Need to install Puppet agents on different platforms at the same time? We have the code and modules (puppetlabs-puppet_agent
, puppetlabs-puppet_conf
) to help you do that.
Version and installation information
Puppet version: 5.5 and later
Forge modules (installed using a Puppetfile later in this article): puppetlabs-inifile
version 3.1.0,puppetlabs-translate
version 2.1.0,puppetlabs-apt
version 7.3.0,puppetlabs-concat
version 6.2.0,puppetlabs-stdlib
version 6.1.0,puppetlabs-puppet_agent
version 3.0.1,puppetlabs-puppet_conf
version 0.6.0
OS: RedHat: 5, 6, 7, 8
CentOS: 5, 6, 7
OracleLinux: 5, 6, 7
Scientific: 5, 6, 7
Debian: 8, 9, 10
Ubuntu: 14.04, 16.04, 18.04
Fedora: 28, 29, 30, 31
Windows: Server 2008, Server 2008 R2, Server 2012, Server 2012 R2, Server 2016, Server 2019, 7, 8, 8.1, 10
Installation type: Puppet agent, Bolt
Solution
To install the Puppet agent on many nodes at a time, use one of the two plans below with Bolt, and some additional files.
Create plans and files
Your plan should be in a profile module:
<MODULEPATH>/profile/plans/<PLAN_NAME>.pp
For example:
modules/profile/plans/large_num_agent_install.pp
-
This plan (
large_num_agent_install.pp
) splits one large group of target nodes into smaller groups. It’s helpful if you have many nodes (more than 100). If you run this plan, and failures occur, run the plan against the nodes from the failure on. If you submitted 200 nodes, and node 25 fails, then remove nodes one to 24 from the list and start again. If you prefer, you can run the entire job again, since the installation process is idempotent. If you do, setsign_cert
to true in the plan below.plan profile::large_num_agent_install ( TargetSpec $targets, String $puppetmaster, String $collection = 'puppet5', Boolean $sign_cert = false, Integer $concurrency = 5, ) { $target_list = $targets.split('\n').convert_to(Array) $target_list.slice($concurrency).each | $smaller_list | { # This will install the agent run_plan( 'profile::agent_installs', $smaller_list, collection => $collection, puppetmaster => $puppetmaster, sign_cert => $sign_cert, ) } }
-
This plan (
agent_installs.pp
) uses Puppet modules to install Puppet. Use this plan if you have less than 100 nodes. If there are failures, you can run the entire job again, since the installation process is idempotent. If you do, setsign_cert
to false in the plan below.plan profile::agent_installs ( TargetSpec $targets, String $puppetmaster, String $collection = 'puppet5', Boolean $sign_cert = false, ) { #This strips the proto off the host entry in the target file $sign_targets = $targets.regsubst('^.*://(.*?)$', '\1').join(',') $string_targets = String($targets) # This installs the agent run_task( 'puppet_agent::install', $targets, _run-as => 'root', _tty => true, collection => $collection, install_options => "PUPPET_MASTER_SERVER=${puppetmaster}", ) # This sets the server in puppet.conf run_task( 'puppet_conf', $targets, _tty => true, action => 'set', section => 'agent', setting => 'server', value => "$puppetmaster", ) # This restarts the service so that a cert signing request is sent to master run_task( 'service', $targets, _tty => true, action => 'restart', name => 'puppet', ) if $sign_cert == true { # TODO: come up with an intelligent way to validate that the expected CSRs # have been submitted and are available for signing, prior to signing them. # For now, waiting 10 second period time per number of nodes to avoid a small race. $time_to_sleep = ((size($string_targets.split(','))) * 10) ctrl::sleep($time_to_sleep) notice("Array size is $time_to_sleep") # This signs all the certs provided run_command(inline_epp(@(HEREDOC/L)), $puppetmaster) /opt/puppetlabs/bin/puppetserver ca sign --certname \ <%= $sign_targets -%> | HEREDOC } }
You need a few other files to use either one of these plans with Bolt. Here are examples of each one:
params.json
Bolt uses this file to pass parameters to the plan:
{
"sign_cert": true,
"puppetmaster": "server-oss-env.platform9.puppet.net"
}
Puppetfile
This example Puppetfile lists all the modules required for these plans.
forge "http://forge.puppetlabs.com"
mod 'profile', local: true
mod 'puppetlabs-inifile', '3.1.0'
mod 'puppetlabs-translate', '2.1.0'
mod 'puppetlabs-apt', '7.3.0'
mod 'puppetlabs-concat', '6.2.0'
mod 'puppetlabs-stdlib', '6.1.0'
mod 'puppetlabs-puppet_agent', '3.0.1'
mod 'puppetlabs-puppet_conf', '0.6.0'
targets.lst
The list of target hosts to install puppet-agent
on.
winrm://node1-oss-env.platform9.puppet.net
winrm://node2-oss-env.platform9.puppet.net
winrm://node3-oss-env.platform9.puppet.net
winrm://node4-oss-env.platform9.puppet.net
winrm://node5-oss-env.platform9.puppet.net
winrm://node6-oss-env.platform9.puppet.net
winrm://node7-oss-env.platform9.puppet.net
ssh://node8-oss-env.platform9.puppet.net
ssh://node9-oss-env.platform9.puppet.net
ssh://node10-oss-env.platform9.puppet.net
ssh://node11-oss-env.platform9.puppet.net
ssh://node12-oss-env.platform9.puppet.net
ssh://node13-oss-env.platform9.puppet.net
Installing the agent on many nodes
After you’ve created the files above, run the following commands to install the Puppet agent on many nodes:
-
Install the required modules onto your Bolt host:
bolt puppetfile install
-
Run one of these commands to install Puppet on the nodes in
targets.lst
.If you have many nodes, and want to use
large_num_agent_install.pp
to split one large group of target nodes into smaller groups, run this command:bolt plan run profile::large_num_agent_install --params @params.json --no-ssl --targets @targets.lst
If you have fewer nodes and prefer to run
agent_installs.pp
on all of your target nodes at once:bolt plan run profile::agent_installs --params @params.json --no-ssl --targets @targets.lst
Additional Resources
Bolt
- Writing Bolt Tasks
- Combining PowerShell, Bolt and Puppet Tasks
- Writing Advanced Plans
- Bolt Hands-on Lab
- Configuring Bolt
Module Forge pages
Comments
0 comments
Please sign in to leave a comment.