Skip to content

Puppet and Amazon EC2

Jump to bottom Edit New page
ekoontz edited this page Sep 14, 2010 · 17 revisions

Introduction

The next version of hbase-ec2 will use puppet for bootup. This page will document the progress of the integration of puppet into hbase-ec2.

Configuration

See also: my DNS setup notes for HBase

DNS Server

For now, only bind-specific information is here: other DNS server configurations should be similar in concept, though.

Configure bind: make a CNAME entry for puppet, e.g.:

puppet             CNAME   ubuntu
ubuntu 		A       192.168.56.10

or perhaps just an A record if you have a new, dedicated puppetmaster:

puppet 		A       192.168.56.10

Puppetmaster

Make sure your /etc/resolv.conf is configured correctly. It should contain a line nameserver for the DNS server that you configured in the previous section. It should also contain a search line for your domain. For example:

nameserver 192.168.56.10
search foofers.org

Client

DNS setup

Make sure, for each puppet client host, that /etc/resolv.conf contains the same information as that shown in the same file on the puppetmaster, e.g.:

nameserver 192.168.56.10
search foofers.org

Note the search line: this is because in my example, the DNS server is configured to correctly resolve ‘puppet.foofers.org’.

Test the client with ping puppet:

root@host# ping puppet
PING ubuntu.foofers.org (192.168.56.10) 56(84) bytes of data.
64 bytes from ubuntu.foofers.org (192.168.56.10): icmp_seq=1 ttl=64 time=0.342 ms
64 bytes from ubuntu.foofers.org (192.168.56.10): icmp_seq=2 ttl=64 time=1.12 ms

Note that if you edit /etc/resolv.conf, you must restart the puppet client daemon for it to be aware of the changes you made.

Puppet client

Suppose we want to configure the machine debian64-3 to be a puppet client.

root@debian64-3 # apt-get install puppet
.
.
Setting up puppet (0.25.4-2ubuntu6) ...
 * Starting puppet configuration management tool
.
puppet not configured to start, please edit /etc/default/puppet to enable
  ...done.
root@debian64-3 #

Edit /etc/default/puppet:

START=yes

Start the puppet daemon or reboot the instance:

root@debian64-3 # /etc/init.d/puppet start

In the syslog of the puppetmaster, you should see something like:

Aug 16 16:03:56 ubuntu puppetmasterd[27823]: debian64-3.foofers.org has a waiting certificate request

Sign client’s certificate on puppetmaster server

On the puppetmaster, list which clients are awaiting signing:

root@ubuntu:~# puppetca --list
debian64-3.foofers.org

For each client, sign the certificate

root@ubuntu:~# puppetca --sign debian64-3.foofers.org
debian64-3.foofers.org
notice: Signed certificate request for debian64-3.foofers.org
notice: Removing file Puppet::SSL::CertificateRequest debian64-3.foofers.org at '/var/lib/puppet/ssl/ca/requests/debian64-3.foofers.org.pem'
Add a custom footer
Add a custom sidebar
Clone this wiki locally