Puppet and Provisioning KVM VMs

damiena · November 5, 2018, 10:44am

Problem:

Expected outcome:

Foreman and Proxy versions:

Foreman and Proxy plugin versions:

Other relevant data:
[e.g. logs from Foreman and/or the Proxy, modified templates, commands issued, etc]
(for logs, surround with three back-ticks to get proper formatting, e.g.)

logs

damiena · November 5, 2018, 11:00am

Problem:
I have been using Foreman/Katello for a couple months now, so far have managed to do unattended provisioning of VMs using Libvirt and use some puppet modules for custom configs on all the puppet agents.

I am now wanting to streamline a bit more and advance my use of Puppet with the following:
*Have the puppet agent install during provisioning and have the new node subscribe to katello
*Configure basic sysadmin tasks such as create a local user during provisioning, map smb shares (fstab entries) etc.

I currently have a script I have to run on each new machine to do the above but really want to learn how to do all this during provisioning.

Is the only way to do this by editing the templates? Are there any tutorials on doing this? I have been searching for a couple days and had no luck finding anything relevant to what I want to achieve.

Good to be a part of this community, thanks in advance.

ekohl · November 5, 2018, 11:37am

It should install puppet automatically if you set the the puppet master. Note that it’ll then install puppet but if you set enable-puppetlabs-puppet5-repo to true as a global parameter it will also set up puppet 5 repositories (at least for kickstarts and preseeds). This is how it’s done in the kickstart:

github.com

theforeman/community-templates/blob/61b7a984c1512e312ff646146d705b95977f5e2e/provisioning_templates/provision/kickstart_default.erb#L227-L232


<% if puppet_enabled %>
<% if host_param_true?('enable-puppetlabs-pc1-repo') || host_param_true?('enable-puppetlabs-repo') || host_param_true?('enable-puppetlabs-puppet5-repo') -%>
<%= snippet 'puppetlabs_repo' %>
<% end -%>
<%= snippet 'puppet_setup' %>
<% end -%>

You can then also open the puppet_setup snippet and puppetlabs_repo snippet to see how those work.

Those are in the git repository that actually stores our templates and get into releases so if you have any changes, that’s the place to submit patches

damiena · November 5, 2018, 8:28pm

Thanks, I will give this a try and let you know how it goes.

damiena · November 6, 2018, 8:56am

So I have managed to get puppet agent to install during KVM provisioning however puppet agent version 3.6 gets installed. Once logging in and running a status command on the puppet service I get the following:

[root@t4 ~]# puppet --version
3.6.2
[root@t4 ~]# systemctl status puppet
● puppet.service - Puppet agent
** Loaded: loaded (/usr/lib/systemd/system/puppet.service; enabled; vendor preset: disabled)**
** Active: active (running) since Tue 2018-11-06 19:04:34 AEDT; 39min ago**
** Main PID: 2130 (start-puppet-ag)**
** CGroup: /system.slice/puppet.service**
** ├─2130 /bin/sh /usr/bin/start-puppet-agent agent --no-daemonize**
** └─2131 /usr/bin/ruby /usr/bin/puppet agent --no-daemonize**

Nov 06 19:34:45 t4. puppet-agent[2797]: Could not set ‘file’ on ensure: incorrect header check
Nov 06 19:34:45 t4. puppet-agent[2797]: Wrapped exception:
Nov 06 19:34:45 t4 puppet-agent[2797]: incorrect header check
Nov 06 19:34:45 t4. puppet-agent[2797]: (/File[/var/lib/puppet/lib/puppet/parser/functions/parsejson…heck
Nov 06 19:34:45 t4. puppet-agent[2797]: Could not set ‘file’ on ensure: incorrect header check
Nov 06 19:34:45 t4. puppet-agent[2797]: Could not set ‘file’ on ensure: incorrect header check
Nov 06 19:34:45 t4 puppet-agent[2797]: Wrapped exception:
Nov 06 19:34:45 t4 puppet-agent[2797]: incorrect header check
Nov 06 19:34:45 t4. puppet-agent[2797]: (/File[/var/lib/puppet/lib/puppet/parser/functions/validate_c…heck
Nov 06 19:34:50 t4. puppet-agent[2797]: Finished catalog run in 0.07 seconds
Hint: Some lines were ellipsized, use -l to show in full.

All puppet reports in Katello have the same errors.

The weird thing is, when the machine was provisioned, all puppet classes had been pulled from the master and installed on the agent without issue.

I have done a puppet upgrade to version 4.10.12 and all errors go away with service status as below:

I guess my question now is, how do I provision the new hosts to have puppet version 4.10.12 upon install?

Thanks again.

ekohl · November 6, 2018, 10:18am

There are enable-puppetlabs-puppet4-repo and enable-puppetlabs-puppet5-repo global parameters that should enable the right repositories. See Foreman :: Manual on how to set them.

If that doens’t work, we’ll need to know which versions you’re using. That of Foreman but also the OS and OS version you’re trying to provision.

damiena · November 6, 2018, 10:28pm

Hi there, thanks again for your response.

I am having no luck with enabling puppet 4 repo.
I have Foreman 1.19 and Katello 3.8 installed on my system. So the provisioning templates have the required code to enable to correct repos I would of thought. I have done the following (see screen shot) in global parameters, unsure if it is correct or not. However it made no difference and puppet 3.6 is still getting installed. NOTE: I also tried value ‘true’ instead of ‘enable’.

Also, I am not sure if I should have a local mirror of the repository to allow this? Or do you let the new host install from the puppet repos?

damiena · November 7, 2018, 2:49am

Managed to figure this out, for others who have this issue, solution is below:

Open kickstart template and look at first few variables:

<%#
kind: provision
name: Kickstart default
model: ProvisioningTemplate
oses:

CentOS
Fedora
RedHat
%>
<%#
This template accepts the following parameters:
lang: string (default=“en_US.UTF-8”)
selinux-mode: string (default=“enforcing”)
keyboard: string (default=“us”)
time-zone: string (default=“UTC”)
http-proxy: string (default="")
http-proxy-port: string (default="")
force-puppet: boolean (default=false)
enable-epel: boolean (default=true)
- enable-puppetlabs-repo: boolean (default=false)
- enable-puppetlabs-pc1-repo: boolean (default=false)
- enable-puppetlabs-puppet5-repo: boolean (default=false)
salt_master: string (default=undef)
ntp-server: string (default=“0.fedora.pool.ntp.org”)
bootloader-append: string (default=“nofb quiet splash=quiet”)
disable-firewall: boolean (default=false)
package_upgrade: boolean (default=true)
disable-uek: boolean (default=false)

The 3 puppet repos are false by default. Choose the repo you want to enable for the puppet agents to download from (for me it was enable-puppetlabs-pc1-repo)

Then goto Global Parameter, create a new parameter and name it as per the template (eg. enable-puppetlabs-pc1-repo). Then in value enter true

New machine now provisions with puppet-agent 4.10.

Cheers

autograph472 · February 13, 2019, 8:56pm

This solution helped me as well, but I would like to know why you need the parameter set. I cloned the kickstart file, hard coded pc1-repo to true, then attached it to my OS. I provisioned a machine and it had puppet 3.6.1 on it. I then added a parameter to my OS, restaged the machine, and now it has puppet 4.10 on it. Why does editing the template not change what happens during provisioning? If I edit any of the things in the provisioning template, would a parameter need to be set?

damiena · February 13, 2019, 10:45pm

The solution I posted above allowed me to provision new VMs with puppet 4. Check over everything and make sure the OS is using that template, also add the global parameter.

damiena · February 13, 2019, 11:01pm

You may have got confused with what is required. You do not need to clone the kickstart file, you do not need to modify it. Simply create the global parameter. See screen shot below.

damiena · February 13, 2019, 11:05pm

let me try that again

autograph472 · February 13, 2019, 11:54pm

I did get it to work, I was wondering why just editing the Kickstart provisioning template is not enough. I would think that if it is set to true in the template, provisioning would see true, and work accordingly.