Friday, November 12, 2010

Automation with Foreman and Puppet

This post will tell you how I setup Puppet and Foreman on CentOS 5.5. First a quick overview of the tools, Foreman is a front end to puppet it also provides remote install capabilities. One of its goals is to provide a way to rebuild your machine from scratch, starting with a kickstart file (in the case of CentOS) and ending with a functioning machine. Puppet is a configuration management utility. It allows you to apply configuration changes data center wide in a consistent matter, even in a heterogeneous environment.

The Install
Install is a snap, it is all done through RPM's. You need to add the EPEL Repo (how to add EPEL to cent OS) Then download puppet and the puppet server otherwise known as the puppetmaster.

First we will install some dependencies. So that puppet will store data in the database.
yum install mysql mysql-server mysql-devel ruby-mysql rubygem-activerecord


Then install the puppet client and server.
yum install puppet puppet-server


Next lets install Foreman. The easiest way to do this it to let puppet do it for us. Puppet will download the foreman repository and install the Foreman rpm for you as well as do some initial configuration for us.

wget --no-check-certificate http://github.com/ohadlevy/puppet-foreman/tarball/master
tar zxf ohadlevy-puppet-foreman-65d19d4.tar.gz
echo include foreman | puppet --verbose --modulepath /path_to/extracted_tarball


Once you do that Puppet and Foreman are installed, that was easy. Now lets do some additional configuration.

Initial Configuration
One of the first things to get setup is DNS. You will want to create at least 2 entries in your DNS. One entry should be for the host name puppet this could be an A record or a CNAME. The other entry for the host name foreman again could be an A record or a CNAME. Having these two exact host names will save lots of headache.

Make sure your firewall has tcp port 3000 and tcp port 8140 open. Foreman runs on port 3000 and the puppet server uses 8140.

You will also want to enable logging. Edit /etc/sysconfig/puppet and uncomment the PUPPET_LOG parameter.
# Where to log to. Specify syslog to send log messages to the system log.
PUPPET_LOG=/var/log/puppet/puppet.log


Now let's configure a basic puppet server and client.

Start by editing the puppet.conf file
vi /etc/puppet/puppet.conf


Under the [puppetd] section add reporting for puppet
# Enable reporting
report = true


Then add a section for the puppet server at the bottom of the file
[puppetmasterd]
storeconfigs = true
dbadapter = mysql
dbuser = puppet
dbpassword = SuperSecretPassword
dbserver = localhost
dbsocket = /var/lib/mysql/mysql.sock
downcasefacts = true
rrddir=/var/lib/puppet/rrd
rrdinterval=$runinterval
rrdgraph=true
reports=log, foreman


Now lets create a database. Make sure that MySQL is running and then log in
[root@puppet ~]# mysql -u root -p
mysql> CREATE DATABASE puppet;
mysql> GRANT ALL ON puppet.* TO puppet@localhost IDENTIFIED BY 'SuperSecretPassword';
mysql> quit


Let's configure Foreman to talk to the mysql database. Edit /etc/foreman/database.yml and remove the sqlite stuff. Then add the mysql stuff.
production:
adapter: mysql
database: puppet
username: puppet
password: SuperSecretPassword
host: localhost
socket: "/var/lib/mysql/mysql.sock"


Initialize the database.
cd /usr/share/foreman/
RAILS_ENV=production rake db:migrate


Let's do some final configuration on Foreman. Edit /etc/foreman/settings.yaml
# Added to force login
:login: true


Make sure everything starts on boot:
chkconfig puppet on 235
chkconfig puppetmaster on 235
chkconfig foreman on 235
chkconfig mysql on 235


Then restart foreman and visit http://foreman:3000 you will be prompted to login. The default user name is admin and the password is changeme.

You now have a working Puppet and Foreman install. There is much left to learn but this is a good start. Questions? Leave me a comment.

Sunday, October 24, 2010

Ethernet Cable Color Code

In troubleshooting user network issues I always start off with the physical layer. About 80% of the time that is the issue with the users network the other 20% is typical caused by malware or viruses.

Since the physical layer is so important I figured I would spend some time discussing some tips and tricks that I have picked up over the years.

First gather the required tools:
  1. Ethernet Crimper
  2. Wire Stripper
And you may want some optional tools like an Ethernet cable tester or possibly a cable verifer
if you need to make sure a wire is good.

Most good Ethernet crimpers come with a built in stripper, which works fine if you are just doing a few. However if you plan on doing more than a few you are going to want a dedicated stripper. I prefer one that is spring loaded like this one.

A few other tricks to use is get a EZ-RJ45 crimp tool
and EZ-RJ45 connectors. The EZ-jacks allow for good crimps even for beginners.

Now for the actual cable making. The Ethernet pin out for the T-568B (aka straight through) cable is the most common type of cable I make. With auto sensing switches, I rarely have to make T-568A (aka cross-over) cables any longer. The actual process is easy just separate the wires as shown in the diagram below. Put them in the the actual jack and proceed to crimp them, then test. 


Easy right? Leave me a comment if I missed anything.

Wednesday, October 20, 2010

Welcome to Admin Knowledge

Welcome to Admin Knowledge a blog that discusses the trials and tribulations of a Linux systems administrator. I hope to use this blog as something that others learn from as well as myself.