- Join the #ramp-up channel on Puppet Community Slack
- Before starting
- What you get from this control-repo
- How to set it all up
Our Puppet Community Slack is a great way to interact with other Puppet users. The #ramp-up channel is specifically for users who are new to Puppet Enterprise and using this repository. Other channels in the Puppet Community Slack are great for asking general Puppet questions.
This control-repo and the steps below are intended to be used with a new installation of PE as well as example of a working control-repo architecture.
Warning: When using an existing PE installation any existing code or modules in /etc/puppetlabs/code
will be copied to a backup directory /etc/puppetlabs/code_bak_<timestamp>
in order to allow deploying code from Code Manager.
When you finish the instructions below, you will have the beginning of a best practices installation of PE including:
- A Git server
- The ability to push code to your Git server and have it automatically deployed to your PE master
- A config_version script that outputs the most recent SHA of your code each time you run
puppet agent -t
- Optimal tuning of PE settings for this configuration
- On a new server, install GitLab.
- After GitLab is installed, sign into the web UI with the user
root
.
- The first time you visit the UI it will force you to enter a password for the
root
user.
- In the GitLab UI, create a group called
puppet
.
-
In the GitLab UI, make yourself a user to edit and push code.
-
From your laptop or development machine, make an SSH key and link it with your GitLab user.
- Note: The SSH key allows your laptop to communicate with the GitLab server and push code.
- https://help.github.com/articles/generating-ssh-keys/
- http://doc.gitlab.com/ce/ssh/README.html
- In the GitLab UI, add your user to the
puppet
group.
- You must give your user at least master permissions to complete the following steps.
- Read more about permissions:
-
In the GitLab UI, create a project called
control-repo
and set its Namespace to thepuppet
group. -
On your laptop, clone this PuppetLabs-RampUpProgram control repo.
git clone https://github.com/PuppetLabs-RampUpProgram/control-repo.git
cd control-repo
- On your laptop, remove the origin remote.
git remote remove origin
- On your laptop, add your GitLab repo as the origin remote.
git remote add origin <SSH URL of your GitLab repo>
- On your laptop, push the production branch of the repo from your machine up to your Git server.
git push origin production
Coming soon!
Coming soon!
- Download the latest version of the PE installer for your platform
- SSH into your Puppet master and copy the installer tarball into
/tmp
- Expand the tarball and
cd
into the directory - Run
puppet-enterprise-installer
to install
If you run into any issues or have more questions about the installer you can see our docs here:
http://docs.puppetlabs.com/pe/latest/install_basic.html
At this point you have our control-repo code deployed into your Git server. However, we have one final challenge: getting that code onto your Puppet master. In the end state the master will pull code from the Git server via Code Manager, however, at this moment your Puppet master does not have credentials to get code from the Git server.
We will set up a deploy key in the Git server that will allow an SSH key we make to deploy the code and configure everything else.
- On your Puppet master, make an SSH key for r10k to connect to GitLab
mkdir /etc/puppetlabs/puppetserver/ssh
/usr/bin/ssh-keygen -t rsa -b 2048 -C 'code_manager' -f /etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa -q -N ''
cat /etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa.pub
- References:
- In the GitLab UI, create a deploy key on the
control-repo
project
- Paste in the public key from above
- Login to the PE console
- Navigate to the Nodes > Classification page
- Click on the PE Infrastructure group
- Click on the PE Master group
- Click the Configuration tab
- In the
puppet_enterprise::profile::master
class parameters- Set the
r10k_remote
to the SSH URL from the front page of your GitLab repo - Set the
r10k_private_key
parameter to/etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa
- Set the
- Commit your changes
- On your Puppet master
-
Run:
puppet agent -t puppet access login <PE console login user> -l <lenth to retain token> puppet code deploy production --wait puppet agent -t
- Code Manager is configured and has been used to deploy your code
Independent of which Git server you choose you will grab the webhook URL from your master. Then each Git Server will have similar but slightly different ways to add the webhook.
- On your Puppet master
cat /etc/puppetlabs/puppetserver/.puppetlabs/webhook_url.txt
- In your Git server's UI, navigate to the control-repo repository
- In the left hand pane, scroll to the bottom and select settings
- In the left hand pane, select webhooks
- Paste the above webhook URL into the URL field
- In the trigger section mark the checkbox for push events only
- Disable SSL verification on the webhook
- Since Code Manager uses a self-signed cert from the Puppet CA it is not generally trusted
- After you created the webhook use "test webhook" or similar functionality to confirm it works
One of the components setup by this control-repo is that when you "push" code to your Git server, the git server will inform the Puppet master to deploy the branch you just pushed.
- On your Puppet Master,
tail -f /var/log/puppetlabs/puppetserver/puppetserver.log
. - On your laptop in a separate terminal window:
-
Add a new file
touch test_file git add test_file git commit -m "adding a test_file" git push origin production
- Allow the push to complete and then wait a few seconds for everything to sync over.
- On your Puppet Master,
ls -l /etc/puppetlabs/code/environments/production
.- Confirm test_file is present
- In your first terminal window review the
puppetserver.log
to see the type of logging each sync will create.
The Roles and Profiles in this repo are usable examples. Some of the code has been commented out to protect the inocent but the examples sound. Please review the following README's for a more detailed description of the examples.
- The role and profile patern (method for naming and suggestions for hierachy) are only examples and suggestions.
- Some of the Windows profiles may not totally work due to depencies.
- Software download locations
- Method for package install ie (chocolatey, or wmi, etc.) are not specified.