Documentation | Community | Downloads

[RETIRED]: Puppet: Setting up a Basic Lab

Avatar
Peter Bratach
Follow

This article outlines the process for managing a switch using Puppet in a lab environment, where the lab is stored on a physical server or virtual machine.

Environment

  • Cumulus Linux 2.5.z only

Note: To use Puppet with Cumulus Linux 3.y.z, use the native Puppet agent.

Requirements

  • One switch running Cumulus Linux (2.5.z version), called switch1
  • A server or virtual machine running Debian, with a basic installation (default packages only), called server1

You'll set up:

  • DHCP
  • DNS
  • Puppet master

Network addresses:

  • 192.168.0.0/24
  • 192.168.0.1, the existing gateway
  • 192.168.0.2, server1
  • 192.168.0.100 - 200, DHCP

 

  • domain example.com
  • server1.example.com

Configuring server1

  1. Confirm /etc/hosts contains:
    127.0.1.1 server1.example.com server1
  2. Install the required packages:
    root@server:~# apt-get install isc-dhcp-server bind9 bind9-host puppetmaster
  3. Assign the static IP address 192.168.0.2 to server1. Edit /etc/network/interfaces so it looks like:
    auto lo
    iface lo inet loopback

    auto eth0
    iface eth0 inet static
        address 192.168.0.2
        netmask 255.255.255.0
        gateway 192.168.0.1
  4. Configure the DHCP scope. Edit /etc/dhcp/dhcpd.conf and add this to the file:
    subnet 192.168.0.0 netmask 255.255.255.0 {
        range 192.168.0.100 192.168.0.200
        option routers 192.168.0.1;
        option domain-name-server 192.168.0.2;
        option domain-name "example.com";
    }

  5. Create an example.com zone file /etc/bind/db.example.com:

    $TTL 604800
    @              IN     SOA  server1.example.com. hostmaster.example.com. (
                          1        ; Serial
                          604800   ; Refresh
                          86400    ; Retry
                          2419200  ; Expire
                          604800 ) ; Negative Cache TTL
     ;
     @             IN     NS       server1.example.com.
     server1       IN     A        192.168.0.2
     puppet        IN     CNAME    server1.example.com.

  6. Add an entry for the example.com zone into /etc/bind/named.conf.local:

    zone "example.com" {
         type master;
         file "/etc/bind/db.example.com";
    };

  7. Update the DNS resolver settings for the server in /etc/resolv.conf:

    domain example.com
    search example.com
    nameserver 127.0.0.1
  8. Restart server1.
  9. Confirm that name resolution for the example.com zone is working:
    root@server:~# host server1.example.com
    server1.example.com has address 192.168.0.2

    root@server:~# host puppet.example.com
    puppet.example.com is an alias for server1.example.com.
    server1.example.com has address 192.168.0.2
  10. Verify that external resolution is also working:
    root@server:~# host repo.cumulusnetworks.com
    repo.cumulusnetworks.com is an alias for RepoLoadBalancer-1976282915.us-east-1.elb.amazonaws.com.
    RepoLoadBalancer-1976282915.us-east-1.elb.amazonaws.com has address 23.21.204.116
  11. Check that the certificates for the Puppet master are present, as fingerprints will differ per installation:
    root@server:~# puppet cert list —all
     + "server1.example.com" (15:FC:1E:7D:CD:8A:C5:80:1E:1D:16:E5:D4:2B:9D:35) (alt names: "DNS:puppet", "DNS:server1.example.com", "DNS:server1.example.com")
  12. Note: this step depends on your version of Puppet here we show the step for older versions of Puppet prior to 3.0, if you're using a later version update the settings as prescribed by Puppet documentation here
    Allow Puppet clients on the local subnet to use the Puppet file server. Edit /etc/puppet/fileserver.conf:
  13. [files]
    path = /etc/puppet/files
    allow 192.168.0.0/24
    [plugins]
    allow 192.168.0.0/24
  14. Enable certificate auto signing. Create /etc/puppet/autosign.conf:
    *.example.com
  15. Restart Puppet Master sudo service puppetmaster restart

Setting Up the Puppet Master Test Configuration

Replace the message of the day on the switches.

Create the directory: mkdir /etc/puppet/files

Create a file on master to be copied by Puppet, /etc/puppet/files/motd:

    Hello world!

Create a manifest file, /etc/puppet/manifests/site.pp:

node default {
 if $operatingsystem == "CumulusLinux" {
 include switchbase
  }
}
class switchbase {
 include motd
}
class motd {
 file { "/etc/motd":
 owner => root,
 group => root,
 source => "puppet:///files/motd"
 }
}

Configuring the Switch

  1. Power up the switch and connect the management interface to same L2 segment as server1.
  2. Change the name of the switch. Add the following to /etc/hostname:
    switch1
  3. Also, add the following to /etc/hosts:
    127.0.0.1 switch1
  4. Log in and confirm the switch has received a DHCP address within 192.168.0.0/24:
    root@switch1:~# ip addr show eth0
     2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
     link/ether 44:38:39:00:1a:6b brd ff:ff:ff:ff:ff:ff
     inet 192.168.0.100/24 brd 192.168.0.255 scope global eth0
     inet6 fe80::4638:39ff:fe00:1a6b/64 scope link
     valid_lft forever preferred_lft forever
  5. Confirm you can ping the server by IP address:
    root@switch1:~# ping 192.168.0.2
     PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.
     64 bytes from 192.168.0.2: icmp_req=1 ttl=64 time=0.547 ms
     64 bytes from 192.168.0.2: icmp_req=2 ttl=64 time=0.316 ms
  6. Also verify you can ping the server by name:
    root@switch1:~$ ping server1.example.com
     PING server1.example.com (192.168.0.1) 56(84) bytes of data.
     64 bytes from server1.example.com (192.168.0.1): icmp_req=1 ttl=56 time=0.580 ms
     64 bytes from server1.example.com (192.168.0.1): icmp_req=2 ttl=56 time=0.412 ms
  7. Install the Puppet client on the switch:
    root@switch1:~$ apt-get install puppet
  8. Edit the Puppet default configuration to enable the agent in /etc/default/puppet:
     # Defaults for puppet - sourced by /etc/init.d/puppet
     # Start puppet on boot?
     START=yes
     # Startup options
     DAEMON_OPTS=""
  9. Restart the Puppet agent:
    root@switch1:~# /etc/init.d/puppet restart
     Restarting puppet agent.

    The agent will now exchange certificates with the Puppet master and auto signing will take place. This may take up to a minute.
  10. Confirm on the server that a new certificate for switch1 is present:
    root@server:~# puppet cert list —all
     + "server1.example.com" (15:FC:1E:7D:CD:8A:C5:80:1E:1D:16:E5:D4:2B:9D:35) 
       (alt names: "DNS:puppet", "DNS:server1.example.com", "DNS:server1.example.com") 
     + "switch1.example.com" (3E:B4:ED:64:98:3C:86:30:74:F8:93:24:CD:A6:BD:86)
  11. On the switch, log out of the console and log in again. The message of the day will be updated:
    switch1 login: root
     Password:
     Last login: Tue Oct 29 16:48:04 UTC 2013 on ttyS0

     Hello World!
    root@switch1 :~#
Have more questions? Submit a request

Comments

Powered by Zendesk