Update Servers & Workflows/Linux/Automation/Puppet/Puppet Deployment.md
This commit is contained in:
@ -98,10 +98,105 @@ sudo mkdir -p /var/cache/r10k
|
||||
sudo chown -R puppet:puppet /var/cache/r10k
|
||||
```
|
||||
|
||||
### Configure Gitea
|
||||
## Configure Gitea
|
||||
At this point, we need to set up the branches and file/folder structure of the Puppet repository on Gitea.
|
||||
!!! warning "Incomplete"
|
||||
This section needs a copy of all of the folder structure explained, as well as the branch structure, and example files for things like `site.pp`, `environment.conf`, and `init.pp`. That will be added at a later time soon.
|
||||
|
||||
You will make a repository on Gitea with the following files and structure as noted by each file's title. You will make a mirror copy of all of the files below in both the `Production` and `Development` branches of the repository. For the sake of this example, the repository will be located at `https://git.bunny-lab.io/GitOps/Puppet.git`
|
||||
|
||||
!!! example "Example Agent & Neofetch"
|
||||
You will notice there is a section for `fedora.bunny-lab.io` as well as mentions of `neofetch`. These are purely examples in my homelab of a computer I was testing against during the development of the Puppet Server and associated documentation. You can feel free to not include the entire `modules/neofetch/manifests/init.pp` file in the Gitea repository, as well as remove this entire section from the `manifests/site.pp` file:
|
||||
|
||||
``` yaml
|
||||
# Node definition for the Fedora agent
|
||||
node 'fedora.bunny-lab.io' {
|
||||
# Include the neofetch class to ensure Neofetch is installed
|
||||
include neofetch
|
||||
}
|
||||
```
|
||||
|
||||
=== "Puppetfile"
|
||||
|
||||
```json title="Puppetfile"
|
||||
forge 'https://forge.puppet.com'
|
||||
mod 'puppetlabs-stdlib', '9.6.0'
|
||||
mod 'puppetlabs-puppetdb', '8.1.0'
|
||||
mod 'puppetlabs-postgresql', '10.3.0'
|
||||
mod 'puppetlabs-firewall', '8.1.0'
|
||||
mod 'puppetlabs-inifile', '6.1.1'
|
||||
mod 'puppetlabs-concat', '9.0.2'
|
||||
mod 'puppet-systemd', '7.1.0'
|
||||
```
|
||||
|
||||
=== "environment.conf"
|
||||
|
||||
```yaml title="environment.conf"
|
||||
# Specifies the module path for this environment
|
||||
modulepath = modules:$basemodulepath
|
||||
|
||||
# Optional: Specifies the manifest file for this environment
|
||||
manifest = manifests/site.pp
|
||||
|
||||
# Optional: Set the environment's config_version (e.g., a script to output the current Git commit hash)
|
||||
# config_version = scripts/config_version.sh
|
||||
|
||||
# Optional: Set the environment's environment_timeout
|
||||
# environment_timeout = 0
|
||||
```
|
||||
|
||||
=== "site.pp"
|
||||
|
||||
```yaml title="manifests/site.pp"
|
||||
# Node definition for the Puppet Server
|
||||
node 'lab-puppet-01.bunny-lab.io' {
|
||||
|
||||
# Include the puppetdb class with custom parameters
|
||||
class { 'puppetdb':
|
||||
listen_address => '0.0.0.0', # Allows access from all network interfaces
|
||||
}
|
||||
|
||||
# Configure the Puppet Server to use PuppetDB
|
||||
include puppetdb
|
||||
include puppetdb::master::config
|
||||
|
||||
# Ensure the required iptables rules are in place using Puppet's firewall resources
|
||||
firewall { '100 allow Puppet traffic on 8140':
|
||||
proto => 'tcp',
|
||||
dport => '8140',
|
||||
jump => 'accept', # Corrected parameter from action to jump
|
||||
chain => 'INPUT',
|
||||
ensure => 'present',
|
||||
}
|
||||
|
||||
firewall { '101 allow PuppetDB traffic on 8081':
|
||||
proto => 'tcp',
|
||||
dport => '8081',
|
||||
jump => 'accept', # Corrected parameter from action to jump
|
||||
chain => 'INPUT',
|
||||
ensure => 'present',
|
||||
}
|
||||
}
|
||||
|
||||
# Node definition for the Fedora agent
|
||||
node 'fedora.bunny-lab.io' {
|
||||
# Include the neofetch class to ensure Neofetch is installed
|
||||
include neofetch
|
||||
}
|
||||
|
||||
# Default node definition (optional)
|
||||
node default {
|
||||
# This can be left empty or include common classes for all other nodes
|
||||
}
|
||||
```
|
||||
|
||||
=== "init.pp"
|
||||
|
||||
```yaml title="modules/neofetch/manifests/init.pp"
|
||||
class neofetch {
|
||||
package { 'neofetch':
|
||||
ensure => installed,
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
### Storing Credentials to Gitea
|
||||
We need to be able to pull down the data from Gitea's Puppet repository under the root user so that r10k can automatically pull down any changes made to the Puppet environments (e.g. `Production` and `Development`). Each Git branch represents a different Puppet environment. We will use an application token to do this.
|
||||
@ -221,8 +316,8 @@ sudo /usr/local/bin/r10k deploy environment -p
|
||||
#sudo /usr/local/bin/r10k deploy environment development -p
|
||||
```
|
||||
|
||||
## Apply PuppetDB Configuration to Puppet Server
|
||||
At this point, we are going to deploy the configuration from Gitea to the Puppet Server so it installs PuppetDB automatically.
|
||||
## Apply Configuration to Puppet Server
|
||||
At this point, we are going to deploy the configuration from Gitea to the Puppet Server itself so it installs PuppetDB automatically as well as configures firewall ports and other small things to functional properly. Once this is completed, you can add additional agents / managed devices and they will be able to communicate with the Puppet Server over the network.
|
||||
``` sh
|
||||
sudo /opt/puppetlabs/bin/puppet agent -t
|
||||
```
|
||||
Reference in New Issue
Block a user