Tip:
Highlight text to annotate it
X
Hi everybody!
This is Gary Larriza with Puppet Labs
and today we're actually going to show you and walk you through the process of
installing our Puppet Enterprise product
Puppet Enterprise itself is composed of
the agent piece, the Puppet Enterprise console
and the Puppet Master component but also Live Management and a wrapper
for MCollective
so right now in front of me
I have a CentOS VM (Virtual Machine), CentOS 5
and I'm going to walk through the entire process
I'm currently in the root directory
and you notice there's a tarball here
that we've downloaded from Puppetlabs.com
I've expanded that out with tar -xzf
and then the name of the tarball
and it's actually created this directory here
I did also create a symlink that's why there's two there
Let's go ahead and open up this directory here
and let me show you everything that comes in our Puppet Enterprise tarball.
So we have three main scripts that will facilitate the process of installing,
upgrading,
and then removing the Puppet Enterprise product.
Those would be the Puppet Enterprise installer
the uninstaller
and the upgrader scripts.
Now we also have a support script so in case you're running into problems
and you need to contact us for support
that script will get inventory items on your machine,
just basic pieces of information, store it
in a tarball that it drops into, I believe, /var/tmp/
and so you can check that out first
see what it saved, and then forward it on to us
for more information.
One big note, though, about the installation is
you definitely need to make sure that on your machine
you can resolve DNS
forward and back.
this VM is called demo.puppetlabs.vm
If I ping demo.puppetlabs.vm
I get a response. That's extremely important because at a certain step in the
installation process
we try to connect to
that machine
to check the console, and if DNS isn't working
you're going to get errors.
So first and foremost we've got that set up.
Now, the Puppet Enterprise installer allows for an interactive installation
process. You can just run it,
it will ask you questions,
and then proceed install Puppet Enterprise.
But we actually want to create an answers file:
that way we can automate this installation in the future
and also just have a script
of what exactly was installed.
The way that you do that
is to (since I'm in the same directory I'm going to call it a Puppet Enterprise Installer script)
but pass the -s argument
this stands for Save an Installer Answer Script
and then I'm going to give it a name.
This name is up to you;
I'm just going to call it answers.txt
and we'll hit Enter and start the process.
So first and foremost you can see that it's asking whether or not we want to
install the Puppet Master service.
In this case I will,
so I'm going to choose YES.
The default of course up here is NO, so be aware of that.
Next is the Puppet Enterprise Cloud Provisioner.
So the Cloud Provisioner allows you to spin up and new nodes in EC2 based on AMIs
or new nodes in VSphere based on templates.
It's a good thing to have that on your master, or machine that would be
able to contact
EC2 or your VSphere environment,
it's not necessary for your nodes.
I will just say YES to allow that.
From there we have the Puppet Enterprise console. The Puppet Enterprise console
is basically our GUI, our view
into classifying nodes and viewing reports.
It also contains the Live Management pane which is the GUI into MCollective
for automatic discovery of your nodes
and then we also have the compliance module inside the Enterprise console.
We do want that installed.
Since we are a master this defaults to y for YES but I'm just going to put a
y there and hit enter regardless.
Now we're going to set up the Puppet agent,
so we need to choose a certname.
The certname is how Puppet
knows the node, so when the node checks in
it's the name that it's registering with Puppet,
but also fundamentally
it's the name that's set up
on the SS Lcertificate
on the agent side.
Puppet uses two way SSL certificates communication. There's a master certificate,
and also a client certificate
so it's very important to choose a certname here that will not
change because if you do change the certname at a later date
the name of the certificate you got from the master will now be invalid,
and public communication will cease to work,
you'll basically have to generate a new certificate.
By default it's going to try and query DNS
and resolve the fully qualified domain name of the machine.
This is correct so I'm going to accept
the default and just hit Enter.
Now for the Puppet Master.
On the Master side the Master certificate needs to use
a name, of course, a certname
but also it has the ability to use what's called DNS aliases. These will go in
the X509 open SSL search
it's a comma-serperated value, so basically if this machine is known as
demo.puppetlabs.vm but also is known as
puppet.puppetlabs.vm
It will respond and basically generate certificates that will be valid no
matter what name you use
to contact this machine, so it's important that you use all the CNAMEs for which
this machine will be contacted.
This list is perfectly fine in my case, so I'm going to accept the default.
Now we have the admin email address. This is used for role based authentication control
or RBAC
so by default
it uses whatever email address you use here as the first username
for the RBAC module
and then later we'll supply a password. This e-mail address does not have to resolve
so I'm just going to say admin@puppetlabs.com
It asks me for a password, it's minimum of eight characters
It is the only password for which we require a complexity of eight characters.
I'm going to use 'puppetlabs'.
Next - the Puppet Enterprise console uses a MYSQL database server as a backend
to store all of its reports
and node information.
So, it's one of the few pieces that we actually require your local package
repository system
to provide a package for MYSQL server; it's one of the packages we don't vendor and ship
with the Puppet Enterprise tarball.
So, it needs to set up a new database server…have no fear, this will get
setup underneath opt puppet
and because I'm installing the console the default is y. I'm going to accept the
default the answer of YES
to setup a new database server.
It needs a root user account
and it needs a root password, so I'm going to choose a password of 'puppet' since that's
pretty secure and no one will ever guess that.
We'll type in the confirmation password
and it asks for an SMTP server because once you set up RBAC,
after you have the first user installed, for any additional users
we're going to need to send them out a confirmation email,
and so it needs an SMTP server to relay that email message.
I'm going to use SMTP@gmail.com just for that.
It's basically a step in the process to create a new RBAC user,
send an email so that they can check off
and validate their user account through
a link that they click on,
and then the user will be set up.
The console database name default is 'console', I will accept that.
The database user is 'console' I'll accept that, that's basically the database name
and the username for all of the console purposes.
The password for console I will just use 'puppet' and again I will confirm that.
Next is the console_auth database. This is the database specifically for RBAC,
whereas console was for
all your note information reports,
So, the role-based authentication control information will be stored in this database.
I'm going to accept
the default of console_auth
the same for the user
for console_auth
and type in a password - I'll just use 'puppet' in this case.
Now, I mentioned that there were certain packages that we didn't ship
with Puppet Enterprise.
Some of these packages are because we chose the
Cloud Provisioner piece
We do require the JRE
that is greater than or equal to 1.6.0
so this is one package that you may want to do on your own. If you're using
the open JDK ensure that
1.6.0 or greater has been installed
and then of course MYSQL in MYSQL-server.
I'm going to accepted the fault of Y
to automatically install these packages.
Next, because the Puppet and Facter binaries are installed in /opt/puppet/bin
/opt/puppet/bin
we're going to create symbolic links
in /user/local/bin
and I'll accept the default choice of doing that
and then finally accept and confirm
that we are installing all four of these components on this machine.
Now it doesn't actually perform the installation because we're just saving
an answers file
and you'll notice here that answers.txt has been generated.
So, let's take a look at what answers.txt looks like.
It is just plaintext
so you do have the ability to go in and correct any errors that you might have
made during the question-and-answer segment.
There IS one thing that I'm going to change.
So, I set up the q_puppetagent_certname question
and used demo.puppetlabs.vm
this is one thing that is very likely to change between your nodes
and one easy way of automating this process is
you can use backticks (' ')
and use any shell command here
for example 'hostname --fqdn'
and that during the installation process we will execute that command
and whatever is returned
will become the answer for this question.
Now if you're running Red Hat or Debian 'hostname --fqdn' will get the fully
qualified domain name
however beware that on Solaris 10
this will set the hostname on your machine to be --fqdn
So, if you're using Solaris you might want to just use 'hostname'
and that's the only change I'm going to make to this file,
so I will save that and close,
and now we can facilitate the installation process
by just calling the installer.
This time with the -a argument
with the -a argument we'll pass
answers.txt
which the file we just created
and we just inspected and changed
and let's go ahead and hit Enter and start the installation process.
It breezes through the questions that we've already provided answers for,
and then it starts the yum process to install the packages that
we didn't vendor
with Puppet.
So, it's gotten through all of those packages,
and installed them,
and now it starts installing the packages that we've vendored with Puppet Enterprise.
Those packages will begin with 'pe'
They also include specific ruby gems we require,
the core pieces of Puppet,
and any other dependencies.
The Puppet Enterprise installation process will put all of this
under /opt/puppet so we're vendoring it away from your machine
so that we don't stomp on your machine's HTTP or your machine's Ruby
or any other things that you may have already installed
on this machine, be it VM or physical.
At this process it sets up the components
and this is one key step of setting up the console.
If we cannot resolve
that DNS name
that we had provided for the server
you're going to have errors
and there will be an error thrown in the script and the script will stop.
So, if you get an error at this point,
it's very important to check DNS,
Make sure that you can resolve the server name that you have provided
in the answer file.
Next, we're going to start up
the HTTP server for the Puppet Master
and the Enterprise console.
One difference with Puppet Enterprise
is that we rack up our puppet service through Passenger on Apache so that it's
set up for scale.
We don't use the built-in WEBrick
that ships with the open source.
So that's why the master services started
under service called pe-httpd
and that's in /opt/puppet as well.
The final step in this process
is to actually set up MCollective
Mcollective is the project on which live management lives
and that is basically
using a message Q like ActiveMQ
to facilitate communication for actions in agents
between the client and the server.
You'll notice we've completed, step five is done,
we've installed Puppet Enterprise. It informs you that Puppet Enterprise has been
installed under /opt/puppet
the configuration files are in /etc/puppetlabs
and also in a directory called puppet
and that an answers file has actually been saved
in the same directory called
./answers.lastrun.demo.puppetlabs.vm
Incidentally we also save another file in /etc/puppetlabs/installer
called answers.install
this file
has all of the passwords redacted
so if you ever need to send us an answers file that shows how you've
installed puppet and you don't want to redact the password yourself
we've already provided that
and /etc/puppetlabs/installer
So that's great piece of information that we can use if you ever need help.
The final piece in the puzzle is to contact
demo.puppetlabs.vm at port 443
which we can do right now.
We do self sign our certificates, so you will have to
add an exception for that or proceed anyway
and you'll get greeted with our role based authentication control panel
immediately
now, because I had previously logged in
it understood and recognized my credentials,
but if you did not,
initially you will get this screen.
We can say admin@puppetlabs.com
and then using the password of 'puppet labs'
we can successfully login
and there's our Puppet Enterprise console.
We have our one node that we've set up
automatically set up with the inventory service so there's all of our Facter facts
that we've discovered in the first run
and then Live Management has also been set up
so that we should be able to discover just one node (that's the node that we
installed as of right now)
and that we can now start using Live Management to do queries for resources,
or even control Puppet.
And that's it! That's the installation process.
Stay tuned - we'll have future videos targeting troubleshooting any steps that
you might have encountered
and helping you get set up with Puppet Enterprise. So from here,
thanks for joining
good luck
and happy puppetizing!