четверг, 23 января 2014 г.

Provision new server with Puppet: preparation

In this first note I want to share my experience about using Puppet for setting up a server.

What should you have before we start? Yes, a server of course. I have one. I also have a root access to it and this is enough to get started. Operating system in my case is Ubuntu 12.04. but most of our code should works on other Linux distros (probably with minor modifications).

My goal is to configure the server with minimum manual intervention. I will try to do most of the job only with Puppet. So, let's start.

We can't use Puppet right now, because it's not installed. Installation process is easy and you also can find detailed explanation on the Puppet site.

I decide to install it as deb package with help from apt. But. I really like automation, so I do it with the following shell script:

After running install-puppet.sh script (as a root user) you will have puppet on your machine.

Next step is to try to run it. Let's do it. Hold on! We will run it also via the script. Why? Because our puppet command has a few arguments and we don't want to type it each time. Even if you smart enough (like me) and use Ctrl+r, our script will be still helpful, because it has a short name and save you from remembering all of the parameters. Look at it:

$ ./apply.sh

Isn't it's easy? Or if you want to run puppet in debug mode:

$ ./apply.sh --debug

The code of the script:

Put it near the install-puppet.sh

As you can see puppet use my/manifests/site.pp file as main manifest, as an entry point, therefore create this file with all intermediate directories.

But what we will put on it? I suggest to create an unprivileged user for the beginning. Later on, we will grant special access and will use this user as replacement of root account.

Hm. I also suggest to don't mix all of the configuration in the one manifest and use separate modules from the first steps. So, my site.pp will be looks like this:

I also created file server.pp inside my/modules/my/manifests:

And finally my/modules/my/manifests/server/user.pp:

Most of the attributes should be easy to guess. Of course you should change user's login and my name in comment. I need to set shell explicitly because by default it wasn't a bash (it's surprised me). managehome attribute asks puppet to create home directory for us.

Let's run it!

./apply.sh --noop

Yes, first time just run it in demo mode when puppet won't create or change anything. We just need to be sure that we haven't any errors that we may did.
If there is no errors, run it without --noop flag:


Congratulations! At this point you should have puppet installed on your system. Also we did something real — we created unprivileged user.

In next part we'll configure sudo to give more privileges to our user.

The full code of can be found on GitHub repository. Especially in 1916302209 commit.

Комментариев нет:

Отправить комментарий