How to install/configure ‘Puppet agent’ on Windows Quick introduction: Puppet is an agent/master architecture, where a puppet master server controls important configuration info and managed agent nodes request only their own configuration catalogs. In this architecture, managed nodes run the puppet agent application, usually as a background service. One or more servers run the puppet master application, usually as a Rack application managed by a web server (like Apache with Passenger). puppet is available as either Enterprise [$ Licensed] or Open Source [Free]: Puppet Enterprise is a commercial product for which support and maintenance is available. How to Buy: [See the price $ model] http://puppetlabs.com/puppet/how-to-buy For more info: http://puppetlabs.com/puppet/enterprise-vs-open-source Architectural info: http://aosabook.org/en/puppet.html https://docs.puppetlabs.com/puppet/3.6/reference/architecture.html Frequently Asked Questions: https://docs.puppetlabs.com/guides/faq.html Quick Start installation guide for Master & Agent installation https://docs.puppetlabs.com/pe/latest/quick_start.html#installing-the-puppet-master A typical ‘Puppet Enterprise’ deployment consists of: 1. Master + passenger on a separate server [8140, 61613 :- Allow in firewall] 2. puppetdb on a separate server running postgresql [8081, https : - Allow in firewall] What is PostgreSQl? PostgreSQL is a powerful, open source object-relational database system. It has more than 15 years of active development and a proven architecture that has earned it a strong reputation for reliability, data integrity, and correctness. It runs on all major operating systems, including Linux, UNIX (AIX, BSD, HP-UX, SGI IRIX, Mac OS X, Solaris, Tru64), and Windows. http://www.postgresql.org/about/ Configuring the Java Heap Size To change the JVM heap size for PuppetDB, edit the init script config file by setting a new value for the -Xmx flag in the JAVA_ARGS variable. For example, to cap PuppetDB at 1GB of memory: JAVA_ARGS="-Xmx1g" Please see ‘last 2 pages’ on how to change the heap size.

3. console/dashboard on a separate server [443, https - Allow in firewall] 4. puppet agent Note: its one thing to open these ports in firewall, and another thing to ensure they are not already in use: -Check whether any other service is using the ports and interfering with traffic] My setup: As I do most stuff off my test lab running on top of VMware workstation on my laptop, hence I have limitation on how many servers I can run simultaneously [This is purely due to computing resource contention].Therefore, I am running all 4 components on a single *nix server called – ‘redhatcentos’ [Running Ent Centos ver.6] In a production environment you have total flexibility in how you want to deploy and distribute these components: master, console, and database. This document does not cover puppet suite installation, there is plenty of enough documentation around this on the net, and I am just covering the ‘windows agent’ installation. To be very frank, I am just a novice and not an expert but I love sharing stuff and this happens to be just one of them. Log file location for various components for puppet [On Redhat/centos]: /var/log/pe-*.log Facts:

puppet Master: must be running some kind of *nix only [Windows can’t be a master]

puppet agent: can run on *nix & windows machines.

Windows can’t be a master: That’s understandable, clearly indicates that this software is based on open source components [ruby, postgresql, apache].

Important files on Redhat/centos: /etc/puppetlabs/puppet/puppet.conf - > Puppet Enterprise /etc/puppetlabs/puppet/puppetdb.conf -> puppetdb /etc/sysconfig/pe-puppetdb -> puppetdb init file Communication ports: Puppet communicates on ports 8140, 61613, and 443. If you are installing the puppet master and the console on the same server, it must accept inbound traffic on all three ports. If you’ve split the two components, the master must accept inbound traffic on 8140 and 61613 and the console must accept inbound traffic on 8140 and 443. If your puppet master has multiple network interfaces, make sure it is allowing traffic via the IP address that its valid DNS names resolve to. Handy commands to help you with:

rpm -qa | grep puppet [To check what & which versions of components you are running]

lsof -i -P | grep puppetdb | grep 8081 [To check any listening connections on port 8081]

service pe-puppetdb status/start/stop

service pe-postgresql status/start/stop

ssh server 8081

iptables -A INPUT -p tcp --dport 8081 -j ACCEPT [To allow connections on port 8081 through firewall]

puppet cert list --all [To list all certificates available]

puppet cert clean --all [To remove all certificates]

Informational articles: A large deployment over 100 nodes requires more Java Heap size: https://docs.puppetlabs.com/puppetdb/latest/configure.html#configuring-the-java-heap-size Install and configure PuppetDB: [Courtesy:http://jurjenbokma.com/] http://jurjenbokma.com/ApprenticesNotes/ar21s05.html Another good one:[Courtesy:serverfault.com] http://serverfault.com/questions/400092/puppetdb-failed-to-submit-replace-facts-command Running Puppet's Commands on Windows: https://docs.puppetlabs.com/puppet/3.6/reference/services_commands_windows.html Data types in puppet world are:

Facts: System data collected on each machine and used to compile configurations.

Manifest: Files containing Puppet code, generally organized into collections called "modules".

Catalog: A graph of a given host's resources to be managed and the dependencies between them.

Report: The collection of all events generated during application of a given Catalog.

Puppet ‘Windows agent’ installation & configuration steps

1. Download the windows puppet agent.

https://downloads.puppetlabs.com/windows/

2. In this exercise, I will be adding a Windows 2012 box named –vcenter.test.com

3. Just to give you heads up I already have 2 machines being monitored in my puppet console.

Following figure shows the typical login screen for puppet console:

Following figure shows 2 nodes being monitored:

Note: redhatcentos is running all 4 components [master, database, agent & console]; I have my Domain Controller WIN2K12.test.com as a monitored agent.

4. To begin installation: Copy the downloaded windows agent on the windows box on which you want to install | Double click & click Next.

5. In the next screen, enter the puppet Master server/node name, in my case it is –

redhatcentos.

The puppet master's certificate will contain a unique name ("certname"); this should be the main DNS name at which it can be reliably reached. Puppet master's certname? In my case - redhatcentos The puppet master's certificate can contain DNS aliases; agent nodes will only trust the master if they reach it at its certname or one of these official aliases. Puppet master's DNS aliases (comma-separated list)? [Default: puppet,redhatcentos] puppet,redhatcentos. Hence, I can even use 'puppet' as alias name for mast node [redhatcentos] and it should work alright. It’s up to you, if you want to use ‘aliases’ you may, it is much easier to remember ‘puppet’ if you have 100’s and 1000’s of agents.

6. In the next screen, Click ‘Install’

7. You will see following screen, if all is going well.

8. You will with greeted with ‘Finish’ screen, click ‘Finish’.

9. Let’s find out what have we installed, In windows world we usually go to Add/remove programs & services.msc

As we can see puppet is clearly visible as a module:

Under services.msc:

On my Windows 2012, as you can see ‘puppet agent software’ has also installed other stuffs related to puppet.

10. Now that we have agent installed, let’s run it. Click run puppet agent via GUI:

Through command line:

11. You might see the following error.

Note: Basically this means we need to sign the certificate for this host: vcenter.test.com on master.

Sort out network issue: Make sure there are no communication problem between the client & the master by doing good old ping test. From master to agent:

From agent to master:

Name resolution: Every node must have a unique hostname. Forward and reverse DNS must both be configured correctly. If your site lacks DNS, you must edit /etc/hosts file on each node.

12. Now that communication is sorted, On the master node, run the following command to sign the cert for vcenter.test.com

# Puppet cert –sign vcenter.test.com

13. Come back to the agent, and re-run the puppet agent.

Puppet agent gets installed in the following directory: You can even choose to run the agent from the command line, as shown in figure above.

14. This time you should expect to see the agent do lot more than the last time and finish in following manner:

Note the long string of log messages, which should end with notice: Finished catalog run in [...] seconds. You are now fully managing the agent node. It has checked in with the puppet master for the first time and received its configuration info. It will continue to check in and fetch new configurations every 30 minutes. The node will also appear in the console [see step 15], where you can make changes to its configuration by assigning classes and modifying the values of class parameters.

15. Login to puppet enterprise console and click ‘Nodes’ to see if the agent

[vcenter.test.com] has showed up.

16. As you can see the windows agent is now visible as a monitored resource.

What exactly an ‘agent’ does with respect to master

1. The Puppet agent process collects information about the host it is running on, which it passes to the server.

2. The parser uses that system information and Puppet modules on local disk to compile a configuration for that particular host and returns it to the agent.

3. The agent applies that configuration locally, thus affecting the local state of the

host, and files the resulting report with the server.

Issue faced during ‘puppet agent --test’ run Error: Could not retrieve catalog from remote: Error 400 on SERVER: Failed to submit 'replace facts' command for <server> to PuppetDB at <server>:8081: connection refused - connect(2)

Solution: [In my case this solved the issue] Edited the jetty.ini file and changed the hostname to IP: 192.168.0.25 as shown in figure below. Check your /etc/puppetlabs/puppetdb/conf.d/jetty.ini file for the configuration items host & ssl-host. These should both be set to the IP address you want PuppetDB to listen on, or simply 0.0.0.0 for all IP addresses. If not supplied, it binds to localhost, which will reject connections from anywhere but the PuppetDB server itself. In my case, agent & puppet is both on the same server and I have just one network interface, so it was easy. For more info: https://docs.puppetlabs.com/puppetdb/latest/configure.html#jetty-http-settings

Changing Java Heap size On Redhat/centos server

1. Check the current Java Heap size.

2. Stop the puppetdb service.

3. Modify the ‘argument’ for heap size.

4. Start the puppetdb service [service pe-puppetdb start]

5. Run the following command to check if the new Java Heap size is applied.

root@redhatcentos Desktop]# ps -aux | grep puppetdb 489 49122 1.5 21.1 2162976 405876 ? Sl 19:20 0:49 /opt/puppet/bin/java -XX:OnOutOfMemoryError=kill -3 %p –Xmx500m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/pe-puppetdb/puppetdb-oom.hprof -Xms256m -jar /opt/puppet/share/puppetdb/puppetdb.jar services -c /etc/puppetlabs/puppetdb/conf.d Informational purpose:

-Xms<size> set initial Java heap size

-Xmx<size> set maximum Java heap size

-Xss<size> set java thread stack size

%p is replaced by process id

When JVM starts JVM heap space is equal to the initial size of Heap specified by -Xms parameter but as application progress more objects get created and heap space is expanded to accommodate new objects.

JVM also runs garbage collector periodically to reclaim memory back from

dead objects.

When that does not help, JVM expands Heap size to Maximum Size specified by -Xmx

And if there is no more memory left for creating new object in java heap , JVM throws java.lang.OutOfMemoryError and your application dies. Before throwing OutOfMemoryError No Space in Java Heap, JVM tries to run garbage collector to free any available space but even after that not much space available on Heap in Java it results into OutOfMemoryError.

Please note generating a heap dump will create a file that is the same size as your JVM, so if you have allocated 1GB to your JVM's maximum memory size, the heap dump will be 1GB. Please ensure there is adequate space on the drive for this file to be created. IMPORTANT: Configure Java to produce a heapdump and a thread stack at the same time when it throws an OutOfMemoryError. Heapdumps can be used to determine what was in memory, and thereby find memory leaks and determine what parts of the system are using too much memory. ashwinwriter@gmail.com Sep,2014