3.4.3.2. Installing SIMP Using r10k or Code Manager¶
Contents:
r10k and Code Manager are products that automate the development and deployment of a Puppet infrastructure. SIMP supports the usage of these tools, with a little tweaking.
Read the introduction documentation on whichever of these technologies that is being used:
- Code Manager: https://docs.puppet.com/pe/latest/code_mgr.html
- r10k: https://github.com/puppetlabs/r10k/blob/master/README.mkd
Note
r10k will be used to reference both r10k itself and Code Manager throughout this document. If you are using Code Manager, skip to Setting Up Your Control Repo
Important
This document will assume the SIMP server has internet access. If your system does not have internet access, you will need to adjust paths to point to your internal mirrors.
Note
This method does not modify your system’s partitioning scheme or encryption scheme to meet any regulatory policies. If you want an example of what that should look like see the Kickstart files in the simp-core Git repository.
3.4.3.2.1. Preparing Your System¶
Follow the Preparing For Non-RPM Install guide.
3.4.3.2.2. Installation of r10k¶
r10k is a Ruby gem that only needs to be installed on hosts running
puppetserver
. This gem can be installed in one of two ways:
Gem install into the
puppetserver
gem set.$ /opt/puppetlabs/puppet/bin/gem install r10k
RPM package install of SIMP-provided r10k RPMs into
/usr/share/simp
without modifying thepuppetserver
gem set. These RPMs are available from the official SIMP YUM repositories, and, beginning with SIMP 6.2.0 the SIMP ISO.$ yum install simp-vendored-r10k
r10k
can be used by calling the executable
# If installed from Puppet gem
$ /opt/puppetlabs/puppet/bin/r10k help
or
# If installed from simp-vendored-r10k
$ /usr/share/simp/bin/r10k help
3.4.3.2.3. Setting Up Your Control Repository¶
Follow the HOWTO Set up a SIMP Control Repository guide.
3.4.3.2.4. Minimum Classes For Classification¶
3.4.3.2.4.1. Server¶
3.4.3.2.4.1.1. Open Source¶
To manage the puppetserver, include the following classes:
simp
simp::server
pupmod::master
3.4.3.2.4.1.2. PE¶
In a PE environment, The SIMP Server will normally be the Master of Masters (MoM). Currently, Compile Masters (CMs) are not automatically supported out of the box, and require extra configuration to ensure they remain in sync.
simp
simp::server
3.4.3.2.4.2. Agents¶
Agents will require the simp
class at a minimum. SIMP ships with
‘scenarios’, which are essentially pre-bundled groups of modules that profile
nodes for various tasks. See the Classification and Data documentation
for more information. Depending on the function of your production environment,
and your choice of scenario, you will want to populate Hiera with required
parameters. See Advanced Configuration for a list of base parameters and
their description.
3.4.3.2.5. Running Puppet For The First Time¶
SIMP doesn’t configure the puppetserver to listen on the typical port and CA
port, so the first time the puppet agent is run, you may have to specify the
ca_port
and server
. An example:
$ puppet agent -t --ca_port 8141 --server puppet.your.domain
Warning
YOU MUST CREATE A LOCAL USER TO LOGIN AND THAT USER MUST HAVE SOMETHING LIKE THE FOLLOWING IN PLACE IF YOU DO NOT DO THIS YOU WILL BE LOCKED OUT OF YOUR SYSTEM
SIMP, by default, implements tcpwrappers and PAM access restrictions. Be sure to add a user to the PAM whitelist and give it
sudo
powers:pam::access::rule { 'ec2user': origins => ['ALL'], permission => '+', users => ['ec2user'] } sudo::user_specification { 'ec2user': user_list => ['ec2user'], cmnd => ['ALL'] }
SIMP also moves the location of the ssh authorized_keys file to
/etc/ssh/local_keys/%u
, so make sure to copy it there before logging out.
3.4.3.2.6. Notes About SIMP Infrastructure¶
SIMP, when installed from the ISO, moves packages into /var/www/yum
and
creates a yum
repo in itself. SIMP modules, notably the simp::yum
class,
assumes this. You will have to set simp::yum::os_update_url
to a CentOS
Updates URL.
3.4.3.2.6.1. Next Steps¶
Now that your system has been installed, you should proceed to Initial SIMP Server Configuration to complete the initial setup.