3.4.3.2. Installing SIMP Using r10k or Code Manager

r10k and Code Manager are products that automate the development and deployment of a Puppet infrastructure. SIMP supports the usage of these tools, with a little tweaking.

Read the introduction documentation on whichever of these technologies that is being used:

Note

r10k will be used to reference both r10k itself and Code Manager throughout this document. If you are using Code Manager, skip to Setting Up Your Control Repo

Important

This document will assume the SIMP server has internet access. If your system does not have internet access, you will need to adjust paths to point to your internal mirrors.

Note

This method does not modify your system’s partitioning scheme or encryption scheme to meet any regulatory policies. If you want an example of what that should look like see the Kickstart files in the simp-core Git repository.

3.4.3.2.2. Installation of r10k

r10k is a Ruby gem that only needs to be installed on hosts running puppetserver. This gem can be installed in one of two ways:

  • Gem install into the puppetserver gem set.

    $ /opt/puppetlabs/puppet/bin/gem install r10k
    
  • RPM package install of SIMP-provided r10k RPMs into /usr/share/simp without modifying the puppetserver gem set. These RPMs are available from the official SIMP YUM repositories, and, beginning with SIMP 6.2.0 the SIMP ISO.

    $ yum install simp-vendored-r10k
    

r10k can be used by calling the executable

# If installed from Puppet gem
$ /opt/puppetlabs/puppet/bin/r10k help

or

# If installed from simp-vendored-r10k
$ /usr/share/simp/bin/r10k help

3.4.3.2.4. Minimum Classes For Classification

3.4.3.2.4.1. Server

3.4.3.2.4.1.1. Open Source

To manage the puppetserver, include the following classes:

  • simp
  • simp::server
  • pupmod::master

3.4.3.2.4.1.2. PE

In a PE environment, The SIMP Server will normally be the Master of Masters (MoM). Currently, Compile Masters (CMs) are not automatically supported out of the box, and require extra configuration to ensure they remain in sync.

  • simp
  • simp::server

3.4.3.2.4.2. Agents

Agents will require the simp class at a minimum. SIMP ships with ‘scenarios’, which are essentially pre-bundled groups of modules that profile nodes for various tasks. See the Classification and Data documentation for more information. Depending on the function of your production environment, and your choice of scenario, you will want to populate Hiera with required parameters. See Advanced Configuration for a list of base parameters and their description.

3.4.3.2.5. Running Puppet For The First Time

SIMP doesn’t configure the puppetserver to listen on the typical port and CA port, so the first time the puppet agent is run, you may have to specify the ca_port and server. An example:

$ puppet agent -t --ca_port 8141 --server puppet.your.domain

Warning

YOU MUST CREATE A LOCAL USER TO LOGIN AND THAT USER MUST HAVE SOMETHING LIKE THE FOLLOWING IN PLACE IF YOU DO NOT DO THIS YOU WILL BE LOCKED OUT OF YOUR SYSTEM

SIMP, by default, implements tcpwrappers and PAM access restrictions. Be sure to add a user to the PAM whitelist and give it sudo powers:

pam::access::rule { 'ec2user':
  origins    => ['ALL'],
  permission => '+',
  users      => ['ec2user']
}
sudo::user_specification { 'ec2user':
  user_list => ['ec2user'],
  cmnd      => ['ALL']
}

SIMP also moves the location of the ssh authorized_keys file to /etc/ssh/local_keys/%u, so make sure to copy it there before logging out.

3.4.3.2.6. Notes About SIMP Infrastructure

SIMP, when installed from the ISO, moves packages into /var/www/yum and creates a yum repo in itself. SIMP modules, notably the simp::yum class, assumes this. You will have to set simp::yum::os_update_url to a CentOS Updates URL.

3.4.3.2.6.1. Next Steps

Now that your system has been installed, you should proceed to Initial SIMP Server Configuration to complete the initial setup.