Linux Configuration Management Utilizing Puppet

Mark Stanislav <mstanisl@emich.edu>

Test-Bed Environment
• • • •
MacBook Pro - 2.5GHz Intel Core 2 Duo with 4GB RAM Mac OS 10.6 VMWare Fusion 3.1.0 Internal VM network environment

Servers Deployed
Hostname IP Address puppet syslog sql web ldap 172.16.172.3 172.16.172.5 172.16.172.6 172.16.172.7 172.16.172.8 monitor 172.16.172.4 RAM 512MB 256MB 128MB 128MB 128MB 128MB

Purpose
Puppet Master Munin/Nagios Centralized Syslog Dedicated MySQL Dedicated Apache OpenLDAP

All guest virtual machines are CentOS 5.5 x86_64

19 Puppet Modules Created
Module Purpose Module Purpose
NTP Time Syncronization Localhost SMTP Puppet Master/Clients Root kit/File Integrity OpenSSH Server/Clients stunnel Server/Clients sudo rsyslog Server/Clients Yum Repositories bind DNS Server ntp foreman Puppet Dashboard postfix httpd Apache Webserver puppet ldap LDAP Server/Clients rkhunter logwatch Log Report Summary ssh mcollective Multiple Host Execution stunnel munin System Metric Baseline sudo mysql SQL Database syslog nagios Host/Service Monitoring yum nrpe Nagios Host-Client

CentOS Puppet Client Configuration Steps
• • •
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5Server/x86_64/epel-release-5-3.noarch.rpm yum install puppet Edit /etc/puppet/puppet.conf with the following contents:
[main] pluginsync = true vardir = /var/lib/puppet logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl factpath = $vardir/lib/facter reports = log, foreman [puppetd] catalog_format=marshal report = true runinterval = 3000 classfile = $vardir/classes.txt localconfig = $vardir/localconfig

• • • •

Edit /etc/hosts with the following contents:
127.0.0.1 172.16.172.3
localhost.localdomain localhost <hostname> <hostname>.nita.local puppet puppet.nita.local

service puppet start && chkconfig puppet on puppetca --sign <hostname>.nita.local (Executed on Puppet Master) puppetd -t

• • • • • • • • •

Major Successes
Automated configuration/maintaining of six disparate server hosts Creation of 19 modules; 18 of which were implemented fully rsyslog + stunnel for secure centralized logging of all servers Automatic host creation for Nagios and Munin with custom metrics/checks Webserver running WordPress with MySQL backend between two hosts + phpMyAdmin Logwatch & rkhunter daily e-mail reporting for integrity checks Foreman web management of Puppet with e-mail reporting Mercurial repository with HgWebdir web frontend LDAP server + client configuration with phpLDAPAdmin web frontend

Failures/Issues
• • • •
Unable to easily support 6 virtual machines on host environment leading to latent deployment of files from the Puppet Master to hosts Burdensome configuration adjustments needed to support more than one OS. Original efforts to support CentOS & Debian proved overtly difficult LDAP server configuration was less than adequate; did not integrate support for web services Module structure was fairly inconsistent going back and forth with changes to modules after more was learned each time

Screenshots
• • •
The following screenshots depict various applications and servers running as they were deployed by Puppet Nagios has a large amount of alerts/errors/pending due to issues with maintaining all six VMWare hosts online at one time No configuration was done manually outside of a Puppet module

VMWare Fusion Guests

Puppet Servers w/ hostname + important processes + uname -a

rsyslog centralized logs

mcollective commands executed

Foreman Web Inteface to Puppet

Mecurial + HgWebdir

Munin

Nagios

WordPress

phpMyAdmin

phpLDAPAdmin