Initiation à Puppet (Configuration : Editeurs – SSH – Apache)

Introduction

Ce tuto permet de configurer les services Apache2, SSH et d’installer des paquets et en supprimer (exemple les éditeurs) via Puppet.

Bien regarder ou les commandes sont exécutées : puppetmaster ou workstation

Fixer les adresses IP

VM 1

root@SRV-DEBIAN:~# nano /etc/network/interfaces

# The primary network interface 
allow-hotplug eth0 iface eth0 inet static
address 192.168.33.162
netmask 255.255.255.0 
gateway 192.168.33.2  

allow-hotplug eth1 
iface eth1 inet static
address 172.17.2.2
netmask 255.255.255.0 

VM 2

root@SRV-DEBIAN:~# nano /etc/network/interfaces

# The primary network interface 
allow-hotplug eth0 iface eth0 inet static
address 192.168.33.100
netmask 255.255.255.0 
gateway 192.168.33.2  

allow-hotplug eth1 
iface eth1 inet static
address 172.17.2.3
netmask 255.255.255.0 

Changeons les noms

root@SRV-DEBIAN:~# echo "puppetmaster" > /etc/hostname 
root@SRV-DEBIAN:~# /etc/init.d/hostname.sh  
root@SRV-DEBIAN:~# echo "workstation" > /etc/hostname 
root@SRV-DEBIAN:~# /etc/init.d/hostname.sh 

Configuration DNS

Installation du serveur DNS

root@puppetmaster:~# apt-get install bind9

Configuration du Forwarder

root@puppetmaster:~# cd /etc/bind/ 
root@puppetmaster:/etc/bind# nano named.conf.options          

// the all-0's placeholder.  
        forwarders {
                 8.8.8.8;
          };  
root@puppetmaster:/etc/bind# service bind9 restart 

Modifier les serveurs DNS sur vos VM

root@puppetmaster:/etc/bind# apt-get install resolvconf 
root@puppetmaster:~# nano /etc/resolvconf/resolv.conf.d/base  

domain utopia.net 
search utopia.net 
nameserver 172.17.2.2 

root@puppetmaster:~# reboot 

root@workstation:~# apt-get install resolvconf 
root@workstation:~# nano /etc/resolvconf/resolv.conf.d/base  

domain utopia.net 
search utopia.net 
nameserver 172.17.2.2 

root@workstation:~# reboot 

Créer une nouvelle zone DNS

root@puppetmaster:/etc/bind# nano named.conf.default-zones  

zone "utopia.net" {
         type master;
         file "/etc/bind/db.utopia.net";
 };
  
root@puppetmaster:/etc/bind# cp db.local db.utopia.net 
root@puppetmaster:/etc/bind# nano db.utopia.net

 ; ; BIND data file for local loopback interface
 ; $TTL    604800
 @       IN      SOA     ns.utopia.net. root.utopia.net.(                               2         ; Serial
                          604800         ; Refresh                           86400         ; Retry
                         2419200         ; Expire
                          604800 )       ; Negative Cache TTL 
;
@       IN      NS      ns.utopia.net. 
ns      IN      A       172.17.2.2 
puppetmaster    IN      A       172.17.2.2 
workstation     IN      A       172.17.2.3 
www       IN        A        192.168.33.100 

root@puppetmaster:/etc/bind# service bind9 restart
[....] Stopping domain name service...: bind9waiting for pid 3366 to die . ok 
[ ok ] Starting domain name service...: bind9. 

Test

root@puppetmaster:/etc/bind# ping workstation.utopia.net -c2 
PING workstation.utopia.net (172.17.2.3) 56(84) bytes of data. 
64 bytes from 172.17.2.3: icmp_req=1 ttl=64 time=0.383 ms 
64 bytes from 172.17.2.3: icmp_req=2 ttl=64 time=0.647 ms 

root@workstation:~# ping puppetmaster.utopia.net -c2 
PING puppetmaster.utopia.net (172.17.2.2) 56(84) bytes of data. 
64 bytes from 172.17.2.2: icmp_req=1 ttl=64 time=0.241 ms 
64 bytes from 172.17.2.2: icmp_req=2 ttl=64 time=0.479 ms 

Configuration de Puppet

Installation de Puppet

root@workstation:~# apt-get install puppet 
root@workstation:~# nano /etc/puppet/puppet.conf 

[main]
server=puppetmaster.utopia.net 

root@puppetmaster:/etc/bind# apt-get install puppetmaster 

root@workstation:~# puppetd --test --waitforcert 60 
notice: Did not receive certificate 
root@puppetmaster:~# puppetca --list   
"workstation.utopia.net" (F2:41:3D:A0:CB:7A:C5:47:A2:B8:48:86:DA:BD:D0:FD) 
root@puppetmaster:~# puppetca --sign workstation.utopia.net 
notice: Signed certificate request for workstation.utopia.net notice: Removing file Puppet::SSL::CertificateRequest workstation.utopia.net at '/var/lib/puppet/ssl/ca/requests/workstation.utopia.net.pem' 

Activer Puppet

root@workstation:~# echo "START=yes" > /etc/default/puppet 
root@workstation:~# service puppet start 
[ ok ] Starting puppet agent. 

Activer le transfert de fichier puppet

root@puppetmaster:/# nano /etc/puppet/manifests/site.pp  
filebucket { 'main': server => 'puppetmaster.utopia.net' }
File { backup => 'main' }  
import "nodes" 

Créer l’arborescence des répertoires

root@puppetmaster:/# cd /etc/puppet/modules/ 
root@puppetmaster:/etc/puppet/modules# mkdir -p {editor,sshdconfig,apache}/{manifests,files,templates} 

Configuration d’Editeurs

root@puppetmaster:~# nano /etc/puppet/modules/editor/manifests/init.pp  
class editor {  
        package {
                 "vim":
                        ensure => installed
              }  
        package {
                 "nano":
                        ensure => absent
                 }  
        package {
                 "curl":
                        ensure => installed
              }  
} 

Déclaration des Nodes et affectation des class

root@puppetmaster:/etc/puppet/modules# nano /etc/puppet/manifests/nodes.pp  

node 'basenode' {
include editor
 }  
node 'workstation.utopia.net' inherits 'basenode' {
 } 

Configuration de SSH

root@puppetmaster:~# nano /etc/puppet/modules/sshdconfig/manifests/init.pp
  
class sshdconfig {
         sshd_config{ puppet: listenaddress => $ipaddress } 

package {
                 "openssh-server":
                         ensure => latest
                 }
 }  

define sshd_config($listenaddress) {
         file         
{ "/etc/ssh/sshd_config":
                 path    => "/etc/ssh/sshd_config",
                 owner   => root,
                 group   => root,
                 mode    => 444,
                 content => template("sshdconfig/sshd_config.erb"),
                 notify  => Service[ssh],
         }  
        service         
{ ssh:
                 ensure  => running
         }
 } 

Créer le template de SSH

root@puppetmaster:~# nano /etc/puppet/modules/sshdconfig/templates/sshd_config.erb  

Port 2222 
Protocol 2 
PermitRootLogin yes 
PasswordAuthentication yes 
X11Forwarding yes 
Banner /etc/motd

Ajouter SSH sur le node workstation

root@puppetmaster:/# nano /etc/puppet/manifests/nodes.pp 

node 'basenode' {
 include editor 
}  
node 'workstation.utopia.net' inherits 'basenode' {
 include sshdconfig 
}  

root@puppetmaster:/# service puppetmaster restart 
[ ok ] Restarting puppet master. 

Tester votre configuration

root@workstation:/etc/puppet/templates# puppetd --test
root@puppetmaster:~# ssh -p 2222 root@workstation.utopia.net
 
The authenticity of host '[workstation.utopia.net]:2222 ([172.17.2.3]:2222)' can't be established. 
ECDSA key fingerprint is 3f:2f:bf:98:26:ae:59:8f:69:62:9b:cb:c5:89:77:41. 
Are you sure you want to continue connecting (yes/no)? yes 

Warning: Permanently added '[workstation.utopia.net]:2222,[172.17.2.3]:2222' (ECDSA) to the list of known hosts. 
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. 

root@workstation:~# logout 
Connection to workstation.utopia.net closed. 

root@puppetmaster:~# 

Configuration d’Apache

root@puppetmaster:~# nano /etc/puppet/modules/apache/manifests/init.pp  

class apache {
  
        
case $operatingsystem {
                                    debian, ubuntu: { $apache_name = 'apache2'}
                                    fedora, redhat: { $apache_name = 'httpd' }                               }  
        
package {
                 "apache":
                         name => $apache_name,
                         ensure => latest
                 }
  
        
service {
                 "apache":
                         name => $apache_name,
                         ensure => running,
                         enable => true,
                         hasstatus => true,
                         hasrestart => true,
                         require => Package[$apache_name]
                 }
  
        
file    { "/etc/apache2/sites-available/default":

                         owner => root,
                         group => root,
                         mode => 644,
                         content => template("apache/default.erb"),
                         notify => Service[$apache_name],
                         require => Package[$apache_name]
                 }  
         
file   { "/etc/apache2/sites-enabled/default":

                        ensure => link,
                        target => '/etc/apache2/sites-available/default'
                 }  

Création du template pour apache

root@puppetmaster:~# nano /etc/puppet/modules/apache/templates/default.erb

<VirtualHost <%= ipaddress_eth0 %>:80>
         ServerAdmin webmaster@localhost
         Servername www.utopia.net
         DocumentRoot /var/www/utopia.net
         ErrorLog /var/log/apache2/error.log
         LogLevel warn
         CustomLog /var/log/apache2/access.log combined
 </VirtualHost>  

Créer le répertoire utopia.net et le Index.html

root@workstation:~# mkdir -p /var/www/utopia.net 
root@workstation:~# vim /var/www/utopia.net/index.html
<html> 
<body> 
<h1>Welcome to Utopia.net</h1> 
</body> 
</html>

Affecter la configuration d’Apache sur le node Workstation

root@puppetmaster:/# nano /etc/puppet/manifests/nodes.pp  

node basenode {
 include editor 
}  

node workstation.utopia.net inherits basenode {
include ssh 
include apache 
}

Redémarrer le service puppetmaster

root@puppetmaster:~# service puppetmaster restart 

Tester la Configuration

root@workstation:~# puppetd --test 

Naviguer sur la page http://www.utopia.net

root@workstation:~# curl http://www.utopia.net 

<html> 
<body> 
<h1>Welcome to Utopia.net</h1> 
</body> 
</html>
Publicités