Difference between revisions of "Puppet"
(→Discussions about Load Balancing) |
(→Discussions about Load Balancing) |
||
| Line 56: | Line 56: | ||
* [https://groups.google.com/forum/#!topic/puppet-users/CxHIGQ5zIxo how to scale puppet with F5 load balancer?] | * [https://groups.google.com/forum/#!topic/puppet-users/CxHIGQ5zIxo how to scale puppet with F5 load balancer?] | ||
* [https://docs.puppet.com/guides/scaling_multiple_masters.html Scaling Multiple Masters] | * [https://docs.puppet.com/guides/scaling_multiple_masters.html Scaling Multiple Masters] | ||
| + | * [https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=puppet%20fail%20over Google Search: Puppet Fail Over] | ||
[[Category:Puppet]] | [[Category:Puppet]] | ||
[[Category:Configuration Management]] | [[Category:Configuration Management]] | ||
Revision as of 21:20, 25 October 2016
Contents
Overview
Our environment is currently using Puppet v3.8.7 - Documentation
The current Puppet environment is running on a single instance server. We are not sure yet if we will stick with Puppet or switch to Ansible (or Ansible Tower), but in the mean time, it was decided that making the existing Puppet environment more resilient would be a good idea.
There is a group of Puppet clients that need to be upgraded before we can point them to the new Puppet Master.
Autosigning appears to be enabled on the new Puppet Master. I think we might want to adjust this at some point. It's considered insecure to enable naive auto-signing : documentation. Currently, the autosign.conf file contains "*" which I understand to mean that EVERYONE is allowed to have their CSR auto-signed.
Packages Installed
- puppetlabs-release, 7-12
- puppet-server, 3.8.7-1.el7
- puppet, 3.8.7-el7
Useful Documentation Pages
Tutorials from the Web
- Connecting clients to a Puppet Master
- Configuration Management 101 - Writing Puppet Manifests
- Migrating Puppet clients to new Puppet Master
- Automated migration of systems to a new puppet master server
- Discussion about firewall ports needed for Puppet clients to talk to Puppet Master
- Puppet 4 Tutorial
- YouTube: Puppet Configuration Tutorial | Server Configuration with Puppet | Puppet Configuration in Linux
- YouTube: Puppet Tutorial for Beginners Part -1 | Puppet DevOps Tutorial | DevOps Tools | Edureka
- YouTube: Installing The Puppet Configuration Management Server
Things to remember
- RITM1393607 - Server Request for a fail over for the Puppet environment.
- TASK1852223 - Requested access to the current Puppet server
Process Thoughts
- Determine which Firewall ports need to be opened to the new Puppet server (Google Group)
- Submit change request for firewall ports.
- Determine how to migrate older puppet clients to the new Puppet server (article)
- Submit change request for puppet migration.
SSL Configuration
SSL & Certificate Documentation
- Using an External CA
- Using an External CA With Puppet Server
- External SSL Termination With Puppet Server
- Configuring Autosigning
- CSR Attributes and Certificate Extensions
- Regenerating All Certificates in a Deployment
