This article outlines the process for managing a switch using Puppet in a lab environment, where the lab is stored on a physical server or virtual machine.
Environment
- Cumulus Linux 2.5.z only
Note: To use Puppet with Cumulus Linux 3.y.z, use the native Puppet agent.
Requirements
- One switch running Cumulus Linux (2.5.z version), called switch1
- A server or virtual machine running Debian, with a basic installation (default packages only), called server1
You'll set up:
- DHCP
- DNS
- Puppet master
Network addresses:
- 192.168.0.0/24
- 192.168.0.1, the existing gateway
- 192.168.0.2, server1
- 192.168.0.100 - 200, DHCP
- domain example.com
- server1.example.com
Configuring server1
- Confirm
/etc/hostscontains:127.0.1.1 server1.example.com server1 - Install the required packages:
root@server:~# apt-get install isc-dhcp-server bind9 bind9-host puppetmaster - Assign the static IP address 192.168.0.2 to server1. Edit
/etc/network/interfacesso it looks like:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.0.2
netmask 255.255.255.0
gateway 192.168.0.1 - Configure the DHCP scope. Edit
/etc/dhcp/dhcpd.confand add this to the file:
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.100 192.168.0.200
option routers 192.168.0.1;
option domain-name-server 192.168.0.2;
option domain-name "example.com";
} -
Create an example.com zone file
/etc/bind/db.example.com:$TTL 604800
@ IN SOA server1.example.com. hostmaster.example.com. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS server1.example.com.
server1 IN A 192.168.0.2
puppet IN CNAME server1.example.com. -
Add an entry for the example.com zone into
/etc/bind/named.conf.local:zone "example.com" {
type master;
file "/etc/bind/db.example.com";
}; -
Update the DNS resolver settings for the server in
/etc/resolv.conf:domain example.com
search example.com
nameserver 127.0.0.1 - Restart server1.
- Confirm that name resolution for the example.com zone is working:
root@server:~# host server1.example.com
server1.example.com has address 192.168.0.2
root@server:~# host puppet.example.com
puppet.example.com is an alias for server1.example.com.
server1.example.com has address 192.168.0.2 - Verify that external resolution is also working:
root@server:~# host repo.cumulusnetworks.com
repo.cumulusnetworks.com is an alias for RepoLoadBalancer-1976282915.us-east-1.elb.amazonaws.com.
RepoLoadBalancer-1976282915.us-east-1.elb.amazonaws.com has address 23.21.204.116 - Check that the certificates for the Puppet master are present, as fingerprints will differ per installation:
root@server:~# puppet cert list —all
+ "server1.example.com" (15:FC:1E:7D:CD:8A:C5:80:1E:1D:16:E5:D4:2B:9D:35) (alt names: "DNS:puppet", "DNS:server1.example.com", "DNS:server1.example.com") - Note: this step depends on your version of Puppet here we show the step for older versions of Puppet prior to 3.0, if you're using a later version update the settings as prescribed by Puppet documentation here
Allow Puppet clients on the local subnet to use the Puppet file server. Edit/etc/puppet/fileserver.conf: -
[files]
path = /etc/puppet/files
allow 192.168.0.0/24
[plugins]
allow 192.168.0.0/24 - Enable certificate auto signing. Create
/etc/puppet/autosign.conf:
*.example.com
- Restart Puppet Master
sudo service puppetmaster restart
Setting Up the Puppet Master Test Configuration
Replace the message of the day on the switches.
Create the directory: mkdir /etc/puppet/files
Create a file on master to be copied by Puppet, /etc/puppet/files/motd:
Hello world!
Create a manifest file, /etc/puppet/manifests/site.pp:
node default {
if $operatingsystem == "CumulusLinux" {
include switchbase
}
}
class switchbase {
include motd
}
class motd {
file { "/etc/motd":
owner => root,
group => root,
source => "puppet:///files/motd"
}
}
Configuring the Switch
- Power up the switch and connect the management interface to same L2 segment as server1.
- Change the name of the switch. Add the following to
/etc/hostname:
switch1
- Also, add the following to
/etc/hosts:
127.0.0.1 switch1
- Log in and confirm the switch has received a DHCP address within 192.168.0.0/24:
root@switch1:~# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 44:38:39:00:1a:6b brd ff:ff:ff:ff:ff:ff
inet 192.168.0.100/24 brd 192.168.0.255 scope global eth0
inet6 fe80::4638:39ff:fe00:1a6b/64 scope link
valid_lft forever preferred_lft forever - Confirm you can ping the server by IP address:
root@switch1:~# ping 192.168.0.2
PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.
64 bytes from 192.168.0.2: icmp_req=1 ttl=64 time=0.547 ms
64 bytes from 192.168.0.2: icmp_req=2 ttl=64 time=0.316 ms - Also verify you can ping the server by name:
root@switch1:~$ ping server1.example.com
PING server1.example.com (192.168.0.1) 56(84) bytes of data.
64 bytes from server1.example.com (192.168.0.1): icmp_req=1 ttl=56 time=0.580 ms
64 bytes from server1.example.com (192.168.0.1): icmp_req=2 ttl=56 time=0.412 ms - Install the Puppet client on the switch:
root@switch1:~$ apt-get install puppet
- Edit the Puppet default configuration to enable the agent in
/etc/default/puppet:
# Defaults for puppet - sourced by /etc/init.d/puppet
# Start puppet on boot?
START=yes
# Startup options
DAEMON_OPTS="" - Restart the Puppet agent:
root@switch1:~# /etc/init.d/puppet restart
Restarting puppet agent.
The agent will now exchange certificates with the Puppet master and auto signing will take place. This may take up to a minute. - Confirm on the server that a new certificate for switch1 is present:
root@server:~# puppet cert list —all
+ "server1.example.com" (15:FC:1E:7D:CD:8A:C5:80:1E:1D:16:E5:D4:2B:9D:35)
(alt names: "DNS:puppet", "DNS:server1.example.com", "DNS:server1.example.com")
+ "switch1.example.com" (3E:B4:ED:64:98:3C:86:30:74:F8:93:24:CD:A6:BD:86) - On the switch, log out of the console and log in again. The message of the day will be updated:
switch1 login: root
Password:
Last login: Tue Oct 29 16:48:04 UTC 2013 on ttyS0
Hello World!
root@switch1 :~#
Comments