This script provides the necessary configurations to provide a complete Puppet and MCollective Infrastructure.The Services and Nodes in the below table illustrate how the components will be distributed.
| Service | Node |
|---|---|
Puppet Server |
|
Puppet Agent |
|
PuppetDB |
|
PostgreSQL for PuppetDB |
|
MCollective Message Brokers |
|
MCollective Servers |
|
MCollective Client |
|
Each server should have DNS A records set. In addition to the A recordds, this Puppet Infrastructure expects the following SRV records:
| SRV Records | Server |
|---|---|
|
Puppet Server(s) |
|
MCollective Brokers |
|
PuppetDB |
The following firewall rules are required for communication between components.
| Source | Destination | Port |
|---|---|---|
mco clients |
mco brokers |
4222 |
mco brokers |
mco brokers |
4223 |
puppetdb |
postgresql |
5432 |
puppet-agents |
puppet-server(s) |
8140 |
puppet-server(s) |
puppetdb |
8180 |
mco brokers |
localhost |
8222 |
Kickstart all nodes with this kickstart file:
Puppet Agent is setup during kickstart. Wait for all nodes to request a certificate. Sign all puppet certs.
Wait.
When all servers have had a few puppet runs to work things out amongst themselves, usually about 30 minutes everything will be setup except the mco client.
On your workstation:
mco choria request_cert
Login to the puppet-master and issue
puppet cert sign $USER.mcollective
If you sign the certificate within 240 seconds of the request, the mco config will be downloaded to the requesting workstation and user account automatically.
Now on your workstation:
mco puppet status
That’s it.
| Script | Purpose |
|---|---|
|
Looks up Message Brokers via DNS SRV records |
|
Looks up Puppet Servers via DNS SRV records |