- Join The #ramp-up Channel on Puppet Community Slack
- Before Starting
- What You Get From This control-repo
- How To Set It All Up
- Updating From a Previous Version of PE
- Appendix
Our Puppet Community Slack is a great way to interact with other Puppet users. The #ramp-up channel is specifically for users talking about starting with PE and using this repository.
Other channels in the Puppet Community Slack are great for asking general Puppet questions as well.
This control repo and the steps below are intended to be used during a new installation of PE.
The instructions are geared towards a new installation of PE2015.3.z. However, the control-repo should work just fine on PE2015.2.z
If you intend to use this control-repo on an existing installation then be warned that if you've already written or downloaded modules when you start using r10k it will remove all of the existing modules and replace them with what you define in your Puppetfile. Please copy or move your existing modules to another directory to ensure you do not lose any work you've already started.
As a result of following the instructions below you will receive the beginning of a best-practices installation of PE including...
- A git server
- The ability to push code to your git server and have it automatically deployed to your PE Master
- A config_version script to output the commit of code that your agent just applied
- Optimal tuning of PE settings for this configuration
- Working and example roles/profiles code
- On a new server, install Gitlab
-
After Gitlab is installed you may sign into the web UI with the
rootuser and password5iveL!fe -
In the Gitlab UI, make a user for yourself
-
From your laptop or development machine, make an ssh key to link with your user.
- Note: this is used for your laptop to communicate with your gitlab server to push code
- https://help.github.com/articles/generating-ssh-keys/
- http://doc.gitlab.com/ce/ssh/README.html
- In the Gitlab UI, create a group called
puppet( this is case sensitive )
- In the Gitlab UI, add your user to the
puppetgroup
- Make sure to give your user at least master permissions so you can complete the below steps
- Read more about permissions:
-
In the Gitlab UI, create a project called
control-repoand set the Namespace to be thepuppetgroup -
On your laptop, clone this github control repository
git clone <repository url>cd control-repo
- On your laptop, remove the origin remote
git remote remove origin
- On your latptop, add your internal repository as the origin remote
git remote add origin <ssh url of your gitlab repository>
- On your laptop, push the production branch of the repository from your machine up to your git server
git push origin production
Coming soon!
Coming soon!
- Download the latest version of the PE installer for your platform
- SSH into your puppet master and copy the installer tarball into
/tmp - Expand the tarball and
cdinto the directory - Run
puppet-enterprise-installerto install
If you run into any issues or have more questions about the installer you can see our docs here:
http://docs.puppetlabs.com/pe/latest/install_basic.html
At this point you have our control-repo code deployed into your git server. However, we have one final challenge: getting that code onto your puppet master. In the end state the master will pull code from the git server via code manager, however, at this moment your puppet master does not have credentials to get code from the git server.
So, we will set up a deploy key in the git server that will allow a ssh-key we make to deploy the code and configure everything else.
- On your puppet master, make an ssh key for r10k to connect to gitlab
/usr/bin/ssh-keygen -t rsa -b 2048 -C 'code_manager' -f /etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa -q -N ''cat /etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa.pub- References:
- In the Gitlab UI, create a deploy key on the
control-repoproject
- Paste in the public key from above
- Login to the PE console
- Navigate to the Classification page
- Click on the PE Master group
- Click the Classes tab
- Add the
puppet_enterprise::profile::master- Set the
r10k_remoteto the ssh url from the front page of your gitlab repo - Set the
r10k_private_keyparameter to/etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa
- Set the
- Commit your changes
- On your puppet master
-
Run:
puppet agent -t r10k deploy environment -pv puppet agent -t
- Navigate back to the Classification page
- Near the top of the page select "add a group"
- Type
role::all_in_one_pefor the group name- Click the "Add Group" button
- Click the "add membership rules, classes and variables" link that appears
- Below "Pin specific nodes to the group" type your master's fqdn into the box
- Click "pin node"
- Below "Pin specific nodes to the group" type your master's fqdn into the box
- Select the "classes" tab
- On the right hand side, click the "refresh" link
- Wait for this to complete
- In the "add new classes" box type
role::all_in_one_pe- Click "add class"
- On the right hand side, click the "refresh" link
- Commit your changes
- On your puppet master
-
Run:
puppet agent -t echo 'code_manager_mv_old_code=true' > /opt/puppetlabs/facter/facts.d/code_manager_mv_old_code.txt puppet agent -t
- Code Manager is configured and has been used to deploy your code
- On your puppet master
cat /etc/puppetlabs/puppetserver/.puppetlabs/webhook_url.txt
- In your Git server's UI, add a webhook to the control-repo repository
- You can paste the above webhook url
- Disable SSL verification on the webhook
- Since code manager uses a self-singed cert from the Puppet CA it is not generally trusted
- After you created the webhook use "test webhook" or similar functionality to confirm it works
One of the components setup by this control-repo is that when you "push" code to your git server, the git server will inform the puppet master to deploy branch you just pushed.
- In one terminal window,
tail -f /var/log/puppetlabs/puppetserver/puppetserver.log - In a second terminal window
- Add a new file,
touch test_file git add test_filegit commit -m "adding a test_file"git push origin production
- Allow the push to complete and then wait a few seconds for everything to sync over
ls -l /etc/puppetlabs/code/environments/production- Confirm test_file is present
- In your first terminal window review the
puppetserver.logto see the type of logging each sync will create
Remove pe_r10k from the PE master group in the console and instead add the following two parameters to the puppet_enterprise::profile::master class under the PE master group.
r10k_remote= the ssh url for your internal repor10k_private_key=/etc/puppetlabs/puppetserver/code_manager.key
When upgrading the puppet_enterprise::profile::master class has the file_sync_enabled parameter set to false. This parameter should be removed so that code manager can configure file sync.
Finally, you’ll need to echo 'code_manager_mv_old_code=true' > /opt/puppetlabs/facter/facts.d/code_manager_mv_old_code.txt so that my puppet code will redeploy all of your code with code manager.
If you are using PE2015.2.z or if you've forced the use of the zack/r10k webhook then you'll want to test that it works.
One of the components setup by this control-repo is that when you "push" code to your git server, the git server will inform the puppet master to run r10k deploy environment -p.
- Edit README.md
- Just add something to it
git add README.mdgit commit -m "edit README"git push origin production- Allow the push to complete and then give it few seconds to complete
- Open
/etc/puppetlabs/code/environments/production/README.mdand confirm your change is present