Tags:
tag this topic
create new tag
view all tags
<!-- keep this as a security measure: * Set ALLOWTOPICCHANGE = Main.TWikiAdminGroup,Main.LCGAdminGroup * Set ALLOWTOPICRENAME = Main.TWikiAdminGroup,Main.LCGAdminGroup #uncomment this if you want the page only be viewable by the internal people #* Set ALLOWTOPICVIEW = Main.TWikiAdminGroup,Main.LCGAdminGroup --> ---+ Foreman Setup (before puppet) * First, open the instructions from here: http://theforeman.org/manuals/1.1/index.html * Start with a fresh install of SL6 <verbatim># Configure root authorized_keys # Configure iptables to close SSH to the world # yum update # Disable nightly yum upgrades: sed 's/ENABLED=.*/ENABLED="false"/' -i /etc/sysconfig/yum-autoupdate # Disable selinux # reboot</verbatim> At this point, check the Installation manual, some things may have changed: http://theforeman.org/manuals/1.1/index.html#3.InstallingForeman * Enable epel/epel-testing repos: =rpm -Uvh= http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm * Enable puppetlabs repo: =rpm -Uvh= http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-6.noarch.rpm * Enable foreman repo: =rpm -Uvh= http://yum.theforeman.org/releases/1.1/el6/x86_64/foreman-release-1.1stable-3.el6.noarch.rpm * Install puppet client =yum install puppet= * Install foreman installer =yum install foreman-installer= And run the installer <verbatim>ruby /usr/share/foreman-installer/generate_answers.rb</verbatim> After Foreman has been installed, configure the firewall to allow ports 443 and 22 to the office, and 80, 8443, 8140 and 69 (udp) for the cluster network only. You should be able to connect to https://foreman.lcg.cscs.ch Then you need to configure Foreman. There is plenty of documentation, but one needs to understand its parts. * Change the password (admin/changeme) * Basic Foreman installation: http://www.youtube.com/watch?v=2dwyzPpFJYQ * Setting up provisioning: http://www.youtube.com/watch?v=eHjpZr3GB6s * Watch out for your proxies. You probably don't want to start the DHCP proxy (disabled by default, anyway), but rather configure it yourself and enable the proxy in /etc/foreman-proxy/settings.yml (needs a service foreman-proxy restart). Then the proxy saves its configuration in the dhcpd.leases file, instead of the dhcpd.conf. Not a bad solution! * Check configuration values in /etc/foreman/settings.yaml: http://theforeman.org/manuals/1.1/index.html#3.5.2ConfigurationOptions * Add the correct mail relay server (smtp.cscs.) to /etc/foreman/email.yaml * Enable puppetrun (for puppet>3.0, where puppetrun is not available, they use puppet kick). Instructions here: http://projects.theforeman.org/projects/foreman/wiki/Puppetrun * Restart foreman after changing those values (service foreman restart) In order to understand how Foreman acts as an ENC (external node classifier), read this: http://theforeman.org/manuals/1.1/index.html#4.2ManagingPuppet ---+ Puppet configuration ---++ Module standards Modules should be written according to some standards: * There should be a main class, with parameters, and good default values (Generic vs CSCS?). Puppet does an automatic Hiera search on every parameter (if not specified in the call) * Modules should have non-destructive behavior (for running jobs). If something destructive should be done, do it only when the "maintenance" fact is set to true, and return some kind of warning (to alert the sysadmin that there is some action pending) and/or raise a nagios alert (with messages like "service maintenance needed" or "machine reboot pending"). * Modules should provide their own monitoring (for nagios) * (for discussion) Modules should provide their own regression checks * Modules should be properly documented, and branches (prod/test) kept in good shape, by its maintainer. * Style guide: http://docs.puppetlabs.com/guides/style_guide.html ---++ Procedures * Collaborators would create their own development branch, modify, test, and propose the change to the maintainer. ---++ Module organization * GIT workflow and environments (inc hooks): https://puppetlabs.com/blog/git-workflow-and-puppet-environments/ * GIT Flow, a way to organize modules. Master=Production, Develop=Testing. http://nvie.com/posts/a-successful-git-branching-model * Installing modules from the forge: http://docs.puppetlabs.com/puppet/2.7/reference/modules_installing.html#installing-from-another-module-repository * Librarian puppet: http://blog.csanchez.org/2013/01/24/managing-puppet-modules-with-librarian-puppet/ * Other options (librarian, git submodules, etc.) with an alternative proposal (r10k): http://somethingsinistral.net/blog/scaling-puppet-environment-deployment/ * Great documentation about Git branching (and other topics on Git): http://git-scm.com/book/en/Git-Branching-Branch-Management Other: * Git with submodules (not recommended!): http://blog.thesilentpenguin.com/blog/2012/02/21/puppet-with-git-submodules-for-fun-and-profit/ * Puppet Training videos from PuppetConf: http://puppetconf.com/blog/watch-and-learn-puppetconf-2012-videos/ ---+ Obsolete This is (for now) just notes for reference. * Start with a fresh install of SL6. * Enable epel/epel-testing repos: =rpm -i http://download.fedora.redhat.com/pub/epel/6/x86_64/epel-release-6-5.noarch.rpm= * Install puppet-server: =yum install puppet-server --enablerepo=epel-testing,epel= * Enable puppet repo (for utils): <verbatim>cat > /etc/yum.repos.d/puppetlabs.repo << EOF [puppetlabs] name=Puppet Labs Packages baseurl=http://yum.puppetlabs.com/base/ enabled=0 gpgcheck=1 gpgkey=http://yum.puppetlabs.com/RPM-GPG-KEY-reductive EOF yum install mcollective puppet-dashboard --enablerepo=puppetlabs,epel</verbatim> * Download foreman <verbatim>cat > /etc/yum.repos.d/foreman.repo << EOF [foreman] name=Foreman Repo baseurl=http://yum.theforeman.org/stable gpgcheck=0 enabled=0 EOF yum install foreman --enablerepo=foreman</verbatim> Then we need to configure what we've installed. I found a nice debian howto here, need to adapt a bit to rhel6. https://host1.no/blog/puppet/how-to-install-puppet-and-puppet-dashboard/ -- Main.PabloFernandez - 2011-08-25
E
dit
|
A
ttach
|
Watch
|
P
rint version
|
H
istory
: r9
<
r8
<
r7
<
r6
<
r5
|
B
acklinks
|
V
iew topic
|
Ra
w
edit
|
M
ore topic actions
Topic revision: r9 - 2013-06-12
-
PabloFernandez
LCGTier2
Log In
(Topic)
LCGTier2 Web
Create New Topic
Index
Search
Changes
Notifications
Statistics
Preferences
Users
Entry point / Contact
RoadMap
ATLAS Pages
CMS Pages
CMS User Howto
CHIPP CB
Outreach
Technical
Cluster details
Services
Hardware and OS
Tools & Tips
Monitoring
Logs
Maintenances
Meetings
Tests
Issues
Blog
Home
Site map
CmsTier3 web
LCGTier2 web
PhaseC web
Main web
Sandbox web
TWiki web
LCGTier2 Web
Users
Groups
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
P
View
Raw View
Print version
Find backlinks
History
More topic actions
Edit
Raw edit
Attach file or image
Edit topic preference settings
Set new parent
More topic actions
Warning: Can't find topic "".""
Account
Log In
E
dit
A
ttach
Copyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki?
Send feedback