Manifest and Module Organization, Take One

In the last article, we learned how to import modules from the puppet forge. We created a very simple, but disorganized, site manifest. We need to create some organization, which will give us the ability to apply different settings to different nodes. Here’s the manifest we ended up with:

class { '::ntp':
  servers => [ '0.pool.ntp.org', '2.centos.pool.ntp.org', '1.rhel.pool.ntp.org'],
}

user { 'dave':
  ensure     => present,
  uid        => '507',
  gid        => '507',
  shell      => '/bin/bash',
  home       => '/home/dave',
  managehome => true,
}

group { 'dave':
  ensure => 'present',
  gid    => '507',
}

include ::ssh
::ssh::server::configline { 'PermitRootLogin': value => 'yes' }

The manifest includes two modules from the puppet forge and two resources managed by puppet, one user and one group. These resources, however, are going to applied to every agent that connects. As we grow the manifests, we’re going to meet some resources that are only needed on certain agents – web servers, web apps, etc. Let’s take what we have and organize it better.

Continue reading

Adding modules to your Puppet master

In the last post, we built a Puppet master. The master is ready for agents to connect, but currently it doesn’t actually do very much when they do. Our site.pp manifest is very boring:

[root@puppet ~]# cat /etc/puppet/manifests/site.pp
notify {"Agent connection is successful": }

All agents get the same manifest, and it’s just a notify statement. We want to do more than that, we want to actually manage some important configuration. Before we get into that, I want to mention a few basics that you may want to review on your own. We’ll touch on these items throughout this and future Puppet blogs, with the expectation that you’ll have read up on them already or will reference as needed.

Continue reading

Kickstart your CentOS Template, EL6 Edition

Note: This article uses Enterprise Linux 6. If you are looking for Enterprise Linux 7, check out the new edition!

A few days ago, I started my Puppet series. I described how to manually build a brand new golden image or how to add puppet to an existing image. I also said that I hoped everyone had that process automated, for example with kickstart. If you don’t have an automated process in place, I’ll show you how to get started with kickstart.

Kickstart is a tool for creating repeatable, but customized, installations. There is lots of documentation available (Fedora and RHEL sites, for example). There are a few methods to make a kickstart file available, but we’re going to focus on using the network. Here’s what you’ll need to get started:

  • vCenter
  • A DHCP server in the network where the VM will be deployed.
  • Firewall rules and routing allowing the provisioned VM to communicate with the web server.
  • A web server to host the kickstart file.
  • A CentOS netinstall ISO in your vSphere infrastructure, download from a mirror.
  • Ability to create VMs in your vSphere infrastructure.

Continue reading

Creating a Puppet Master

Puppet for vSphere Admins

Over the last four weeks, we looked at Auto Deploy, which is automation for our VMhost provisioning process. Next up, we’re going to look at Puppet, a tool to automate our VM and Guest OS provisioning.

Recently, I have been working on deploying Puppet by Puppet Labs in our work environment. Puppet is a provisioning and configuration management system. It has been made famous by its ability to simplify cloud management for those running at scale, such as the Obama for America campaign that leveraged AWS and Puppet. Manually provisioning and configuring nodes scales linearly, or worse – 5,000 nodes requires at least 1,000 times the resources as 5 nodes. Automation with a tool like Puppet scales much more gracefully. Managing 5,000 nodes is only incrementally more difficult than managing 5, and growing to 50,000 or shrinking to 500 is just as easy. There are a number of other similar products you might be interested in – Chef, Ansible, and Salt to name a few.

I am interested in Puppet for two primary reasons. First, it has a lot of mindshare and a friendly community. You can easily find numerous blogs addressing common problems, there’s an active irc channel for problems you can’t solve with the help of a search engine, there’s a gigantic public module repository (called Puppet Forge), and you’ll find many candidates who already know Puppet as you grow your team. Second, VMware has invested $30M in Puppet Labs. The increased interaction and development has already resulted in Puppet adding some VMware cloud provisioning features and should ensure those features mature. This should help round out their Software Defined DataCenter (SDDC) efforts.

Continue reading

Puppet Git Sync via REST: A learning experience

In an upcoming series, I’ll be writing about Puppet and Git. As part of the research, I spent a number of hours looking at existing tools for post-receive hooks that were compatible with Github and r10k. In the end, my research went a completely different way and my first effort didn’t pan out, but I did learn from the experience and thought that sharing it might help others.

I was attempting to take an integrated puppet/r10k installation supporting dynamic environments and add a post-receive hook. The current workflow finished up with having to log into the puppet master, su to root/sudo and run r10k to deploy. The primary goal of the hook was to eliminate this step. This would not only simplify the workflow, but also increase security (less people have to have root access) and eliminate mistakes (Why isn’t my change visible? Oops I forgot to run r10k). The concept of hooks is fairly simple – when certain git activities occur, programs are called – but I needed to put things together. I’m on this box, I do my git work and push it to origin, then I need origin to do … something … and tell the puppet master to do … something else.

My initial research was focused on identifying the somethings. A common solution is to install gitolite on a node and make that the origin. It can then call an external program that SSH’s to the master and runs r10k. I eliminated this option because it’s either another node to manage or another service on an existing node, plus I have to perform backups of the git repo. I’d rather use Github at home or Stash at work to foist some of those responsibilities off on others.

Continue reading

Auto Deploy Deep Dive, Part 4: Troubleshooting

Part 4 of the Auto Deploy Deep Dive Series details some of the issues I encountered along the way and how to troubleshoot them.

Troubleshooting

PXE

In a VLAN’ed environment (most production, and some home labs), the native VLAN and the destination VLAN for your host may be separate. You can of course boot the host on a port with no VLANs, the move/reconfigure the port to have the correct VLANs, but I would suggest entering the PXE manager at boot and setting the proper VLAN to eliminate possible failure points. If not, you may run into this situation…

Continue reading

PowerShell Profile

In an earlier article, I described how to create a PowerShell Profile, specifically so that you could access PowerCLI snapins in the regular PowerShell or PowerShell ISE programs where you get tab completion and intellitype. However, it was buried in the midst of another article where it was hard to find.

The below PoSH will create a new profile if it doesn’t exist and add the VMware snapins, then it will open the profile file for editing. PowerShell and PowerShell ISE each have their own profile file, so run it in both if you need to.

Run the suggested commands below for the correct version of PowerCLI. If you have statements in your profile from a previous version of PowerCLI, clean them up by hand, or delete your profile and re-run the script to start with a blank profile. Note: This would wipe out any non-PowerCLI commands in your profile as well, such as those added by Chocolatey.

PowerCLI 6.5

Download. If you encounter errors after upgrading from a previous version, check the value of $env:PSModulePath. It should contain the path C:\Program Files (x86)\VMware\Infrastructure\PowerCLI\Modules rather than the older C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\Modules. If it is incorrect, try a reboot, though the installer does not suggest one is required; that fixed the problem for me.

if (! (Test-Path $profile)) {
  New-Item -Path $profile -Type file -Force
}
''                                                        | Out-File -FilePath $profile -Append
'# Import PowerCLI modules'                               | Out-File -FilePath $profile -Append
'Get-Module -Name VMware* -ListAvailable | Import-Module' | Out-File -FilePath $profile -Append
notepad $profile

PowerCLI 6.0-6.3

if (! (Test-Path $profile)) {
    New-Item -Path $profile -Type file -Force
    'Add-PSSnapin VMware.VimAutomation.Core -ea "SilentlyContinue"' | Out-File -FilePath $profile -Append
    'Add-PSSnapin VMware.DeployAutomation -ea "SilentlyContinue"'   | Out-File -FilePath $profile -Append
    'Add-PSSnapin VMware.ImageBuilder -ea "SilentlyContinue"'       | Out-File -FilePath $profile -Append
    'Import-Module VMware.VimAutomation.Core'                       | Out-File -FilePath $profile -Append
    'Import-Module VMware.VimAutomation.Vds'                        | Out-File -FilePath $profile -Append
    'Import-Module VMware.VimAutomation.License'                    | Out-File -FilePath $profile -Append
}
notepad $profile

PowerCLI 5.5 and Below

if (! (Test-Path $profile)) {
    New-Item -Path $profile -Type file -Force
    'Add-PSSnapin VMware.VimAutomation.Core -ea "SilentlyContinue"'    | Out-File -FilePath $profile -Append
    'Add-PSSnapin VMware.VimAutomation.Vds -ea "SilentlyContinue"'     | Out-File -FilePath $profile -Append
    'Add-PSSnapin VMware.VimAutomation.License -ea "SilentlyContinue"' | Out-File -FilePath $profile -Append
    'Add-PSSnapin VMware.VimAutomation.Cloud -ea "SilentlyContinue"'   | Out-File -FilePath $profile -Append
    'Add-PSSnapin VMware.DeployAutomation -ea "SilentlyContinue"'      | Out-File -FilePath $profile -Append 
    'Add-PSSnapin VMware.ImageBuilder -ea "SilentlyContinue"'          | Out-File -FilePath $profile -Append
}
notepad $profile

Verify the profile contents are correct (this should preserve existing profiles, but check that new content didn’t merge at the end of the previous content). You can add any additional PoSH commands, such as aliases, to your profile, then save the file. Restart Powershell (ISE). Your startup will take a little longer now, but you end up with tab completion, intellitype AND PowerCLI. If you messed anything up, you should still have notepad open, just edit what’s needed and restart the PoSH shell till you get it right.