User Tools

Site Tools


Sidebar

progetti:cloud-areapd:best_practices:config_puppetrun
ATTENZIONE: Mercoledì 20 Ottobre, dalle 14:00 alle 14:30 sarà effettuato un intervento di manutenzione su wiki.infn.it. Tutte le modifiche effettuate ai contenuti, durante tale intervallo, potrebbero essere annullate alla fine dell'intervento. Si prega pertanto di anticipare o posticipare tali operazioni al di fuori dall'intervallo di manutenzione programmato.
ATTENTION: Wednesday October 20th, from 2:00pm to 2:30pm a maintenance intervention will be carried out on wiki.infn.it. All changes made to the contents, during this interval, could be canceled at the end of the intervention. Therefore, please anticipate or postpone these operations outside the scheduled maintenance interval.

Configure Host "Puppet Run" on Foreman

Reference

Configuration Log

on client node

  • modify puppet.conf
    [root@cld-ganglia ~]# egrep -v '^    #|^#|^$' /etc/puppet/puppet.conf
    [main]
    vardir = /var/lib/puppet
    logdir = /var/log/puppet
    rundir = /var/run/puppet
    ssldir = $vardir/ssl
    listen        = true    <----------- new line
    [agent]
    pluginsync      = true
    report          = true
    ignoreschedules = true
    daemon          = false
    ca_server       = cld-foreman.cloud.pd.infn.it
    certname        = cld-ganglia.cloud.pd.infn.it
    environment     = production
    server          = cld-foreman.cloud.pd.infn.it
  • modify auth.conf:
    [root@cld-ganglia ~]# tail -11 /etc/puppet/auth.conf
    # added to enable puppetrun
    path /run
    auth any
    method save
    allow cld-foreman.cloud.pd.infn.it
    
    # this one is not stricly necessary, but it has the merit
    # to show the default policy which is deny everything else
    path /
    auth any

on foreman node

  • in foreman settings (More –> Settings –> "Puppet"tab), set puppetrun to "true".
  • enable foreman-proxy in sudoers:
    [root@cld-foreman ~]# grep foreman /etc/sudoers
    ## Allow foreman-proxy to do puppetrun
    Defaults:foreman-proxy !requiretty
    foreman-proxy ALL = NOPASSWD: /usr/bin/puppet kick *
progetti/cloud-areapd/best_practices/config_puppetrun.txt · Last modified: 2014/01/29 19:29 by aiftim@infn.it