This knowledge base has moved to the documentation site. Please visit the knowledge base here for the most up to date content. This site is no longer maintained.

[RETIRED]: Puppet: Setting up a Basic Lab

Follow

This article outlines the process for managing a switch using Puppet in a lab environment, where the lab is stored on a physical server or virtual machine.

Environment

  • Cumulus Linux 2.5.z only

Note: To use Puppet with Cumulus Linux 3.y.z, use the native Puppet agent.

Requirements

  • One switch running Cumulus Linux (2.5.z version), called switch1
  • A server or virtual machine running Debian, with a basic installation (default packages only), called server1

You'll set up:

  • DHCP
  • DNS
  • Puppet master

Network addresses:

  • 192.168.0.0/24
  • 192.168.0.1, the existing gateway
  • 192.168.0.2, server1
  • 192.168.0.100 - 200, DHCP

 

  • domain example.com
  • server1.example.com

Configuring server1

  1. Confirm /etc/hosts contains:
    127.0.1.1 server1.example.com server1
  2. Install the required packages:
    root@server:~# apt-get install isc-dhcp-server bind9 bind9-host puppetmaster
  3. Assign the static IP address 192.168.0.2 to server1. Edit /etc/network/interfaces so it looks like:
    auto lo
    iface lo inet loopback

    auto eth0
    iface eth0 inet static
        address 192.168.0.2
        netmask 255.255.255.0
        gateway 192.168.0.1
  4. Configure the DHCP scope. Edit /etc/dhcp/dhcpd.conf and add this to the file:
    subnet 192.168.0.0 netmask 255.255.255.0 {
        range 192.168.0.100 192.168.0.200
        option routers 192.168.0.1;
        option domain-name-server 192.168.0.2;
        option domain-name "example.com";
    }
  5. Create an example.com zone file /etc/bind/db.example.com:

    $TTL 604800
    @ IN SOA server1.example.com. hostmaster.example.com. (
        1 ; Serial
        604800 ; Refresh
        86400 ; Retry
        2419200 ; Expire
        604800 ) ; Negative Cache TTL
     ;
     @ IN NS server1.example.com.
     server1 IN A 192.168.0.2
     puppet IN CNAME server1.example.com.
  6. Add an entry for the example.com zone into /etc/bind/named.conf.local:

    zone "example.com" {
         type master;
         file "/etc/bind/db.example.com";
    };
  7. Update the DNS resolver settings for the server in /etc/resolv.conf:

    domain example.com
    search example.com
    nameserver 127.0.0.1
  8. Restart server1.
  9. Confirm that name resolution for the example.com zone is working:
    root@server:~# host server1.example.com
    server1.example.com has address 192.168.0.2

    root@server:~# host puppet.example.com
    puppet.example.com is an alias for server1.example.com.
    server1.example.com has address 192.168.0.2
  10. Verify that external resolution is also working:
    root@server:~# host repo.cumulusnetworks.com
    repo.cumulusnetworks.com is an alias for RepoLoadBalancer-1976282915.us-east-1.elb.amazonaws.com.
    RepoLoadBalancer-1976282915.us-east-1.elb.amazonaws.com has address 23.21.204.116
  11. Check that the certificates for the Puppet master are present, as fingerprints will differ per installation:
    root@server:~# puppet cert list —all
     + "server1.example.com" (15:FC:1E:7D:CD:8A:C5:80:1E:1D:16:E5:D4:2B:9D:35) (alt names: "DNS:puppet", "DNS:server1.example.com", "DNS:server1.example.com")
  12. Note: this step depends on your version of Puppet here we show the step for older versions of Puppet prior to 3.0, if you're using a later version update the settings as prescribed by Puppet documentation here
    Allow Puppet clients on the local subnet to use the Puppet file server. Edit /etc/puppet/fileserver.conf:
  13. [files]
    path = /etc/puppet/files
    allow 192.168.0.0/24
    [plugins]
    allow 192.168.0.0/24
  14. Enable certificate auto signing. Create /etc/puppet/autosign.conf:
    *.example.com
  15. Restart Puppet Master sudo service puppetmaster restart

Setting Up the Puppet Master Test Configuration

Replace the message of the day on the switches.

Create the directory: mkdir /etc/puppet/files

Create a file on master to be copied by Puppet, /etc/puppet/files/motd:

    Hello world!

Create a manifest file, /etc/puppet/manifests/site.pp:

node default {
if $operatingsystem == "CumulusLinux" {
include switchbase
}
} class switchbase {
include motd
} class motd {
file { "/etc/motd":
owner => root,
group => root,
source => "puppet:///files/motd"
} }

Configuring the Switch

  1. Power up the switch and connect the management interface to same L2 segment as server1.
  2. Change the name of the switch. Add the following to /etc/hostname:
    switch1
  3. Also, add the following to /etc/hosts:
    127.0.0.1 switch1
  4. Log in and confirm the switch has received a DHCP address within 192.168.0.0/24:
    root@switch1:~# ip addr show eth0
     2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
     link/ether 44:38:39:00:1a:6b brd ff:ff:ff:ff:ff:ff
     inet 192.168.0.100/24 brd 192.168.0.255 scope global eth0
     inet6 fe80::4638:39ff:fe00:1a6b/64 scope link
     valid_lft forever preferred_lft forever
  5. Confirm you can ping the server by IP address:
    root@switch1:~# ping 192.168.0.2
     PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.
     64 bytes from 192.168.0.2: icmp_req=1 ttl=64 time=0.547 ms
     64 bytes from 192.168.0.2: icmp_req=2 ttl=64 time=0.316 ms
  6. Also verify you can ping the server by name:
    root@switch1:~$ ping server1.example.com
     PING server1.example.com (192.168.0.1) 56(84) bytes of data.
     64 bytes from server1.example.com (192.168.0.1): icmp_req=1 ttl=56 time=0.580 ms
     64 bytes from server1.example.com (192.168.0.1): icmp_req=2 ttl=56 time=0.412 ms
  7. Install the Puppet client on the switch:
    root@switch1:~$ apt-get install puppet
  8. Edit the Puppet default configuration to enable the agent in /etc/default/puppet:
     # Defaults for puppet - sourced by /etc/init.d/puppet
     # Start puppet on boot?
     START=yes
     # Startup options
     DAEMON_OPTS=""
  9. Restart the Puppet agent:
    root@switch1:~# /etc/init.d/puppet restart
     Restarting puppet agent.

    The agent will now exchange certificates with the Puppet master and auto signing will take place. This may take up to a minute.
  10. Confirm on the server that a new certificate for switch1 is present:
    root@server:~# puppet cert list —all
     + "server1.example.com" (15:FC:1E:7D:CD:8A:C5:80:1E:1D:16:E5:D4:2B:9D:35)
    (alt names: "DNS:puppet", "DNS:server1.example.com", "DNS:server1.example.com") 
     + "switch1.example.com" (3E:B4:ED:64:98:3C:86:30:74:F8:93:24:CD:A6:BD:86)
  11. On the switch, log out of the console and log in again. The message of the day will be updated:
    switch1 login: root
     Password:
     Last login: Tue Oct 29 16:48:04 UTC 2013 on ttyS0

     Hello World!
    root@switch1 :~#

Comments

This support portal has moved

Cumulus Networks is now part of the NVIDIA Networking Business Unit! The NVIDIA Cumulus Global Support Services (GSS) team has merged its operations with the NVIDIA Mellanox support services team.

You can access NVIDIA Cumulus support content from the Mellanox support portal.

You open and update new cases on the Mellanox support portal. Any previous cases that have been closed have been migrated to the Mellanox support portal.

Cases that are still open on the Cumulus portal will continue to be managed on the Cumulus portal. Once these cases close, they will be moved to the Mellanox support portal.

Powered by Zendesk