Toolserver:Admin:Puppet
This page was moved from the Toolserver wiki.
Toolserver has been replaced by Toolforge. As such, the instructions here may no longer work, but may still be of historical interest.
Please help by updating examples, links, template links, etc. If a page is still relevant, move it to a normal title and leave a redirect.
Puppet is a configuration engine for hosts. It uses a definition of how each host should be configured, and changes the host until it matches the desired configuration. We use Puppet for distributing configuration files, installing (and upgrading) software, and enabling services. Puppet runs on the Toolserver:Admin:Solaris systems.
Puppet consists of two parts, the puppetmaster which runs on a single server and serves the configuration information, and puppetd which runs on each host and applies the configuration. The puppetmaster runs on hemlock under the svc:/network/puppetmasterd:default
SMF service. Its configuration is in /etc/puppet
.
Puppet normally runs from cron on each host every 60 minutes. If you want to force a run before then (e.g. to test configuration changes), run /opt/ts/sbin/puppetd -t
on the host where the config should be updated.
Editing configuration files
[edit]Most configuration files are in /etc/puppet/modules/<modules>/files/
. Basic configuration files are in the base
module. Other modules contains task-specific configuration files. Note that there might be several copies of one configuration file, usually one in base
and one in an overriding module.
When you edit a configuration file, remember it will be propagated to every host. Don't put host-specific things in it.
The Puppet configuration is stored in SVN. When you change anything, run 'svn commit' to commit your changes. The repository is public, so do not save private files in /etc/puppet/
, but in /etc/puppet.secret/
. Also, remember to open a MNT issue for every change if there is no TS-bug yet.
Installing software
[edit]Puppet handles installing software. Before configuring the software to be installed, you should build a package, probably using pkgbuild. Then edit the appropriate software cluster manifest; these are stored under /global/misc/puppet/etc/modules/software/manifests
. For software that should be installed on every host, add it to misc_std
. For login servers only, add it to misc_user
. Do not include the "TS" prefix; the Puppet configuration will add it automatically.
(Re-)Adding a server to puppet
[edit]- Delete the servername.pem at
/etc/puppet/ssl/ca/signed/
on the puppet-master if present. - Restart the puppet-master-service
svc:/network/puppetmasterd:default
on the puppet-master. - Install the puppet-client on the client (
puppet
on Debian). - Run
puppetd --server puppet.toolserver.org --test
on the client (that will output some warnings, but no errors). - Run
puppetca -la
on the puppet-master. That will show the new client name (either as only output or different from the other servers). - Run
puppetca --sign
on the puppet-master. - Run
puppetd --server puppet.toolserver.org --test
on the client.