Puppet users - Jun 2008 - Validate a theory regarding puppet (+ firstboot) please

As I sit here staring at my manifests (and pondering a module to
control Glassfish), I''m pondering the best way to do a first-run of
puppet to get the initial repositories and puppet configuration
downloaded.  My theory is that I''ll modify rc.local (or replace
firstboot-tui, we don''t use it with automated builds) to run puppetd
twice - once to request the certificate, the second time to run
puppetd --tags yum_setup, node_setup.  This should ensure that all the
server builds always get the appropriate yum repositories and puppet
configuration before enabling puppetd as a service.  The run of
puppetd as a service can then reverse the changes to rc.local.

Any flaws in my theory?

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Duncan Hill wrote:
> My theory is that I''ll modify rc.local (or replace
> firstboot-tui, we don''t use it with automated builds) to run
puppetd
> twice - once to request the certificate, the second time to run
> puppetd --tags yum_setup, node_setup.
Do you need to run it twice?

I have the same thing "puppetd --tags puppet::production" in 
my kickstart config, and that does the certificate and pulls 
down the appropriate puppet.conf

After that, puppet.conf pulls down everything else (and 
configures itself as a service that should always be running).

johnn

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Thu, Jun 19, 2008 at 7:04 PM, Johnny Tan <linuxweb@gmail.com>
wrote:
>
> Duncan Hill wrote:
>> My theory is that I''ll modify rc.local (or replace
>> firstboot-tui, we don''t use it with automated builds) to run
puppetd
>> twice - once to request the certificate, the second time to run
>> puppetd --tags yum_setup, node_setup.
>
> Do you need to run it twice?
>
> I have the same thing "puppetd --tags puppet::production" in
> my kickstart config, and that does the certificate and pulls
> down the appropriate puppet.conf
>
> After that, puppet.conf pulls down everything else (and
> configures itself as a service that should always be running).
>
This will work as long as you have the certs auto signing. After
puppet is set up it will run again in about 30 minutes and catch any
thing that might not have been changed. It is unlkely to happen unless
you have very complex mainfests or a remote sourec is of line at build
time.

I never did get puppet to run right out of kickstart I ended up using
at and wget to pull in a script at first boot and do the yum updated
and puppet config.

Evan

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

2008/6/20 Evan Hisey <ehisey@gmail.com>:
>
> I never did get puppet to run right out of kickstart I ended up using
> at and wget to pull in a script at first boot and do the yum updated
> and puppet config.
The problem with running right out of kickstart is that the machine
still has a hostname of localhost.localdomain.  This could be fixed,
but I''m content to wait for the machine to boot.

I''ve got autosigning turned on, but my new builds never go
''sign this
please, *sign*, manifest please'' - it''s always two runs.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

2008/6/20 Duncan Hill <bajandude@googlemail.com>:
> The problem with running right out of kickstart is that the machine
> still has a hostname of localhost.localdomain.  This could be fixed,
> but I''m content to wait for the machine to boot.
Self answer:
%post
puppetd --tags mytags --fqdn fully.qualified.name.that.i.want.on.the.cert
> I''ve got autosigning turned on, but my new builds never go
''sign this
> please, *sign*, manifest please'' - it''s always two runs.
And this now works.  Whee, less complexity!

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Duncan Hill wrote:
> 2008/6/20 Duncan Hill <bajandude@googlemail.com>:
>> The problem with running right out of kickstart is that the machine
>> still has a hostname of localhost.localdomain.  This could be fixed,
>> but I''m content to wait for the machine to boot.
> 
> Self answer:
> %post
> puppetd --tags mytags --fqdn fully.qualified.name.that.i.want.on.the.cert
In kickstart, I set the hostname in the network line:

=
network --device=eth0 --bootproto=static --hostname=f.q.d.n 
--ip=ip.address.for.eth0 --netmask=255.255.0.0 
--gateway=ip.address.for.gw --nameserver=ip.address.for.ns 
--noipv6

=

Once that''s set, the hostname also gets put in /tmp/netinfo 
as $HOSTNAME, so I can then do this in my %post section of 
the kickstart config file:

=
%post
/usr/sbin/ntpdate ip.address.of.ntp
if [ -f /tmp/netinfo ]; then
     source /tmp/netinfo
     hostname $HOSTNAME
     /usr/sbin/puppetd --server fqdn.of.puppet.server --test 
--tags puppet::production
fi
/sbin/chkconfig puppet on
/bin/rpm --import 
http://ip.address.of.yumserver/repos/centos/RPM-GPG-KEY-CentOS-5
/usr/bin/yum -y update

=
This has worked great for me.

johnn

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Both of those solutions are good.  The key is calling hostname with  
the proper FQDN.  I just figure out what IP the system has and look it  
up in DNS.

Something like:

%post
# 130.157 is our "production" network; systems often also have a 10.x
network interface or 2.
PRIMARYETHER=`/sbin/ifconfig  | grep -B 1 130.157 | head -1 | cut -d''  
'' -f1`
PRIMARYIP=`/sbin/ifconfig $PRIMARYETHER | grep ''inet addr:'' |
cut -d: -
f2 | cut -d'' '' -f1`

# I actually do a few more variations into variables for use in the  
script
FULLHOSTNAME=`dig +short -x $PRIMARYIP`
FQDN=`basename $FULLHOSTNAME .`
hostname $FQDN

puppetd --onetime --verbose --report --factsync --tags no_such_tag -- 
waitforcert 500
puppetd --onetime --verbose --report --factsync --tags puppetclient
chkconfig puppet on


On Jun 20, 2008, at 8:40 AM, Johnny Tan wrote:
>
> Duncan Hill wrote:
>> 2008/6/20 Duncan Hill <bajandude@googlemail.com>:
>>> The problem with running right out of kickstart is that the machine
>>> still has a hostname of localhost.localdomain.  This could be
fixed,
>>> but I''m content to wait for the machine to boot.
>>
>> Self answer:
>> %post
>> puppetd --tags mytags --fqdn  
>> fully.qualified.name.that.i.want.on.the.cert
>
> In kickstart, I set the hostname in the network line:
>
> =>
> network --device=eth0 --bootproto=static --hostname=f.q.d.n
> --ip=ip.address.for.eth0 --netmask=255.255.0.0
> --gateway=ip.address.for.gw --nameserver=ip.address.for.ns
> --noipv6
>
> =>
>
> Once that''s set, the hostname also gets put in /tmp/netinfo
> as $HOSTNAME, so I can then do this in my %post section of
> the kickstart config file:
>
> =>
> %post
> /usr/sbin/ntpdate ip.address.of.ntp
> if [ -f /tmp/netinfo ]; then
>     source /tmp/netinfo
>     hostname $HOSTNAME
>     /usr/sbin/puppetd --server fqdn.of.puppet.server --test
> --tags puppet::production
> fi
> /sbin/chkconfig puppet on
> /bin/rpm --import
> http://ip.address.of.yumserver/repos/centos/RPM-GPG-KEY-CentOS-5
> /usr/bin/yum -y update
>
> =>
> This has worked great for me.
>
> johnn
>
> >
>
-- 
Eric Eisenhart <eric.eisenhart@sonoma.edu>
Lead Unix/Linux System Administrator
1.707.664.3099
Sonoma State University, Information Technology
Jabber/XMPP: eisenhae@jabber.sonoma.edu
AIM: ericeisenhart


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

2008/6/23 Eric Eisenhart
<eric.eisenhart@sonoma.edu>:
>
> Both of those solutions are good.  The key is calling hostname with
> the proper FQDN.  I just figure out what IP the system has and look it
> up in DNS.
>
> Something like:
>
> %post
> # 130.157 is our "production" network; systems often also have a
10.x
> network interface or 2.
> PRIMARYETHER=`/sbin/ifconfig  | grep -B 1 130.157 | head -1 | cut
-d''
> '' -f1`
Interesting approach, and probably very useful in a larger
environment.  Ours is small enough that I just keep customised ks.cfg
files for each machine, forming part of the documentation of the
machine setup.  I could see your approach being very useful with
accurate DNS + DHCP.

On a semi-related note, does anyone know how to tell kickstart that
ks=http://... should use the first network card always, instead of
popping up a ''which card to use'' dialog?

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

this is how i run it
in kickstart file:
fqdn=`nslookup \`ifconfig eth0|egrep "inet "|cut -f2 -d:|cut -f1
-d"
"\`|egrep name|cut -f 2 -d=|cut -f2 -d" "|sed -e
"s/.$//"`

On Tue, Jun 24, 2008 at 3:48 PM, Duncan Hill <bajandude@googlemail.com>
wrote:
>
> On a semi-related note, does anyone know how to tell kickstart that
> ks=http://... should use the first network card always, instead of
> popping up a ''which card to use'' dialog?
>
label linux
  kernel boot/vmlinuz-gi5.i386
  append initrd=boot/initrd-gi5.i386 kshttp://puppet/cgi-bin/kickstart/ks.cgi
ksdevice=eth0 network kssendmac

Ohad

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

2008/6/24 Ohad Levy <ohadlevy@gmail.com>:
> this is how i run it
> in kickstart file:
> fqdn=`nslookup \`ifconfig eth0|egrep "inet "|cut -f2 -d:|cut -f1
-d"
> "\`|egrep name|cut -f 2 -d=|cut -f2 -d" "|sed -e
"s/.$//"`
>
> On Tue, Jun 24, 2008 at 3:48 PM, Duncan Hill
<bajandude@googlemail.com>
> wrote:
>>
>> On a semi-related note, does anyone know how to tell kickstart that
>> ks=http://... should use the first network card always, instead of
>> popping up a ''which card to use'' dialog?
>
>
> label linux
>   kernel boot/vmlinuz-gi5.i386
>   append initrd=boot/initrd-gi5.i386
> ks=http://puppet/cgi-bin/kickstart/ks.cgi ksdevice=eth0 network kssendmac
Brilliant.  That''s never been in documentation I''ve read, but
kssendmac tells me that it''s in the Fedora docs.  Will have to give
those arguments a try on the next server build.

Thanks!

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

>>
>>
>> label linux
>>   kernel boot/vmlinuz-gi5.i386
>>   append initrd=boot/initrd-gi5.i386
>> ks=http://puppet/cgi-bin/kickstart/ks.cgi ksdevice=eth0 network
kssendmac
>
> Brilliant.  That''s never been in documentation I''ve read,
but
> kssendmac tells me that it''s in the Fedora docs.  Will have to
give
> those arguments a try on the next server build.
>
> Thanks!
>
I have a server to build to day so I willbe given that a test on
CentOS 5 today :)

Evan

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

the kssendmac is an environment setup which sends the mac address of the
server,  what you wanted was ksdevice.

The ksendmac is only useful if you have a cgi script or similar.

Ohad
On Tue, Jun 24, 2008 at 6:04 PM, Duncan Hill <bajandude@googlemail.com>
wrote:
>
> 2008/6/24 Ohad Levy <ohadlevy@gmail.com>:
> > this is how i run it
> > in kickstart file:
> > fqdn=`nslookup \`ifconfig eth0|egrep "inet "|cut -f2 -d:|cut
-f1 -d"
> > "\`|egrep name|cut -f 2 -d=|cut -f2 -d" "|sed -e
"s/.$//"`
> >
> > On Tue, Jun 24, 2008 at 3:48 PM, Duncan Hill
<bajandude@googlemail.com>
> > wrote:
> >>
> >> On a semi-related note, does anyone know how to tell kickstart
that
> >> ks=http://... should use the first network card always, instead of
> >> popping up a ''which card to use'' dialog?
> >
> >
> > label linux
> >   kernel boot/vmlinuz-gi5.i386
> >   append initrd=boot/initrd-gi5.i386
> > ks=http://puppet/cgi-bin/kickstart/ks.cgi ksdevice=eth0 network
> kssendmac
>
> Brilliant.  That''s never been in documentation I''ve read,
but
> kssendmac tells me that it''s in the Fedora docs.  Will have to
give
> those arguments a try on the next server build.
>
> Thanks!
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---