The puppetlabs/puppetdb module does a great job of installing PuppetDB and getting you running quickly. Unfortunately, it also obscures a lot of the configuration details. In the enterprise, you'll need to know how all the parts fit together. We will now install PuppetDB manually using the following five steps:
- Install Puppet and PuppetDB.
- Install and configure PostgreSQL.
- Configure PuppetDB to use PostgreSQL.
- Start PuppetDB and open firewall ports.
- Configure the Puppet master to use PuppetDB.
To manually install PuppetDB, start with a fresh machine and install the puppetlabs-pc1 repository, as in previous examples. We'll call this new server puppetdb-manual.example.com to differentiate it from our automatically installed PuppetDB instance (puppetdb.example.com).
Install Puppet, do a Puppet agent run using the following command to generate certificates, and sign them on the master as we did when we used the puppetlabs/puppetdb module. Alternatively, use puppet certificate generate as we did in previous chapters:
[root@puppetdb-manual ~]# yum -y install http://yum.puppetlabs.com/puppetlabs-release-pc1-el-6.noarch.rpm [root@puppetdb-manual ~]# yum install puppet-agent [root@puppetdb-manual ~]# puppet agent -t
Sign the certificate on the master as follows:
[root@stand ~]# puppet cert list "puppetdb-manual.example.com" (SHA256) 90:5E:9B:D5:28:50:E0:43:82:F4:F5:D9:21:0D:C3:82:1B:7F:4D:BB:DC:C0:E5:ED:A1:EB:24:85:3C:01:F4:AC [root@stand ~]# puppet cert sign puppetdb-manual.example.com Notice: Signed certificate request for puppetdb-manual.example.com Notice: Removing file Puppet::SSL::CertificateRequestpuppetdb-manual.example.com at '/etc/puppetlabs/puppet/ssl/ca/requests/puppetdb-manual.example.com.pem'
Back on puppetdb-manual, install puppetdb as follows:
[root@puppetdb-manual ~]# yum -q -y install puppetdb
If you already have an enterprise PostgreSQL server configured, you can simply point PuppetDB at that instance. PuppetDB 3.2 only supports PostgreSQL versions 9.4 and higher. To install PostgreSQL, install the postgresql-server package and initialize the database as follows:
[root@puppetdb-manual ~]# yum install http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/pgdg-redhat94-9.4-2.noarch.rpm -q -y [root@puppetdb-manual ~]# yum -q -y install postgresql94-server [root@puppetdb-manual ~]# postgresql-setup initdb Initializing database ... OK [root@puppetdb-manual ~]# systemctl start postgresql-9.4
Next create the puppetdb database (allowing the puppetdb user to access that database) as follows:
[root@puppetdb-manual ~]# sudo -iu postgres $ createuser -DRSP puppetdb Enter password for new role: PacktPub Enter it again: PacktPub $ createdb -E UTF8 -O puppetdb puppetdb
Allow PuppetDB to connect to the PostgreSQL server using md5 on the localhost since we'll keep PuppetDB and the PostgreSQL server on the same machine (puppetdb-manual.example.com).
Edit /var/lib/pgsql/9.4/data/pg_hba.conf and add the following:
local puppetdb puppetdb md5 host puppetdb puppetdb 127.0.0.1/32 md5 host puppetdb puppetdb ::1/128 md5
Restart PostgreSQL and test connectivity as follows:
[root@puppetdb-manual ~]# systemctl restart postgresql-9.4 [root@puppetdb-manual ~]# psql -h localhost puppetdb puppetdb Password for user puppetdb: PacktPub psql (9.4.5) Type "help" for help. puppetdb=> d No relations found. puppetdb=> q
Now that we've verified that PostgreSQL is working, we need to configure PuppetDB to use PostgreSQL.
Locate the database.ini file in /etc/puppetlabs/puppetdb/conf.d and replace it with the following code snippet:
[database] classname = org.postgresql.Driver subprotocol = postgresql subname = //localhost:5432/puppetdb username = puppetdb password = PacktPub
If it's not present in your file, configure automatic tasks of PuppetDB such as garbage collection (gc-interval), as shown in the following code. PuppetDB will remove stale nodes every 60 minutes. For more information on the other settings, refer to the Puppet Labs documentation at http://docs.puppetlabs.com/puppetdb/latest/configure.html:
gc-interval = 60 log-slow-statements = 10 report-ttl = 14d syntax_pgs = true conn-keep-alive = 45 node-ttl = 0s conn-lifetime = 0 node-purge-ttl = 0s conn-max-age = 60
Start PuppetDB using the following command:
[root@puppetdb_manual ~]# systemctl start puppetdb
Perform the following steps to configure Puppet to use PuppetDB.
To use PuppetDB, the worker will need the puppetdb node terminus package; we'll install that first by using the following command:
# yum -y install puppetdb-termini
Create /etc/puppetlabs/puppet/puppetdb.conf and point PuppetDB at puppetdb-manual.example.com:
[main] server_urls = https://puppetdb-manual.example.com:8081/ soft_write_failure = false
Tell Puppet to use PuppetDB for storeconfigs by adding the following in the [master] section of /etc/puppetlabs/puppet/puppet.conf:
[master] storeconfigs = true storeconfigs_backend = puppetdb
Next, create a routes.yaml file in the /etc/puppetlabs/puppet directory that will make Puppet use PuppetDB for inventory purposes:
--- master: facts: terminus: puppetdb cache: yaml
Restart puppetserver and verify that PuppetDB is working by running puppet agent again on puppetdb-manual.example.com. After the second puppet agent runs, you can inspect the PostgreSQL database for a new catalog as follows:
[root@puppetdb-manual ~]# psql -h localhostpuppetdbpuppetdb Password for user puppetdb: psql (9.4.5) Type "help" for help. puppetdb=> x Expanded display is on. puppetdb=> SELECT * from catalogs; -[ RECORD 1 ]------+------------------------------------------- id| 1 hash | x13980e07b72cf8e02ea247c3954efdc2cdabbbe0 transaction_uuid | 9ce673db-6af2-49c7-b4c1-6eb83980ac57 certname | puppetdb-manual.example.com producer_timestamp | 2015-12-04 01:27:19.211-05 api_version | 1 timestamp | 2015-12-04 01:27:19.613-05 catalog_version | 1449210436 environment_id | 1 code_id |