Steven James
2013-Sep-10 10:27 UTC
[Puppet Users] Setting up PE from scratch with PuppetDB/Postgres on separate box
Hi All, I''m trying to setup a new Pupp Ent instance from scratch with PuppetDB/Postgres on a sep box. I think I have it working, but it took a bit of doing. I just wanted to check that there''s not a more straight forward way. I''m aiming for an HA proxy load balanced pair of PuppetMasters, CA active on only one, with replicated pair of PuppetDB/Postgres. First of all...the assumptions.....it seems that it not possible to install the console role (on the PM) without also installing PuppetDB (with option to connect to remote PG server). I was imagining that my PuppetDB jetty containers would both sit happily only on the 2 database servers, and not be required on the PM?? I was imagining that /etc/puppetlabs/puppet/puppetdb.conf on the PMs would "simply" point down to the active PG PuppetDB instance?? False assumption? The next question I just wanted to validate....the only way I could get the installer to play nice, was to install the DB layer first, with it continuing on not having a PM to point at yet, then loading up the PM, *having* to say Yes to the PuppetDB option, in order to get a console on the PM, then specifying a remote PG database server. If one does have to install the DB first, then maybe the following link needs to be updated? http://docs.puppetlabs.com/pe/latest/install_system_requirements.html Then had to remove DB server''s ssl dir, regenerate and sign the request on the PM (CA), then run puppetdb-ssl-setup to finish off. So I''ve ended up with PuppetDB running on both my PM *and* of course on my DB. I feel like I should be doing a `service pe-puppetdb stop` on the PM. There didn''t seem to be any prebaked examples/answers files that accommodated this (reasonably std) architecture?? Lots of other great examples though. Is my setup the correct way to go about this??? The next stage will be to use the same answers file from PM1 on PM2, disabling the ca_server, and assuring that my dns_alt_names have both the puppet service address, and the addresses of both of the PMs. There seems to be a patch required to allow PuppetDB to drive a replicated Postgres pair via Puppet Enterprise itself. Nice that this is now possible! One last question....and assuming I can run PuppetDB on both Postgres servers, with both pointing at the active PG box......I''m also assuming that I should also be configuring HAProxy to load balance requests to both PuppetDB instances?? i.e. load balance the SSL connects over 8081?? If so, I''m smelling some SSL challenges ahead.....anybody got any thoughts on that one? If both PuppetDB instances are signed against the primary CA, should all else be fine? Thanks for your input, and I''m happy to post updates if anybody has any suggestions. Steven -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Matthew Reams
2013-Dec-06 22:02 UTC
[Puppet Users] Re: Setting up PE from scratch with PuppetDB/Postgres on separate box
Hi Steven, I''m attempting the same thing you are. I see that my /etc/puppetlabs/puppet/puppetdb.conf keeps getting overwritten on my Puppet Master to point back to the Puppet Master instead of my PuppetDB host. Do you know where this is being set? Thanks! Matt On Tuesday, September 10, 2013 6:27:22 AM UTC-4, Steven James wrote:> > Hi All, > > I''m trying to setup a new Pupp Ent instance from scratch with > PuppetDB/Postgres on a sep box. I think I have it working, but it took a > bit of doing. I just wanted to check that there''s not a more straight > forward way. > > I''m aiming for an HA proxy load balanced pair of PuppetMasters, CA active > on only one, with replicated pair of PuppetDB/Postgres. > > First of all...the assumptions.....it seems that it not possible to > install the console role (on the PM) without also installing PuppetDB (with > option to connect to remote PG server). I was imagining that my PuppetDB > jetty containers would both sit happily only on the 2 database servers, and > not be required on the PM?? I was imagining that > /etc/puppetlabs/puppet/puppetdb.conf on the PMs would "simply" point down > to the active PG PuppetDB instance?? False assumption? > > The next question I just wanted to validate....the only way I could get > the installer to play nice, was to install the DB layer first, with it > continuing on not having a PM to point at yet, then loading up the PM, > *having* to say Yes to the PuppetDB option, in order to get a console on > the PM, then specifying a remote PG database server. > > If one does have to install the DB first, then maybe the following link > needs to be updated? > > http://docs.puppetlabs.com/pe/latest/install_system_requirements.html > > Then had to remove DB server''s ssl dir, regenerate and sign the request on > the PM (CA), then run puppetdb-ssl-setup to finish off. > > So I''ve ended up with PuppetDB running on both my PM *and* of course on my > DB. I feel like I should be doing a `service pe-puppetdb stop` on the PM. > > There didn''t seem to be any prebaked examples/answers files that > accommodated this (reasonably std) architecture?? Lots of other great > examples though. > > Is my setup the correct way to go about this??? > > The next stage will be to use the same answers file from PM1 on PM2, > disabling the ca_server, and assuring that my dns_alt_names have both the > puppet service address, and the addresses of both of the PMs. > > There seems to be a patch required to allow PuppetDB to drive a replicated > Postgres pair via Puppet Enterprise itself. Nice that this is now possible! > > One last question....and assuming I can run PuppetDB on both Postgres > servers, with both pointing at the active PG box......I''m also assuming > that I should also be configuring HAProxy to load balance requests to both > PuppetDB instances?? i.e. load balance the SSL connects over 8081?? If so, > I''m smelling some SSL challenges ahead.....anybody got any thoughts on that > one? If both PuppetDB instances are signed against the primary CA, should > all else be fine? > > Thanks for your input, and I''m happy to post updates if anybody has any > suggestions. > > Steven >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/01b677c3-59f9-4c5d-b313-70686f5dcf66%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.