The Problem
Need to deploy a new Puppet Enterprise cluster with a PuppetMaster, PuppetConsole and a PuppetDB while avoiding typos and misconfigurations. Also need to deploy to several environments using a consistent configuration.
The Solution
Use Ansible to deploy Puppet onto freshly built servers that contain just a SysAdmins SSH public key.
The Goal
A repeatable and documented way to deploy the very finicky Puppet installer in any environment needed from local vagrants to the clouds of vSphere, AWS, RackSpace or Digital Ocean.
GitHub Repo
github.com/e30chris/Ansible-PuppetEnterpriseDeploy
Playbook notes
Setting the variables for each environment
sandor@theargo cd ~/Ansible-PuppetEnterpriseDeploy/
sandor@theargo cat group_vars/all
---
# common variables for PuppetMaster Deployment
# format for this file
# variable: fact
#
# version of Puppet Enterprise
pe_version: 3.2.3
# os family
os_family: debian
os_version: 7
os_arch: amd64
# pe installer
pe_installer: puppet-enterprise-{{ pe_version }}-{{ os_family }}-{{ os_version }}-{{ os_arch }}
# hostnames
pupmaster_hostname: pupmaster.argo.local
pupdb_hostname: pupdb.argo.local
pupconsole_hostname: pupconsole.argo.local
# IP's
pupmaster_ip: 10.0.0.10
pupdb_ip: 10.0.0.11
pupconsole_ip: 10.0.0.12
# dns salt hostnames
pupmaster_salt_hostnames: puppet,puppetmaster
pupdb_salt_hostnames: puppetdb
pupconsole_salt_hostname: pupconsole
# passwords
console_auth_db_pass: arandompasswordthatneedschangedhere
console_db_pass: arandompasswordthatneedschangedhere
pupdb_db_pass: arandompasswordthatneedschangedhere
db_root_pass: arandompasswordthatneedschangedhere
To keep it simple only the values that should be changed are assigned variables. Everything else is left with the Puppet defaults in the answer files.
Tasks to be run on all servers
Puppet needs very perfect name resolution between all agents and the PuppetMaster. Having a perfect hosts file on each server is required.
- name: Ensure common etc hosts file
template:
src="../templates/hosts.j2"
dest=/etc/hosts
To keep things simple all the installation tasks will run out of a /puppetinstall directory. This should be in the user home dir that is running the installer. The examples here use root but the SysAdmin Bible states never use root always use sudo.
- name: Ensure Puppet installer directory present
file:
path=/root/puppetinstall
state=directory
- name: Ensure install log present
file:
path=/root/puppetinstall/pupconsole_install.log
owner=root
state=touch
When you download the PE tarball you can grab the download url from S3. This grabs the version you need and extracts it into the installer dir.
- name: Ensure PE tarball present
get_url:
url=https://s3.amazonaws.com/pe-builds/released/{{ pe_version }}/{{ pe_installer }}.tar.gz
dest=/root/peinstaller.tar.gz
force=no
- name: Ensure Puppet untar'd to install directory
unarchive:
copy=no
src=https://theargo.io/root/peinstaller.tar.gz
dest=/root/puppetinstall
Tasks that run on each server role
Each server then runs the same basic installer command with a few things named for each role like the installer log.
Here is the PuppetMasters install-
---
# Tasks for PupMaster
- name: Ensure install log present
file:
path=/root/puppetinstall/pupmaster_install.log
owner=root
state=touch
- name: answer file for PupMaster
template:
src="../templates/pupmaster.answer.j2"
dest=/root/puppetinstall/pupmaster.answer
owner=root
- name: run the pe installer
command: /root/puppetinstall/{{ pe_installer }}/puppet-enterprise-installer -a /root/puppetinstall/pupmaster.answer -l /root/puppetinstall/pupmaster_install.log