puppet:///files/ssh/ssh_banner",
        }
 
	file { "/etc/ssh/sshd_config":
                notify  => Service["sshd"],  # this sets up the relationship
                mode    => 600,
                owner   => "root",
                group   => "root",
                require => Package["openssh-server"],
                source => "puppet:///files/ssh/sshd_config",
        }
 
}

In this class, we will:


- Install openssh-server in the package section

- Keep running sshd service that requires an installed openssh-server package

- Copy 3 files from the /files/ssh directory with settings for our ssh server


Now, let’s see the crontab-class.pp class  

class crontab-basic{
 
        package { "cronie":
                ensure => "latest",
        }
 
	file { "/opt/bin/scripts/puppetrun.sh" :
                mode    => 755,
                owner   => "root",
                group   => "root",
                source => "puppet:///files/puppet-agent/puppetrun.sh",
        }
 
	cron { Puppet:
                command => "bash /opt/bin/scripts/puppetrun.sh",
                user    => root,
                hour    => 22,
                minute  => 30,
                environment  => ['PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin', "MAILTO=$emailaddress"],
        }
 
}

In this class, we:


- Set up cronnie if it wasn’t set up yet somehow  

- Download and copy the puppetrun.sh file from the file/puppetagent directory to /opt/bin/scripts directory on our client

- Specify which user will have our script running and when. Also, add the PATH and MAILTO values for cron


Now let’s proceed with the setup of the manifests for our servers. Create nodes/hardnodes.pp file

node /^puppetc\d+$/ {
        include basic-class
        include software
        include sshdconfig
        include crontab-basic
}

Here we have indicated:


* For all servers with the hostname puppetc {1,2,3,4,5 ......} the above-described classes will be applied.


That’s all for now. Stay tuned, I will have more tips for you soon!


SHARE WITH FRIENDS
You might find this interesting
Case Study
Bosch Classic Cars - Digital Engagement Platform for 19K Vintage Car Owners
Case Study
Liferay Portal Performance Tuning Services for a Major Online Gaming Software Supplier
Success Story
Drivelog.de — Web Marketplace for Car Owners and Service Providers
eBook
How to Secure Web Product Development — FREE eBook
Case Study
Portal Performance Tuning For Major German Travel Agency
case study
Micro-service Architecture for New AngularJS Application - Case Study
Success Story
Fast and Lightweight Mobile Application based on PhoneGap/ Cordova
blog post
Centralized Logging with Logstash, Elasticsearch & Kibana
ebook
Top Tools for Cost-Effective Web Development — eBook
Blogpost
How to start services on Linux
Blog Post
Angular 2.0 vs Angular 1.4. What fits you best?
Blog Post
Debunking imaginary shortcomings of cross-platform frameworks
E-book
Determining Approaches to Mobile App Development
Blog post
Cost efficient technologies
Blog post
K&C insights: how to make your workflow work for you
Blog post
Microservices… when do we need them?
Success Story
How to apply React Native while developing heavy cross-platform mobile apps
Success Story
Reformation of Deployment Cycle for Bosch Classic Cars Portal
Article
Test Blog For Production
Blog post
Test article #4
Blog Post
A Guidance for Keeping Your Web Development Project Within the Budget: Three Key Pillars
Blog Post
A secret formula of an agile dream team
Blog Post
Technologies that Foster Digital Transformation
Blog Post
Reasons to believe in Ionic hybrid app
Blog post
Cloud Deployment: Overview of Options
blog post
How We Manage Our Infrastructure with Chef
Blog Post
Dedicated Teams for Web Development: Choice Criteria to be Checked
Blog post
Use case: how to build and run Docker containers with NVIDIA GPUs
blog post
4 Time-Saving Ways to Test Your Cross Platform Mobile App
blog post
Plan to Succeed: 4 Tips for Building Scalable Software
Blog Post
Scaling software solutions - how it works
Blog Post
Agile and DevOps are Key Drivers of Digital Transformation
Blogpost
How to Motivate Your Dedicated Team to Work with Legacy Projects
blog post
Docker: Virtualize Your Development Environment Right
blog post
How to Build a Rancher & Docker Based Cloud
Blog Post
Angular 4 vs React – what to choose in 2017
blog post
How the QA Team Tests Your Project
Blogpost
SEO Tips & Tricks for Single Page Web Applications
Blog post
GoLang: Features, Pros and Cons
blog post
How We Use Ansіble for Configuration of Our Environments
Article
How to Make Your Web Solution Rock: 7 Areas to Check
blog post
When Microservices Help Make Future-Ready Products
Stay tuned!
We'll gladly share fresh blog updates and our best practices to your email.
We protect your data and will notify you on important updates only.