Configuration Manager Image documentation

Introduction

Puppeteers Configuration Manager is a Cloud image that provides an easy-to-use Puppet-based installer for trivially setting up Puppetserver with PuppetDB and Puppetboard. The installer can be used interactively or in fully automated fashion.

Security Group setup

The default security groups provided by AWS allow traffic to Puppetserver (tcp/8140) from RFC1918 private networks. In AWS and Azure access to Puppetboard (tcp/443) is allowed from anywhere to facilitate easy testing. Likevise SSH is allowed from anywhere. You may want to craft your own security groups to lock access down further.

Available installation scenarios

Currently three different scenarios are available:

  • Configuration manager: install vanilla puppetserver
  • Configuration manager with PuppetDB: install puppetserver with PuppetDB
  • Configuration Manager with puppetboard: install puppetserver with PuppetDB and puppetboard

All scenarios install r10k and hiera-eyaml. Hiera-eyaml keys are created automatically and placed to /etc/puppetlabs/puppet/eyaml/keys. Automatically deploying the production branch with r10k is possible, but is an advanced use-case.

Logging in to the instance

Our images are built on top of official Cloud images of various operating system vendors. Thus, to login to your new instance, use the username provided by the vendor:

  • AWS (Ubuntu 20.04): ubuntu
  • Azure (Ubuntu 20.04): azureuser

Setting the hostname

On production installations you should change the hostname of the instance so that the $::fqdn fact on your puppetserver resolves to something reasonable. On Ubuntu you can do that like this:

$ sudo -i
$ hostnamectl set-hostname puppet.example.org

Just replace puppet.example.org with your domain. Verify results with facter:

$ facter fqdn puppet.example.org

Interactive installation

Once you have logged in to the image launch the installer:

$ sudo -i
$ puppetmaster-installer -i

The installer provides multiple installation scenarios you can choose from, but the installer will be locked to the scenario you choose. You may want to define PuppetDB and Puppetboard passwords, but if you don't, random passwords will be created for you. All other options are optional.

Once the installer finishes you will have a functional Puppetmaster server listening on TCP port 8140. If you chose to install Puppetboard, it will be available at https://<server-url>/puppetboard. The username and password for Puppetboard will be displayed at the end of the install. Puppetboard is configured to use automatically created snakeoil SSL certificate, so you will get a browser warning the first time you login.

Automated installation

It is possible to fully automate Configuration manager installation by providing all the parameters directly on the command-line:

$ sudo -i
$ /usr/share/puppetmaster-installer/bin/puppetmaster-installer\
 --scenario puppetserver-with-puppetboard\
 --puppetmaster-puppetboard-puppetdb-database-password='pass'\
 --puppetmaster-puppetboard-timezone='Europe/Helsinki'

The scenario name can currently be one of these:

  • puppetserver
  • puppetserver-with-puppetdb
  • puppetserver-with-puppetboard

The command-line parameters map almost directly to Puppet class variables, in this case $::puppetmaster::puppetboard::puppetdb_database_password and $::puppetmaster::puppetboard::timezone.

Another way to automate installation is to place a preconfigured answer file to /usr/share/puppetmaster-installer/config/installer-scenarios.d. Usually you would run the installer interactively once to get a working answer file, then use that answer file later to automate the installation later. The answer file name must match the scenario name, e.g. with scenario puppetserver you would use answer file puppetserver-answers.yaml. Then you would just run

$ sudo -i
$ puppetmaster-installer --scenario puppetserver

Note that when doing automatic installations passwords are not created automatically, so they need to be explicitly set. The same goes with sanity checking of other parameters: they need to be correctly or installation may fail unexpectedly.

Automated deployment using EC2 user_data is known to fail, but using SSH (e.g. Terraform or Vagrant provisioners) will work.

Rerunning the installer to change configuration

The installer caches your previous settings. If you run the installer again, you can change your answers as required and run the installer again. In general this is supported, but there may be cases where the results are unexpected.

Note that changing installer scenarios later is not supported. It may work, but can produce unintended side-effects, especially if switching from a more complex scenario to a simpler one. If all your code is in a control repository then we recommend actually building a new server than trying to switch to a different installer scenario later.

If you are sure you wish to install a different scenario later on the same instance, you can do so by removing the file /usr/share/puppetmaster-installer/config/installer-scenarios.d/last_scenario.yaml and rerunning the installer.

Contact and support

Please see our support page.

menucross-circle