This blog focusses on setting up Mcollective and puppet push-pull environment in open source puppet, configuration management tool. Puppet has a default behavior that agents pull their respective configurations (catalogs) at regular interval of time. The blog refers to certain use case where you don’t want an agent to make changes at their respective time intervals instead you wish to push some urgent changes instantly over all the agents or a group of agents. In an earlier version of puppet, puppet kick command was there to perform this task, however, the command has been deprecated in version 3.4 and above. Now Puppet has got Mcollective to perform this task along with various other functionalities. This blog will not discuss all the benefits of Mcollective but will focus only on achieving puppet push.
Mcollective: The Marionette collective also known as Mcollective is a tool developed by puppet labs for server orchestration or parallel job execution systems.
The lab for this setup includes two machines, both has centos6 minimal install. For this setup, one machine is installed as puppetmaster and the other one as puppet agent (setting up puppetmaster and agent is out of the scope of this blog, however for more information on setting up puppet test environment, can refer here) with puppet version 3.8.1. Flush all the existing firewall rules and set SELinux in permissive or disabled mode. Install network time protocol on both machines and ensure that time is synchronized using NTP. Commands listed below,
iptables -F service iptables save setenforce 0 yum update -y yum install ntp service ntpd start chkconfig ntpd on
Mcollective setup on Puppetmaster and agent:
The primary and foremost thing to understand about mcollective is that mcollective client should be installed on puppetmaster and mcollective server on all the puppet agents. We also need a middleware for Mcollective setup that can be ActiveMQ or RabbitMQ etc, but for this setup, activeMQ has been used as it is the most suitable option for mcollective (as per puppetlabs documentation). For the sake of simplicity, activeMQ has been setup on puppetmaster itself (although it can be set up on a dedicated node also).
So, the set up include two machines,
puppetmaster.example.com – puppetmaster, mcollective client and activeMQ server
puppetagent.example.com – puppet agent and mcollective server
First of all, puppet repository is needed to be set up using the following command, on both puppetmaster and agent,
rpm -Uvh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-5.noarch.rpm
On puppetmaster, install Mcollective client and activeMQ server and mcollective-puppet-client. ActiveMQ is a controller for stomp, a ruby gem for sending and receiving messages from a Stomp protocol compliant message queue. It communicates at port tcp/61613 and tcp/61614. To make sure stomp is installed, Check it using “gem list” command, if in the listing it does not show stomp, then run below command to install “stomp” gem.
gem install stomp yum install mcollective-client mcollective-common activemq mcollective-puppet-client -y
A username and password are needed to connect to ActiveMQ server. For this, edit /etc/ActiveMQ/credential.properties and set username and password in plain text as listed below. Username “system” and password “manager” (default values) has been used for this test case,
start the activeMQ service,
service activemq restart
Edit Mcollective configuration in /etc/mcollective/client.cfg to match below,
On puppet agent, install mcollective-server and edit /etc/mcollective/server.cfg,
yum install mcollective-server mcollective-common mcollective-puppet-agent
Edit mcollective configuration in /etc/mcollective/server.cfg to match below,
start the services,
service mcollective restart
Now, to go to puppetmaster, run command, and check if mcollective is working fine,
MCO inventory puppetagent.example.com
After successful testing of mcollective, lets try “mco puppet runonce” (for pushing the configuration from puppetmaster). For test puppet runonce, we have written a small manifest as shown below,
Above manifest, if applied successfully, should create a file name intelligrape in the /tmp directory of all the puppetagents. This is by default fetched/pulled by all the puppetagents after every 30 mins but can be set as per requirement. However, if we want to push a configuration on all the servers or a group of servers, that can only be achieved by Mcollective’s command as shown below,
mco puppet runonce