Putting together OpenStack and Puppet is a great way to satisfy almost any deployment scenario. There are a lot of resources on the web about how to set up such an infrastructure, but mostly Linux related. The main goal of this blog post is to provide a reference on how to deploy the Puppet agent on a Windows instance using either plain simple Nova metadata or a Heat template, in both cases based on Cloudbase-Init.
One of the great advantages that Puppet provides is that you can reduce to the bare minimum the OpenStack orchestration complexity leaving to Puppet the role of configuring the instances. This provides a lot of flexibility, for example in the way in which Heat and Puppet can be mixed to achieve the desired results.
To begin with, how do we install the Puppet agent on Windows? On Linux we can use rpm or deb packages directly included in our distributions, but this does not apply to Windows. For this purpose, PuppeLabs provides a Windows installer available for both the standard and enterprise versions, which can be either installed with the typical “Next, Next, Finish” UI or in fully unattended mode. The installer takes care of all the requirements, including the Ruby environment and so on. All we need to do is to provide the location of our Puppet master server. The Microsoft MSI packaging provides a seamless unattended automation:
|
1 |
msiexec /qn /i puppet.msi /l*v puppet.log PUPPET_MASTER_SERVER=your.puppet.master |
Beside PUPPET_MASTER_SERVER, there are also other properties that you can use to customize your installation. The full documentation for the agent installation can be found on the PuppetLabs web site.
There’s a minor caveat to be considered when providing the Puppet Master host name or fqdn (no IP addresses allowed): make sure that the name matches the common name or one of the subject alternative names of the X509 certificate in use on the Puppet Master. You can easily check the certificate by connecting to https://your.puppet.master:8140 and check the certificate properties. If you cannot resolve the name, just add an entry in your hosts file.
OpenStack instance user_data
Putting everything together in a PowerShell script to be provided as a user_data script to the instance is easy:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
#ps1_sysnative $ErrorActionPreference = "Stop" $puppet_master_server_name = "puppet" # Provide an IP address only if you need to add a host file entry $puppet_master_server_ip = "10.0.1.2" # For Puppet Enterprise replace the following url with: # "https://pm.puppetlabs.com/cgi-bin/download.cgi?ver=latest&dist=win" $puppet_agent_msi_url = "https://downloads.puppetlabs.com/windows/puppet-3.4.3.msi" if ($puppet_master_server_ip) { # Validate the IP address $ip = [System.Net.IPAddress]::Parse($puppet_master_server_ip) # Add a line to the hosts file Add-Content -Path $ENV:SystemRoot\System32\Drivers\etc\hosts -Value "$puppet_master_server_ip $puppet_master_server_name" } $puppet_agent_msi_path = Join-Path $ENV:TEMP puppet_agent.msi # You can also use Invoke-WebRequest but this is way faster :) Import-Module BitsTransfer Start-BitsTransfer -Source $puppet_agent_msi_url -Destination $puppet_agent_msi_path cmd /c start /wait msiexec /qn /i $puppet_agent_msi_path /l*v puppet_agent_msi_log.txt PUPPET_MASTER_SERVER=$puppet_master_server_name if ($lastexitcode) { throw "Puppet agent setup failed" } del $puppet_agent_msi_path |
The above script can be downloaded from here. The first line (#ps1 or #ps1_sysnative) is very important, as it tells Cloudbase-Init that this is a PowerShell script.
You can now easily boot an OpenStack instance by either using the Horizon Dashboard or the command line:
|
1 2 |
nova boot --flavor m1.small --image "Windows Server 2012 Std Eval" --key-name key1 \ --user-data PuppetAgent.ps1 vm1 |
If you don’t have a Windows image in Glance which includes Cloudbase-Init, you can either download a ready made Windows Server 2012 R2 Evaluation image or create your own image by following this guide.
Once the machine is booted, you should be able to see a pending certificate in your Puppet Master with:
|
1 |
puppet cert list |
which can be signed with:
|
1 |
puppet cert sign your.instance.name |
Your instance / node will start applying the desired configuration with the next run (every 30′ by default). If this sounds new, here’s a great beginner’s guide.
A Heat template
If you want to include the deployment of the Puppet agent in a larger deployment scenario, Heat is a great choice.
You can find here a Heat template that includes the above PowerShell script. Here’s an example of how to use it to deploy a stack:
|
1 2 |
heat stack-create puppet-stack-1 --template-file=puppet-agent.template \ --parameters="KeyName=key1;InstanceType=m1.small;SubnetId=$SUBNET_ID;WindowsVersion=WS12R2;PuppetMasterServer=puppet" |
