You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

To bootstrap a new openstack-installation it is recommended to install the bootstrap-role on a single machine, and from that machine install all the other nodes. At the end this machine is supposed to be decommissioned, as the other machines should provide all services in a redundant manner.

This article describes the steps needed to install the bootstrap-role onto a freshly installed server running ubuntu.

Installation

Install puppet

Download and install the puppet5 deb for your distro from here: https://apt.puppet.com/, and install the puppetserver.

Install puppet
root@bootstrap:~# wget https://apt.puppet.com/puppet5-release-xenial.deb
root@bootstrap:~# dpkg -i puppet5-release-xenial.deb 
root@bootstrap:~# apt-get update
  ...
Get:5 http://apt.puppetlabs.com xenial InRelease               
Get:6 http://apt.puppetlabs.com xenial Release [76.0 kB]
Get:7 http://apt.puppetlabs.com xenial Release.gpg [836 B]
Get:8 http://apt.puppetlabs.com xenial/puppet5 amd64 Packages [6,884 B]
Get:9 http://apt.puppetlabs.com xenial/puppet5 i386 Packages [6,068 B]
Get:10 http://apt.puppetlabs.com xenial/puppet5 all Packages [3,521 B]
Fetched 93.3 kB in 0s (108 kB/s)       
Reading package lists... Done
root@bootstrap:~# apt-get install puppetserver

The bootstrap needs a certificate which is valid for its own name, in addition to the names for the puppetserver and puppetdb role. Add these names to /etc/puppetlabs/puppet/puppet.conf before you run the puppetagent which generates these certificates. Run puppet using the bootstrap-machine as master. Verify that the SSL certificates generated includes the puppet and puppetdb alt names.

Puppet SSL certificates
root@bootstrap:~# vim /etc/puppetlabs/puppet/puppet.conf
root@bootstrap:~# tail -n 2 /etc/puppetlabs/puppet/puppet.conf
[main]
dns_alt_names = puppet.skyhigh.iik.ntnu.no,puppetdb.skyhigh.iik.ntnu.no
root@bootstrap:~# grep puppet /etc/hosts
10.212.128.9	bootstrap.infra.skyhigh.iik.ntnu.no	bootstrap puppet puppetdb
 
root@bootstrap:~# systemctl start puppetserver
root@bootstrap:~# puppet agent --test --server bootstrap.infra.skyhigh.iik.ntnu.no
 ...
Notice: Applied catalog in 0.01 seconds
root@bootstrap:~# puppet cert list --all
+ "bootstrap.infra.skyhigh.iik.ntnu.no" (SHA256) A3:C1:1C:BF:49:C3:2E:9F:97:3F:0A:B9:CB:76:44:B2:74:7F:BB:B9:3E:62:3E:8F:88:1F:62:E0:F1:35:E0:E8 (alt names: "DNS:bootstrap.infra.skyhigh.iik.ntnu.no", "DNS:puppet.skyhigh.iik.ntnu.no", "DNS:puppetdb.skyhigh.iik.ntnu.no")

Install r10k

At this point there are a working puppet infrastructure in place. Next up is installing and configuring r10k, and deploying your first environment. In this example the environment "infrastructure" is deployed:

Install r10k
root@bootstrap:~# /opt/puppetlabs/puppet/bin/gem install r10k
root@bootstrap:~# mkdir /etc/puppetlabs/r10k
root@bootstrap:~# vim /etc/puppetlabs/r10k/r10k.yaml
root@bootstrap:~# cat /etc/puppetlabs/r10k/r10k.yaml
---
:cachedir: /opt/puppetlabs/puppet/cache/r10k
:sources:
  puppet:
    basedir: /etc/puppetlabs/code/environments
    remote: https://github.com/ntnusky/r10k.git
root@bootstrap:~# /opt/puppetlabs/puppet/bin/r10k deploy environment infrastructure -pv

Set up hiera

Create the folder for the hieradata, create the initial datafiles, initialize a git-repo and commit the initial structures.

Set up hiera datafiles
root@bootstrap:~# mkdir /etc/puppetlabs/puppet/data
root@bootstrap:~# cd /etc/puppetlabs/puppet/data
root@bootstrap:/etc/puppetlabs/puppet/data# mkdir nodes
root@bootstrap:/etc/puppetlabs/puppet/data# touch common.yaml networking.yaml packages.yaml sensu.yaml users.yaml nodes/bootstrap.infra.skyhigh.iik.ntnu.no.yaml
root@bootstrap:/etc/puppetlabs/puppet/data# git init .
Initialized empty Git repository in /etc/puppetlabs/puppet/data/.git/
root@bootstrap:/etc/puppetlabs/puppet/data# git add .
root@bootstrap:/etc/puppetlabs/puppet/data# git commit -m "Initial import"

To configure hiera you might simply pull the latest version of the hiera.yaml file from github:

Configure hiera
root@bootstrap:/etc/puppetlabs/puppet# wget https://raw.githubusercontent.com/ntnusky/profile/infrastructure/files/puppet/hiera.yaml
   ...
2017-12-22 14:18:52 (334 KB/s) - 'hiera.yaml.1' saved [72001]
root@bootstrap:/etc/puppetlabs/puppet# mv hiera.yaml.1 hiera.yaml

Next up is populating the hiearchi with information based on this wikipage, and commiting this to the git repository

Set up hiera datafiles
root@bootstrap:/etc/puppetlabs/puppet/data# git add common.yaml networking.yaml packages.yaml users.yaml
root@bootstrap:/etc/puppetlabs/puppet/data# git commit -m "Initial data"
 

Add the class "role::bootstrap" to the node-specific hierafile so that the role can be set before the ENC is up and running. Also make sure that sensu and munin is set to not be installed; as we need the servers installed before we install the clients. Restart puppetserver, and run the puppetagent.

Define role for bootstrap
root@bootstrap:/etc/puppetlabs/puppet/data# echo '---' > nodes/bootstrap.infra.skyhigh.iik.ntnu.no.yaml
root@bootstrap:/etc/puppetlabs/puppet/data# echo 'classes:' >> nodes/bootstrap.infra.skyhigh.iik.ntnu.no.yaml
root@bootstrap:/etc/puppetlabs/puppet/data# echo ' - role::bootstrap' >> nodes/bootstrap.infra.skyhigh.iik.ntnu.no.yaml
root@bootstrap:/etc/puppetlabs/puppet/data# grep install: common.yaml 
profile::munin::install: false
profile::sensu::install: false
root@bootstrap:/etc/puppetlabs/puppet/data# systemctl restart puppetserver
root@bootstrap:/etc/puppetlabs/puppet/data# puppet agent --test --server puppet.skyhigh.iik.ntnu.no --environment infrastructure

a

  • No labels