Puppet/fr

Puppet est un système de gestion de configuration écrit en Ruby. Il peut être utilisé pour automatiser le déploiement de machines.

Installation
Puppet est fourni par le paquet. Actuellement, il n'y a pas de distinction entre client et serveur, et l'installation de base est la même pour les deux.

Commencez par installer Puppet avec la commande emerge:

Configuration et mise en place
Puppet est configuré principalement via  dans un format de style  INI. Les commentaires sont indiqués avec un signe (#). Le fichier de configuration est divisé en plusieurs sections, ou blocs :


 * [main] contient les réglages qui agissejnt comme valeurs par défaut dans toutes les parties de Puppet, sauf si vous les redéfinissez dans l'une des sections suivantes :
 * [master] est utilisée pous les réglages qui s'appliquent à Puppetmaster (puppet master), ou l'outil CA(puppet cert)
 * [agent] est utilisé pour des réglages qui s'appliquent à l'agent Puppet (puppet agent)

Une explication plus approfondie, et une liste des blocs suivants utilisés est disponible dans la documentation officielle de Puppet.

Server (Puppetmaster) Setup
The default configuration put by the Ebuild into can be used as-is. For Puppet 2.7.3, the server-related parts look like this:

Setting up the file server
To be able to send files to the clients, the file server has to be configured. This is done in. By default, there are no files being served.

The snippet above sets up a share called files</tt> (remember this identifier, as it will need to be referenced later), looking for files in and only available for hosts with an IP from the 192.168.0.0/24 network. You can use IP addresses, CIDR notation, and host names (including wildcards like *.domain.invalid</tt>) here. The deny</tt> command can be used to explicitly deny access to certain hosts or IP ranges.

Starting the Puppetmaster daemon
With the basic configuration as well as an initial file server configuration, we can start the Puppetmaster daemon using its init script:

During the first start, Puppet generates an SSL certificate for the Puppetmaster host and places it into the ssldir</tt>, as configured above.

It listens on Port 8140/TCP, make sure that there are no firewall rules obstructing access from the clients.

A simple manifest
Manifests, in Puppet's terminology, are the files in which the client configuration is specified. The documentation contains a comprehensive guide about the manifest markup language.

As a simple example, let's create a message of the day (motd) file on the client. On the puppetmaster, create a file inside the files</tt> share created earlier:

Then, we have to create the main manifest file in the manifests</tt> directory. It is called site.pp</tt>:

The default</tt> node (the name for a client) definition is used in case there is no specific node</tt> statement for the host. We use a file</tt> resource and want the file on our clients to contain the same thing as the motd</tt> file in the files</tt> share on the host puppet</tt>. If your puppetmaster is reachable only using another host name, you have to adapt the source</tt> URI accordingly.

Client Configuration
During the first execution of the Puppet agent, you have to wait for your certificate to be signed by the puppetmaster. To request a certificate, and run your first configuration run, execute:

Before the client can connect, you have to authorize the certificate request on the server. Our client should appear in the list of nodes requesting a certificate:

Now, we grant the request:

The client will check every 60 seconds whether its certificate has already been issued. After that, it continues with the first configuration run:

When you're seeing this message, all went well. You can now check the contents of your file on the client:

You can now start the puppet agent as a deamon and have it launch on boot:

Manually generating certificates
To manually generate a certificate, you can use the puppet cert</tt> utility. It will place all generated certificates into the ssldir</tt> as set in the puppet configuration and will sign them with the key of your local Puppet Certificate Authority (CA).

An easy case is the generation of a certificate with only one Common Name:

If you need to have multiple host names the certificate is valid for, use the <tt>--certdnsnames</tt> parameter and separate the additional host names with a colon:

This example will generate a certificate valid for the three listed host names.

Managing slots with puppet
While the default portage provider in puppet does not support slots, a 3rd party plugin is available to enable this functionality in puppet.

External resources

 * Upstream website
 * Puppet Wiki