Friday, November 12, 2010

Automation with Foreman and Puppet

This post will tell you how I setup Puppet and Foreman on CentOS 5.5. First a quick overview of the tools, Foreman is a front end to puppet it also provides remote install capabilities. One of its goals is to provide a way to rebuild your machine from scratch, starting with a kickstart file (in the case of CentOS) and ending with a functioning machine. Puppet is a configuration management utility. It allows you to apply configuration changes data center wide in a consistent matter, even in a heterogeneous environment.

The Install
Install is a snap, it is all done through RPM's. You need to add the EPEL Repo (how to add EPEL to cent OS) Then download puppet and the puppet server otherwise known as the puppetmaster.

First we will install some dependencies. So that puppet will store data in the database.
yum install mysql mysql-server mysql-devel ruby-mysql rubygem-activerecord


Then install the puppet client and server.
yum install puppet puppet-server


Next lets install Foreman. The easiest way to do this it to let puppet do it for us. Puppet will download the foreman repository and install the Foreman rpm for you as well as do some initial configuration for us.

wget --no-check-certificate http://github.com/ohadlevy/puppet-foreman/tarball/master
tar zxf ohadlevy-puppet-foreman-65d19d4.tar.gz
echo include foreman | puppet --verbose --modulepath /path_to/extracted_tarball


Once you do that Puppet and Foreman are installed, that was easy. Now lets do some additional configuration.

Initial Configuration
One of the first things to get setup is DNS. You will want to create at least 2 entries in your DNS. One entry should be for the host name puppet this could be an A record or a CNAME. The other entry for the host name foreman again could be an A record or a CNAME. Having these two exact host names will save lots of headache.

Make sure your firewall has tcp port 3000 and tcp port 8140 open. Foreman runs on port 3000 and the puppet server uses 8140.

You will also want to enable logging. Edit /etc/sysconfig/puppet and uncomment the PUPPET_LOG parameter.
# Where to log to. Specify syslog to send log messages to the system log.
PUPPET_LOG=/var/log/puppet/puppet.log


Now let's configure a basic puppet server and client.

Start by editing the puppet.conf file
vi /etc/puppet/puppet.conf


Under the [puppetd] section add reporting for puppet
# Enable reporting
report = true


Then add a section for the puppet server at the bottom of the file
[puppetmasterd]
storeconfigs = true
dbadapter = mysql
dbuser = puppet
dbpassword = SuperSecretPassword
dbserver = localhost
dbsocket = /var/lib/mysql/mysql.sock
downcasefacts = true
rrddir=/var/lib/puppet/rrd
rrdinterval=$runinterval
rrdgraph=true
reports=log, foreman


Now lets create a database. Make sure that MySQL is running and then log in
[root@puppet ~]# mysql -u root -p
mysql> CREATE DATABASE puppet;
mysql> GRANT ALL ON puppet.* TO puppet@localhost IDENTIFIED BY 'SuperSecretPassword';
mysql> quit


Let's configure Foreman to talk to the mysql database. Edit /etc/foreman/database.yml and remove the sqlite stuff. Then add the mysql stuff.
production:
adapter: mysql
database: puppet
username: puppet
password: SuperSecretPassword
host: localhost
socket: "/var/lib/mysql/mysql.sock"


Initialize the database.
cd /usr/share/foreman/
RAILS_ENV=production rake db:migrate


Let's do some final configuration on Foreman. Edit /etc/foreman/settings.yaml
# Added to force login
:login: true


Make sure everything starts on boot:
chkconfig puppet on 235
chkconfig puppetmaster on 235
chkconfig foreman on 235
chkconfig mysql on 235


Then restart foreman and visit http://foreman:3000 you will be prompted to login. The default user name is admin and the password is changeme.

You now have a working Puppet and Foreman install. There is much left to learn but this is a good start. Questions? Leave me a comment.