Puppet exercise

Objective

Have a system installed with a MySQL database, Apache webserver

Steps

I’ve installed a new server, which is a minimal install of CentOS 7.3. No additional actions.

Update the system to last patch level:

[root@jdcvm252 ~]# yum -y update && reboot

Install epel-support:

[root@jdcvm252 ~]# yum -y install epel-release

Install the puppet package:

[root@jdcvm252 ~]# yum -y install puppet

Set the puppet master in the puppet config and enable the puppet service:

[root@jdcvm252 ~]# echo “server = skadi.doubtfull.snd” >> /etc/puppet/puppet.conf [root@jdcvm252 ~]# systemctl start puppet.service [root@jdcvm252 ~]# systemctl enable puppet.service

Login on the puppet master as root

[root@master ~]# puppet cert list
  "vm252.doubtfull.snd" (SHA256) 1D:33:C1:5A:FF:21:6F:7A:BA:27:E3:86:0E:B4:19:84:DB:24:1E:F4:88:94:93:15:68:70:C1:78:AC:E0:E7:8A
[root@master ~]# puppet cert sign "vm252.doubtfull.snd"
Notice: Signed certificate request for vm252.doubtfull.snd
Notice: Removing file Puppet::SSL::CertificateRequest vm252.doubtfull.snd at '/var/lib/puppet/ssl/ca/requests/vm252.doubtfull.snd.pem'

Install the epel module.

[root@master ~]# puppet module install stahnma-epel --version 1.2.2

Add the following to /etc/puppet/manifests/site.pp:

node 'vm252.doubtfull.snd' {

  include epel

}

Installed the puppetlabs-mysql module:

[root@home ~]# puppet module install puppetlabs-mysql --version 3.11.0
Notice: Preparing to install into /etc/puppet/modules ...
Notice: Module puppetlabs-mysql 3.11.0 is already installed.

Note

The module ends up in /etc/puppet/modules/mysql/

Add mysql database
node 'vm252.doubtfull.snd' {

  include epel
  class { '::mysql::server':
    root_password           => 'secret',
    remove_default_accounts => true,
  }

  mysql::db { 'mydb':
    user     => 'myuser',
    password => 'mypass',
    host     => 'localhost',
    grant    => ['ALL'],
  }

}

This does the following:

  • Add the MySQL server
  • Add a database mydb
  • Create a user myuser with password mypass and ALL priviledges on mydb.
  • Created the /root/.my.cnf file.
Add the devops user
node 'vm252.doubtfull.snd' {

  include epel
  class { '::mysql::server':
    root_password           => 'secret',
    remove_default_accounts => true,
  }

  mysql::db { 'mydb':
    user     => 'myuser',
    password => 'mypass',
    host     => 'localhost',
    grant    => ['ALL'],
  }

  group { 'devops':
    ensure => 'present',
    gid    => '2048',
  }

  user { 'devops':
    ensure  => 'present',
    comment => 'devops',
    gid     => '2048',
    groups  => ['wheel', 'devops'],
    home    => '/home/devops',
    shell   => '/bin/bash',
    uid     => '2048',
    require => Group['devops'],
  }

  file { "/home/devops":
    ensure  => directory,
    owner   => 'devops',
    group   => 'devops',
    mode    => '700',
    require => [User['devops'], Group['devops']],
  }

  # Add authorized keys
  ssh_authorized_key { 'devops@vanzantvoort.org':
    ensure => present,
    user   => 'devops',
    type   => 'ssh-rsa',
    key    => 'AAAAB9ZzzZ9zz9ZZZZZZZZzZZ999/zzZ99ZzzZz ... z99zzZzZzz/ZZ9ZzZZZzz9Z9ZZ9Z',

  }

}

[root@home manifests]# puppet module install puppetlabs-ntp –version 6.2.0 Notice: Preparing to install into /etc/puppet/modules ... Notice: Downloading from https://forgeapi.puppetlabs.com ... Notice: Installing – do not interrupt ... /etc/puppet/modules └─┬ puppetlabs-ntp (v6.2.0)

└── puppetlabs-stdlib (v4.17.1)

Warning

this version was too new!!!

[root@home manifests]# puppet module list /etc/puppet/modules ├── echocat-nfs (v1.9.0) ├── puppet-staging (v2.2.0) ├── puppetlabs-concat (v2.2.1) ├── puppetlabs-mysql (v3.11.0) ├── puppetlabs-ntp (v6.2.0) ├── puppetlabs-stdlib (v4.17.1) └── stahnma-epel (v1.2.2) /usr/share/puppet/modules (no modules installed) [root@home manifests]# puppet module uninstall puppetlabs-ntp Notice: Preparing to uninstall ‘puppetlabs-ntp’ ... Removed ‘puppetlabs-ntp’ (v6.2.0) from /etc/puppet/modules

Installed module

[root@home ~]# puppet module install justinclayton-sudo --version 1.1.0
Add sudoers
diff --git a/site.pp b/site.pp
index b0151b8..6745c2c 100644
--- a/site.pp
+++ b/site.pp
@@ -65,4 +65,11 @@ node 'vm252.doubtfull.snd' {
     key    => 'AAAAB3Nz .....'
   }

+  # manage sudoers
+  include sudo
+
+  sudo::conf { 'devops':
+    content => 'devops ALL=(ALL) NOPASSWD: ALL',
+  }
+
 }

Warning

result was a broken sudoers file