opendev/system-config
Code Issues Proposed changes
008fb47583
system-config/doc/puppet.rst
Monty Taylor 90531483b0 Merge in docs from openstack-ci. 
Change-Id: I49f71f8118e45f28d4b777ddc9588b8e30151d79
2012-05-15 17:23:46 -04:00

3.1 KiB
Raw Blame History

Puppet Master

Overview

Instead of using a cron job, StackForge uses a puppet master to host the puppet manifests and modules. The other nodes then connect to this as puppet agents to get their configuration.

Puppet Master

The puppet master is setup using a combination of Apache and mod passenger to ship the data to the clients. To install this:

sudo apt-get install puppet puppetmaster puppetmaster-passenger

Note that this may break the first time round due to not-so-perfect packaging involved. You will also need to stop the puppetmaster service and edit the /etc/defaults/puppetmaster file to change START=no. Puppetmaster needs to run first because it creates the SSL CA used to sign puppet agents (the passenger service does not do this).

This should then allow you to start apache2 which in turn will automatically manage the puppet master.

Files for puppet master are stored in /etc/puppet with the subdirectories manifests and modules being the important ones. In StackForge we have a root cron job that automatically populates these from our puppet git repository as follows:

*/15 * * * * sleep $((RANDOM\%600)) && cd /srv/openstack-ci-puppet && /usr/bin/git pull -q  && cp /srv/openstack-ci-puppet/manifests/users.pp /etc/puppet/manifests/ && cp /srv/openstack-ci-puppet/manifests/stackforge.pp /etc/puppet/manifests/site.pp && cp -a /srv/openstack-ci-puppet/modules/ /etc/puppet/

Adding a node

On the new server connecting to the puppet master:

sudo apt-get install puppet

Then edit the /etc/default/puppet file to look like this:

# Defaults for puppet - sourced by /etc/init.d/puppet

# Start puppet on boot?
START=yes

# Startup options
DAEMON_OPTS="--server puppet.stackforge.org"

You can then start the puppet agent with:

sudo service puppet start

Once the node has started it will make a request to the puppet master to have its SSL cert signed. On the puppet master:

sudo puppet cert list

You should get a list of entries similar to the one below:

review.novalocal       (44:18:BB:DF:08:50:62:70:17:07:82:1F:D5:70:0E:BF)

If you see the new node there you can sign its cert on the puppet master with:

sudo puppet cert sign review.novalocal

Now that it is signed the puppet agent will execute any instructions for its node on the next run (default is every 30 minutes). You can trigger this earlier by restarting the puppet service on the new node.

Important Notes

  1. The hostname of the nodes must match the the forward looking for the DNS. For example the server pointed to with the DNS entry jenkins.stackforge.org must have the hostname jenkins.stackforge.org otherwise the SSL signing or standard run will fail.
  2. Make sure the site manifest does not include the puppet cron job, this conflicts with puppet master and can cause issues. The initial puppet run that create users should be done using the puppet agent configuration above.