Linux Configuration Management Utilizing PuppetMark Stanislav <mstanisl@emich.edu>

Test-Bed Environment

• MacBook Pro - 2.5GHz Intel Core 2 Duo with 4GB RAM

• Mac OS 10.6

• VMWare Fusion 3.1.0

• Internal VM network environment

Servers Deployed

Hostname IP Address RAM Purpose

puppet 172.16.172.3 512MB Puppet Master

monitor 172.16.172.4 256MB Munin/Nagios

syslog 172.16.172.5 128MB Centralized Syslog

sql 172.16.172.6 128MB Dedicated MySQL

web 172.16.172.7 128MB Dedicated Apache

ldap 172.16.172.8 128MB OpenLDAP

All guest virtual machines are CentOS 5.5 x86_64

19 Puppet Modules CreatedModule Purpose Module Purpose

bind DNS Server ntp NTP Time Syncronizationforeman Puppet Dashboard postfix Localhost SMTP

httpd Apache Webserver puppet Puppet Master/Clientsldap LDAP Server/Clients rkhunter Root kit/File Integrity

logwatch Log Report Summary ssh OpenSSH Server/Clientsmcollective Multiple Host Execution stunnel stunnel Server/Clients

munin System Metric Baseline sudo sudomysql SQL Database syslog rsyslog Server/Clientsnagios Host/Service Monitoring yum Yum Repositoriesnrpe Nagios Host-Client

CentOS Puppet Client Configuration Steps• rpm -Uvh http://download.fedora.redhat.com/pub/epel/5Server/x86_64/epel-release-5-3.noarch.rpm

• yum install puppet

• Edit /etc/puppet/puppet.conf with the following contents:

• Edit /etc/hosts with the following contents:

• service puppet start && chkconfig puppet on

• puppetca --sign <hostname>.nita.local (Executed on Puppet Master)

• puppetd -t

[main] pluginsync = true vardir = /var/lib/puppet logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl factpath = $vardir/lib/facter reports = log, foreman

[puppetd] catalog_format=marshal report = true runinterval = 3000 classfile = $vardir/classes.txt localconfig = $vardir/localconfig

127.0.0.1 localhost.localdomain localhost <hostname> <hostname>.nita.local172.16.172.3 puppet puppet.nita.local

Major Successes• Automated configuration/maintaining of six disparate server hosts

• Creation of 19 modules; 18 of which were implemented fully

• rsyslog + stunnel for secure centralized logging of all servers

• Automatic host creation for Nagios and Munin with custom metrics/checks

• Webserver running WordPress with MySQL backend between two hosts + phpMyAdmin

• Logwatch & rkhunter daily e-mail reporting for integrity checks

• Foreman web management of Puppet with e-mail reporting

• Mercurial repository with HgWebdir web frontend

• LDAP server + client configuration with phpLDAPAdmin web frontend

Failures/Issues

• Unable to easily support 6 virtual machines on host environment leading to latent deployment of files from the Puppet Master to hosts

• Burdensome configuration adjustments needed to support more than one OS. Original efforts to support CentOS & Debian proved overtly difficult

• LDAP server configuration was less than adequate; did not integrate support for web services

• Module structure was fairly inconsistent going back and forth with changes to modules after more was learned each time

Screenshots

• The following screenshots depict various applications and servers running as they were deployed by Puppet

• Nagios has a large amount of alerts/errors/pending due to issues with maintaining all six VMWare hosts online at one time

• No configuration was done manually outside of a Puppet module

VMWare Fusion Guests

Puppet Servers w/ hostname + important processes + uname -a

rsyslog centralized logs

mcollective commands executed

Foreman Web Inteface to Puppet

Mecurial + HgWebdir

Munin

Nagios

WordPress

phpMyAdmin

phpLDAPAdmin