Tuesday, July 21, 2015

Change the strings

To expand puppet farther, we should look at some basics and get a better understanding of things.
Out of the box puppet lets you do some fun things, but its reporting and monitoring is a bit lacking unless you buy Puppet Enterprise
So yes there are other ways to get reporting, these are just the ways I found in 2015 to get some insite into things and it starts here.

Start with I am on Ubuntu systems, so that might be a factor, but just replace the apt-get with yummy install.

Let's start by making the basic assumption that your puppet server is not a shared resource server, or this will end badly. Ok not this step but any future steps would.

Let's do the simple install of them from the pre-existing repo you used to install puppetmaster.



root@puppet02:~# sudo apt-get install puppetdb puppetdb-terminus 


The first thing you want to do after the install is change the heap size. This is in /etc/default/puppetdb


# Modify this if you'd like to change the memory allocation, enable JMX, etc
JAVA_ARGS="-Xmx192m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -Djava.security.egd=file:/dev/urandom"

You want to make the -Xmx192m to at least 1GB for under 100 servers


# Modify this if you'd like to change the memory allocation, enable JMX, etc
JAVA_ARGS="-Xmx1024m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -Djava.security.egd=file:/dev/urandom"

Next is tying it to puppetmaster so create the file /etc/puppet/puppetdb.conf  and add


[main]
server = puppetdb.example.com
port = 8081
soft_write_failure = false

Next you want puppet to be able to know where to put the confis and the reports so lets tell it in the /etc/puppet/puppet.conf
I add these lines under the [master] section


storeconfigs = true
storeconfigs_backen = puppetdb
reports = store,puppetdb

Next we add the routes so it knows where to look, the default location is /etc/puppet/routes.yaml so im putting it there


---
master:
  facts:
    terminus: puppetdb
    cache: yaml


In the offical instructions it says to verify permissions, so lets do that


root@puppet02:~# sudo chown -R puppet:puppet /etc/puppet 

 Next step is to allow the connections to the /etc/puppetdb/conf.d/jetty.ini
My config is below, I have only added the line host = 0.0.0.0


[jetty]
# IP address or hostname to listen for clear-text HTTP. To avoid resolution
# issues, IP addresses are recommended over hostnames.
# Default is `localhost`.
# host = <host>
host = 0.0.0.0
# Port to listen on for clear-text HTTP.
port = 8080


# The following are SSL specific settings. They can be configured
# automatically with the tool `puppetdb ssl-setup`, which is normally
# ran during package installation.

# IP address to listen on for HTTPS connections. Hostnames can also be used
# but are not recommended to avoid DNS resolution issues. To listen on all
# interfaces, use `0.0.0.0`.
ssl-host = 0.0.0.0

# The port to listen on for HTTPS connections
ssl-port = 8081

# Private key path
ssl-key = /etc/puppetdb/ssl/private.pem

# Public certificate path
ssl-cert = /etc/puppetdb/ssl/public.pem

# Certificate authority path
ssl-ca-cert = /etc/puppetdb/ssl/ca.pem


Now we want to make sure the certificates are valid. So lets do a puppetdb ssl-setup


root@puppet02:~# puppetdb ssl-setup -f 
PEM files in /etc/puppetdb/ssl already exists, checking integrity.
Overwriting existing PEM files due to -f flag
Copying files: /var/lib/puppet/ssl/certs/ca.pem, /var/lib/puppet/ssl/private_keys/puppet2.velcrohurts.com.pem and /var/lib/puppet/ssl/certs/puppet2.velcrohurts.com.pem to /etc/puppetdb/ssl
Setting ssl-host in /etc/puppetdb/conf.d/jetty.ini already correct.
Setting ssl-port in /etc/puppetdb/conf.d/jetty.ini already correct.
Setting ssl-key in /etc/puppetdb/conf.d/jetty.ini already correct.
Setting ssl-cert in /etc/puppetdb/conf.d/jetty.ini already correct.
Setting ssl-ca-cert in /etc/puppetdb/conf.d/jetty.ini already correct.


Then we should be able to restart the puppetmaster service and the puppetdb service
We know it works when the /var/log/puppetdb/puppetdb.log is tailed and it shows the connections
and if everything works right, we should have the output of


2015-07-17 15:21:58,104 INFO  [o.e.j.s.h.ContextHandler] Started o.e.j.s.h.ContextHandler@788953f5{/,null,AVAILABLE}
2015-07-17 15:21:58,120 INFO  [c.p.p.c.services] Starting sweep of stale reports (threshold: 14 days)
2015-07-17 15:21:58,161 INFO  [c.p.p.c.services] Finished sweep of stale reports (threshold: 14 days)
2015-07-17 15:21:58,162 INFO  [c.p.p.c.services] Starting database garbage collection
2015-07-17 15:21:58,250 INFO  [c.p.p.c.services] Finished database garbage collection