Friday, May 08, 2015

How to: puppet - hiera - foreman enc

Here is an example of a puppet setup with hiera and Foreman as ENC (external node classifier)

Let's say I want to manage my /etc/resolv.conf using puppet.  Since I have multiple datacenters, I want to point linux clients to the closest DNS server.

I want my puppet templates to be generic, so that I don't have to touch it again.  All hard-coded data (like IP addresses) goes into hiera.

Puppet

I separate puppet classes by modules for convenience.  Here is how puppet manifest looks like:

cat puppet/modules/dns/manifests/init.pp

class dns ( $dns_search = hiera("dns::search"),
            $dns_servers = hiera("dns::servers")) {

    file { "/etc/resolv.conf":
           owner => "root",
           group => "root",
           mode  => 644,
           content => template("dns/resolv.conf.erb"),
    }
}
Basically, I'm saying that "dns_search" and "dns_servers" variables will come from hiera data.

Here is the template that puppet will apply:
cat puppet/modules/dns/templates/resolv.conf.erb

# This file is controlled by Puppet
search <%= dns_search %>
<% @dns_servers.each do |server| -%>
nameserver <%= server %>
<% end -%>

Hiera

Hiera configuration file goes by location:
cat /etc/puppet/hiera.yaml

---
:backends:
  - yaml
:yaml:
  :datadir: /etc/puppet/hieradata
:hierarchy:
  - "%{::clientcert}"
  - "nodes/%{::fqdn}"
  - "%{::environment}"
  - "location/%{::location}"
  - defaults

Location hiera file for Redwood City will look like:
cat puppet/hieradata/location/rwc.yaml

---
dns::search: rwc.mycompany.com mycompany.com
dns::servers:
 - 192.168.0.2
 - 192.168.0.3
 - 10.10.0.2

Foreman

You don't have to use Foreman but it gives you a nice GUI, dashboard and can easily be used as ENC to create puppet host groups and configuration groups.

Foreman installation was pretty straightforward from:
http://theforeman.org/manuals/1.1/quickstart_guide.html

foreman-installer --foreman-db-type=mysql

I used mysql database and my own certificate that was signed by my own CA.
cat /etc/puppet/foreman.yaml

---
:url: "https://foreman.mycompany.com"
:ssl_ca: "/etc/pki/tls/certs/mycompanyca.crt"
:ssl_cert: "/etc/pki/tls/certs/foreman.crt"
:ssl_key: "/etc/pki/tls/private/foreman.key"
:user: ""
:password: ""
:puppetdir: "/var/lib/puppet"
:puppetuser: "puppet"
:facts: true
:timeout: 10
:threads: null

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)