Hi guys, I''m installing Puppet on RHEL5 systems using KickStart but struggle with the first boot. Here''s my situation: 1) kickstart installs the system, including puppet from our local repo 2) after reboot I have to login and set the hostname and IP 3) then run puppet, register it with the server and bring in the config 4) configure puppet for automatic start I have to configure the hostname before running puppet for the first time, otherwise it makes its certificate with a wrong name (either ''localhost'' or something supplied by dhcp). I''m aware this is not really a Puppet question but how do you guys do this? How do you (semi-)automatically configure the hostname before running puppet for the first time? Thanks M. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Michal Ludvig writes: > Hi guys, > > I''m installing Puppet on RHEL5 systems using KickStart but struggle with > the first boot. > > Here''s my situation: > 1) kickstart installs the system, including puppet from our local repo > 2) after reboot I have to login and set the hostname and IP > 3) then run puppet, register it with the server and bring in the config > 4) configure puppet for automatic start > > I have to configure the hostname before running puppet for the first > time, otherwise it makes its certificate with a wrong name (either > ''localhost'' or something supplied by dhcp). I''m aware this is not really > a Puppet question but how do you guys do this? How do you > (semi-)automatically configure the hostname before running puppet for > the first time? We''re using Cobbler (which uses Kickstart to do the basic system installation) and it easily allows us to create per-host kickstart profiles that set the hostname and configure network interfaces. That information is actually something you can put directly into a Kickstart profile but it means you''d have to create per-host profiles rather than use one master profile for everything. I''m not our local Cobbler/Kickstart expert, but the guy who created our Cobbler installation even figured out how to script a new host''s initial registration with the puppetmaster (I believe the key idea is that there is a command-locked ssh identity key that allows the host to get in to the puppetmaster and issue the right "puppetca" command). I''d have to do some digging to look up the specifics. > Thanks > > M. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
We done it 2 different ways: *) Pull and run a shellscript that sets puppet to run when the computer first boots up. Or instead of running the shell script, run something like this: get private_keys/bootstrap.pem (Pseudocode) get signed/bootstrap.pem (Pseudocode) get public_keys/ca.pem (Pseudocode) #Then run puppetd --no-daemonize --verbose --debug --hostprivkey=/var/lib/puppet/ssl/private_keys/bootstrap.pem --hostcert=/var/lib/puppet/ssl/certs/bootstrap.pem --onetime --certname=bootstrap > /target/root/puppet.log #Now, when the computer reboots, the real run will happen with the computer''s real name On Oct 14, 2010, at 3:47 AM, Michal Ludvig wrote:> Hi guys, > > I''m installing Puppet on RHEL5 systems using KickStart but struggle with the first boot. > > Here''s my situation: > 1) kickstart installs the system, including puppet from our local repo > 2) after reboot I have to login and set the hostname and IP > 3) then run puppet, register it with the server and bring in the config > 4) configure puppet for automatic start > > I have to configure the hostname before running puppet for the first time, otherwise it makes its certificate with a wrong name (either ''localhost'' or something supplied by dhcp). I''m aware this is not really a Puppet question but how do you guys do this? How do you (semi-)automatically configure the hostname before running puppet for the first time? > > Thanks > > M. > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Thu, 2010-10-14 at 23:47 +1300, Michal Ludvig wrote:> Hi guys, > > I''m installing Puppet on RHEL5 systems using KickStart but struggle with > the first boot.As Stephen says, use cobbler (we do as well!) and put it into your kickstart. Here''s ours: ================== sample.ks ================ #platform=x86, AMD64, or Intel EM64T # System authorization information auth --useshadow --enablemd5 # System bootloader configuration bootloader --location=mbr # Partition clearing information clearpart --all --initlabel # Use text mode install text # Firewall configuration - switch this off as we will apply it using # puppet firewall --disabled # Run the Setup Agent on first boot firstboot --disable # System keyboard keyboard uk # System language lang en_GB # Use network installation url --url=$tree # If any cobbler repo definitions were referenced in the kickstart # profile, include them here. $yum_repo_stanza # Network information $SNIPPET(''network_config'') # Reboot after installation reboot #Root password rootpw --iscrypted $default_password_crypted # SELinux configuration selinux --disabled # Do not configure the X Window System skipx # System timezone timezone Europe/London # Install OS instead of upgrade install # Clear the Master Boot Record zerombr # setup the default patitioning part /boot --fstype=ext3 --size=256 part swap --size=2048 part pv.01 --size=1 --grow volgroup vg_root pv.01 logvol / --vgname=vg_root --size=8192 --name=lv_root logvol /var --vgname=vg_root --size=10240 --name=lv_var logvol /tmp --vgname=vg_root --size=10240 --name=lv_tmp logvol /home --vgname=vg_root --size=10240 --name=lv_home %pre $SNIPPET(''log_ks_pre'') $kickstart_start $SNIPPET(''pre_install_network_config'') # Enable installation monitoring $SNIPPET(''pre_anamon'') %packages $SNIPPET(''func_install_if_enabled'') @Base vim-enhanced puppet acpid -sendmail %post --nochroot # THIS IS THE PUPPET STUFF! # # It registers the puppet client with the server and then it will # run on firstboot # Copy netinfo, which has our FQDN from DHCP, into the chroot test -f /tmp/netinfo && cp /tmp/netinfo /mnt/sysimage/tmp/ %post /sbin/chkconfig --level 345 puppet on # Figure out the FQDN if [ -f /tmp/netinfo ] ; then FQDN=`(source /tmp/netinfo; [ -n "$DOMAIN" ] && echo $HOSTNAME.$DOMAIN || echo $HOSTNAME)` # Run puppet, just to get the certs; the actual config update happens # on the next reboot hostname $FQDN /usr/sbin/puppetd -o -v --tag no_such_tag --waitforcert 60 fi $SNIPPET(''log_ks_post'') # Start yum configuration $yum_config_stanza # End yum configuration $SNIPPET(''post_install_kernel_options'') $SNIPPET(''post_install_network_config'') $SNIPPET(''func_register_if_enabled'') $SNIPPET(''download_config_files'') $SNIPPET(''koan_environment'') $SNIPPET(''redhat_register'') $SNIPPET(''cobbler_register'') # Enable post-install boot notification $SNIPPET(''post_anamon'') # Start final steps $kickstart_done # End final steps ========== END Sample.ks ================ All the $SNIPPET stuff is cobbler specific, but the Puppet config stuff should work as part of any kickstart. HTH, Matt. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On 10/14/2010 3:47 AM, Michal Ludvig wrote:> Hi guys, > > I''m installing Puppet on RHEL5 systems using KickStart but struggle > with the first boot. > > Here''s my situation: > 1) kickstart installs the system, including puppet from our local repo > 2) after reboot I have to login and set the hostname and IP > 3) then run puppet, register it with the server and bring in the config > 4) configure puppet for automatic start > > I have to configure the hostname before running puppet for the first > time, otherwise it makes its certificate with a wrong name (either > ''localhost'' or something supplied by dhcp). I''m aware this is not > really a Puppet question but how do you guys do this? How do you > (semi-)automatically configure the hostname before running puppet for > the first time?At Powerset we generated the hostname from LLDP information. All of our hosts were named "switch-port" which was set during installation: custom installer basically partitioned and formatted, mounted disks, copied down a tarball of the current "gold master" image, then mucked around in /mnt/etc setting the hostname and other bits. Upon reboot, puppet was run for the first time out of /etc/rc.local doing the rest. Cheers, Ryan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
you can always use http://theforeman.org to do the provisioning for you. Ohad On Thu, Oct 14, 2010 at 12:47 PM, Michal Ludvig <mludvig@logix.net.nz>wrote:> Hi guys, > > I''m installing Puppet on RHEL5 systems using KickStart but struggle with > the first boot. > > Here''s my situation: > 1) kickstart installs the system, including puppet from our local repo > 2) after reboot I have to login and set the hostname and IP > 3) then run puppet, register it with the server and bring in the config > 4) configure puppet for automatic start > > I have to configure the hostname before running puppet for the first time, > otherwise it makes its certificate with a wrong name (either ''localhost'' or > something supplied by dhcp). I''m aware this is not really a Puppet question > but how do you guys do this? How do you (semi-)automatically configure the > hostname before running puppet for the first time? > > Thanks > > M. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Excerpts from Michal Ludvig''s message of Thu Oct 14 06:47:16 -0400 2010:> I''m installing Puppet on RHEL5 systems using KickStart but struggle with > the first boot. > > Here''s my situation: > 1) kickstart installs the system, including puppet from our local repo > 2) after reboot I have to login and set the hostname and IP > 3) then run puppet, register it with the server and bring in the config > 4) configure puppet for automatic start > > I have to configure the hostname before running puppet for the first > time, otherwise it makes its certificate with a wrong name (either > ''localhost'' or something supplied by dhcp). I''m aware this is not really > a Puppet question but how do you guys do this? How do you > (semi-)automatically configure the hostname before running puppet for > the first time? >Another option is to set the certname option in puppet.conf when installing with kickstart. The certname option defaults to the hostname - however it can be set in puppet.conf: [main] certname=YOUR_UNIQUE_CERTNAME -- Mathias Gug Ubuntu Developer http://www.ubuntu.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Thu, Oct 14, 2010 at 6:47 AM, Michal Ludvig <mludvig@logix.net.nz>> 1) kickstart installs the system, including puppet from our local repoIn our case, kickstart sets the hostname and the ip/netmask/gateway/dns.... Why dont you set hostname and the ip/netmask/gateway/dns... in the kickstart file? Mohamed. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Thu, 14 Oct 2010 23:47:16 +1300 Michal Ludvig wrote:> Hi guys,Hi Michal,> Here''s my situation: > 1) kickstart installs the system, including puppet from our local repo > 2) after reboot I have to login and set the hostname and IPkickstart is able to configure your network / hostname. Why don''t you use that feature? We''re moving to cobbler, but we''ve been using our local sytem for last year with great success: We use a local script that generates our kickstart files. That script collects hostname and adds postinstall part, which looks like: [...] %post wget htpp://server...../script.sh chmod +x script.sh script.sh hostname devide_type ip mask gw then, our script.sh runs puppet like: /usr/bin/ruby /usr/sbin/puppetd --server=server --logdest=/var/log/puppet/puppet.log --test --fqdn $1 *notice --fqdn and $1 is node hostname. So, with our conf, before first boot we have our host fully configured (puppet service is confgiured itself) The important thing is that we have autosign enabled for many hosts, so ca stuff is not needed (well, you have to previously puppetca --clean $hostname if you''re reinstalling the node). It works really fine. HTH, Arnau -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On 10/15/2010 08:36 AM, Arnau Bria wrote:> On Thu, 14 Oct 2010 23:47:16 +1300 > Michal Ludvig wrote >> 1) kickstart installs the system, including puppet from our local repo >> 2) after reboot I have to login and set the hostname and IP > kickstart is able to configure your network / hostname. Why don''t you > use that feature?Because we''ve got a common kickstart for all installs, not a per-host kickstart. It only installs the very core system and the rest is brought in and configured by puppet.> We''re moving to cobbler,Looks like cobbler is the prefered method here. I''ll give it a try. Thanks for all the responses! M. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On 10/14/2010 03:49 PM, Michal Ludvig wrote:> On 10/15/2010 08:36 AM, Arnau Bria wrote: >> On Thu, 14 Oct 2010 23:47:16 +1300 >> Michal Ludvig wrote >>> 1) kickstart installs the system, including puppet from our local repo >>> 2) after reboot I have to login and set the hostname and IP >> kickstart is able to configure your network / hostname. Why don''t you >> use that feature? > Because we''ve got a common kickstart for all installs, not a per-host > kickstart. It only installs the very core system and the rest is brought > in and configured by puppet. >> We''re moving to cobbler, > Looks like cobbler is the prefered method here. I''ll give it a try. >You can pass in arguments to the kernel via the bootloader which the kickstart pre-script then read in. Example. while read key value; do eval "karg_${key}=''${value:-1}''" done <<- EOF $(< /proc/cmdline sed ''s/ /\n/g'' | sed ''s/=/\t/1'') EOF Which are then used later in the script to set kickstart parameters or wherever needed. Then at the syslinux boot prompt, I do: install-centos-5 ip=10.0.0.1/24 hostname=host.domain foo which will install variables like so: karg_ip=10.0.0.0/24 karg_hostname=host.domain karg_foo=1 -- Russell A Jackson <raj@csub.edu> Network Analyst California State University, Bakersfield -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Oct 14, 3:49 pm, Michal Ludvig <mlud...@logix.net.nz> wrote:> On 10/15/2010 08:36 AM, Arnau Bria wrote:> On Thu, 14 Oct 2010 23:47:16 +1300 > > Michal Ludvig wrote > >> 1) kickstart installs the system, including puppet from our local repo > >> 2) after reboot I have to login and set the hostname and IP > > kickstart is able to configure your network / hostname. Why don''t you > > use that feature? > > Because we''ve got a common kickstart for all installs, not a per-host > kickstart. It only installs the very core system and the rest is brought > in and configured by puppet.> We''re moving to cobbler, > > Looks like cobbler is the prefered method here. I''ll give it a try. > > Thanks for all the responses! > > M.I posted[1] how we did this at Speakeasy last year on the cobbler lists, which you may be interested in. Also might want to check out the forge for a cobbler module[2]. -g [1] - http://www.mail-archive.com/cobbler@lists.fedorahosted.org/msg03824.html [2] - http://forge.puppetlabs.com/ghoneycutt/cobbler -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Thursday 14 Oct 2010 23:49:11 Michal Ludvig wrote:> On 10/15/2010 08:36 AM, Arnau Bria wrote: > > On Thu, 14 Oct 2010 23:47:16 +1300 > > Michal Ludvig wrote > > > >> 1) kickstart installs the system, including puppet from our local repo > >> 2) after reboot I have to login and set the hostname and IP > > > > kickstart is able to configure your network / hostname. Why don''t you > > use that feature? > > Because we''ve got a common kickstart for all installs, not a per-host > kickstart. It only installs the very core system and the rest is brought > in and configured by puppet. > > > We''re moving to cobbler, > > Looks like cobbler is the prefered method here. I''ll give it a try. > > Thanks for all the responses!You can also use Cobbler for ext-lookups and therefore assign classes and modules to systems from the cobbler web interface. It works really well! :) Matt. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Steven VanDevender wrote:> I''m not our local Cobbler/Kickstart expert, but the guy who created > our Cobbler installation even figured out how to script a new host''s > initial registration with the puppetmaster (I believe the key idea > is that there is a command-locked ssh identity key that allows the > host to get in to the puppetmaster and issue the right "puppetca" > command). I''d have to do some digging to look up the specifics.I handle this in my environment by generate the new host key on the puppetmaster and packaging that into an rpm, which gets installed in the kickstart along with puppet. That way an initial puppet run can happen during install. Doesn''t exactly scale, unless you automate the key generation though, like you mentioned doing. -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ There are severe limits to the good that the government can do for the economy, but there are almost no limits to the harm it can do. -- Milton Friedman. Nobel laureate