Running a Script in Client Server's using Puppet Master.

Running a Script in Client Server's using Puppet.

Enable the puppet File Server
=============================
Add Following entries to /etc/puppet/fileserver.conf
[extra_files]
path /var/lib/puppet/bucket
allow *


The File is stored in the mentioned path
========================================
[root@master ~]# ll /var/lib/puppet/bucket/
total 4
-rw-r--r--. 1 root root 39 Feb 10 16:45 startup.sh

In the below codes first the scripts is fetched from the master and saved in the local file. and then execute
==============================================================================================================
[root@master ~]# cat /etc/puppet/manifests/site.pp
node "client" {
file { '/tmp/startup.sh':
          owner => 'root',
          group => 'root',
          mode => '700',
          source => 'puppet:///extra_files/startup.sh',
       }
exec    {'run_startup':
        command => '/tmp/startup.sh',
        }
}
[root@master ~]#

Puppet Master-Client Setup/Usage

Puppet is a system for automating system administration tasks. It has a master server in which we will be mentioning the client configurations and in the client we will be running an agent which will fetch the configuration form the master server and implement it.

Environment
Master and Client Runs on Centos7

Open the port 8140 in firewall and set SELINUX to permissive mode.

Intalling the packages.
================
rpm -ivh https://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-11.noarch.rpm
yum install -y puppet-server

Start the service
============
systemctl start  puppetmaster.service
puppet resource service puppetmaster ensure=running enable=true
--------------------------
Notice: /Service[puppetmaster]/enable: enable changed 'false' to 'true'
service { 'puppetmaster':
  ensure => 'running',
  enable => 'true',
}
[root@master ~]#

Now the Certificate and keys would have been created.
====================================================
[root@master ~]# ll /var/lib/puppet/ssl/certs
total 8
-rw-r--r--. 1 puppet puppet 2013 Feb  9 14:48 ca.pem
-rw-r--r--. 1 puppet puppet 2098 Feb  9 14:48 master.example.com.novalocal.pem
[root@master ~]#
[root@master ~]# ll /var/lib/puppet/ssl/private_keys/
total 4
-rw-r--r--. 1 puppet puppet 3243 Feb  9 14:48 master.example.com.novalocal.pem
[root@master ~]#


Add the Following entries to the Following File. # You will find the cert name in /var/lib/puppet/ssl/certs
================================================
vim /etc/puppet/puppet.conf
[master]
certname = master.example.com.novalocal.pem
autosign = true

Restart the Service
systemctl restart  puppetmaster.service

[root@master ~]# netstat -plan |grep 8140
tcp6       0      0 :::8140                 :::*                    LISTEN      5870/ruby
[root@master ~]#

####################
Client Configuration 
####################

Install the Packages
====================
rpm -ivh https://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-11.noarch.rpm
yum install -y puppet

Configure the Client
=====================
 vim /etc/puppet/puppet.conf
# In the [agent] section
    server = master.example.com.novalocal
    report = true
    pluginsync = true

Now the Following Command will add the certificate to Server 
===============================================
puppet agent -t --debug --verbose

From Server we need to sign the client certificate If its not signed Automatically
=============================================================
puppet cert sign --all

Now from Client again run
=========================
puppet agent -t --debug --verbose
to get synced.



Now in Server Create the Configuration file 
==================================
cat /etc/puppet/manifests/site.pp
node "client.example.com" {
file { '/root/example_file.txt':
    ensure => "file",
    owner  => "root",
    group  => "root",
    mode   => "700",
    content => "Congratulations!
Puppet has created this file.
",}
}

Once the above file in created in Server we need to run agent in the client
puppet agent -t --debug --verbose

we can see that file is created

Info: Applying configuration version '1423504520'
Notice: /Stage[main]/Main/Node[client.example.com]/File[/root/example_file.txt]/ensure: defined content as '{md5}8a2d86dd40aa579c3fabac1453fcffa5'
Debug: /Stage[main]/Main/Node[client.example.com]/File[/root/example_file.txt]: The container Node[client.example.com] will propagate my refresh event
Debug: Node[client.example.com]: The container Class[Main] will propagate my refresh event
Debug: Class[Main]: The container Stage[main] will propagate my refresh event
Debug: Finishing transaction 23483900
Debug: Storing state
Debug: Stored state in 0.01 seconds
Notice: Finished catalog run in 0.03 seconds
Debug: Using cached connection for https://master.example.com.novalocal:8140
Debug: Caching connection for https://master.example.com.novalocal:8140
Debug: Closing connection for https://master.example.com.novalocal:8140
[root@client ~]# ll /root/
total 4
-rwx------. 1 root root 47 Feb  9 17:55 example_file.txt
[root@client ~]#

Configuring http proxy in the linux Server

Open the .bash_profile file for editing.

(example: vi ~/.bash_profile)
Add the following lines to the end of the file:
http_proxy=http://proxy_server_address:port
export no_proxy=localhost,127.0.0.1,192.168.0.34
export http_proxy
http_proxy should be the ip address or hostname, plus the port of your proxy server
no_proxy should be any exclusions you want to make – addresses that you don’t want to send via the proxy.
NOTE: This must be done for each individual user, including root.
If you don’t want to log out of your shell session, you can reload the bash profile with the following:
source .bash_profile

Configuring YUM to use proxy
To configure “yum” to use the HTTP / HTTPS proxy you will need to edit the /etc/yum.conf configuration file. Open /etc/yum.conf in your favorite editor and add the following line.
proxy=http://proxy_server_address:port

Save and close the file, then clear the cache used by yum with the following command:
yum clean all