puppet in dell networkingi.dell.com/.../data-sheets/en/documents/puppet-in-dell-networking.pdf ·...
Post on 28-Jul-2018
215 Views
Preview:
TRANSCRIPT
Puppet in Dell Networking
Jose Gonzalez – Product Management
V1.2 February 17, 2015
Table of Contents 1 Topology ............................................................................................................................................................... 2
2 Installation ............................................................................................................................................................ 2
2.1 Puppet Master .............................................................................................................................................. 2
2.1.1 Open Automation Starter Kit VM ......................................................................................................... 2
2.1.2 Puppet Master initial configuration ..................................................................................................... 2
2.2 Puppet Agent................................................................................................................................................ 5
2.2.1 Puppet Agent installation ..................................................................................................................... 5
2.2.2 With Open Automation Starter Kit VM ................................................................................................ 5
2.2.3 Without Open Automation Starter Kit VM .......................................................................................... 5
2.2.4 Puppet Agent initial configuration ....................................................................................................... 5
3 Applying the first Puppet manifest ...................................................................................................................... 8
4 Using Puppet ...................................................................................................................................................... 10
5 Stand-alone Puppet on switches ........................................................................................................................ 12
6 Conclusion .......................................................................................................................................................... 14
Puppet in Dell Networking v1.2
2
1 Topology For this demo, we assume we have two S4810’s and one server running Puppet Master. The switches must be
able to reach the server with Puppet Master from their management interfaces.
Although it is not required, for simplicity the three nodes reside in the same local network. Puppet allows users to
identify the nodes with arbitrary names, which need not be identical to their hostnames. Again for simplicity, we
will be using the hostnames.
2 Installation
2.1 Puppet Master
2.1.1 Open Automation Starter Kit VM
If you will not be using the Open Automation Starter Kit VM with Puppet Master pre-installed, skip this chapter.
The VM is based on Ubuntu 14.04. It comes with the following settings pre-configured:
Username: dell
Password: dell
Sudo password: dell
Hostname: oa-server
Domain: openautomation.demo
IP address (static): 10.10.4.1/16
Gateway: 10.10.0.1
File servers (enabled): TFTP, FTP, HTTP, NFS
DHCP server (enabled)
DNS Server for local hosts: 10.10.4.1
Upstream DNS Server: 10.10.0.1
NTP server for local hosts: 10.10.4.1
Details of how to run and configure the different services can be found in /home/dell/HOWTO-OA.txt
2.1.2 Puppet Master initial configuration
Puppet does not work with IP addresses. It must use names that will get resolved to IP addresses by a DNS service.
You can edit the files /etc/hosts on each device to add the names and corresponding IP addresses of all Puppet
Puppet Master
(10.10.4.1)
S4810 (1)
(10.10.48.1)
S4810 (2)
(10.10.48.2)
oa-server
s4810-1 s4810-2
Puppet in Dell Networking v1.2
3
Agents. You can use the switches’ hostnames or arbitrary names for their Puppet names. However, this method
requires that you login as root, which is problematic on the switches. Moreover, this file is reset after the switch
reloads. So you will have to edit those files manually multiple times. Fortunately, the Open Automation Starter Kit
VM has a DNS service that can be used to easily configure all these names.
With Open Automation Starter Kit VM:
root@oa-server:~# cat /etc/hosts
127.0.0.1 localhost
10.10.4.1 oa-server oa-server.openautomation.demo
10.10.4.1 puppet-master puppet-master.openautomation.demo
10.10.48.1 S4810-1 S4810-1.openautomation.demo
10.10.48.2 S4810-2 S4810-2.openautomation.demo
Without Open Automation Starter Kit VM:
root@oa-server:~# cat /etc/hosts
127.0.0.1 localhost oa-server
10.10.48.1 s4810-1
10.10.48.2 s4810-2
The configuration files are stored in /home/dell/.puppet. If you change the Puppet name, IP addresses, etc., it
is better to remove all SSL certificates and start fresh. Just remove these two directories:
dell@oa-server:~/.puppet$ ls
manifests puppet.conf ssl var
dell@oa-server:~/.puppet$ rm -rf ssl var
dell@oa-server:~/.puppet$ ls
manifests puppet.conf
Then, edit /home/dell/.puppet/puppet.conf
dell@oa-server:~/.puppet$ cat puppet.conf
user = dell
group = dell
autosign = true
dns_alt_names = oa-server, puppet-master
manifest = /home/dell/.puppet/manifests
modulepath = /home/dell/.puppet/modules
Notice that we can have an alternative name (puppet-master) for the server running Puppet Master. You can
use the hostname or this Puppet name if you prefer. Whatever you chose, you must be consistent on all agents.
In this document, we will use the server hostname.
You can also use the puppet tool to edit the configuration file:
Puppet in Dell Networking v1.2
4
dell@oa-server:~/.puppet$ puppet config set user dell
dell@oa-server:~/.puppet$ puppet config set group dell
dell@oa-server:~/.puppet$ puppet config set dns_alt_names oa-server, puppet-master
dell@oa-server:~/.puppet$ puppet config set autosign true
dell@oa-server:~/.puppet$ puppet config set manifest /home/dell/.puppet/manifests
dell@oa-server:~/.puppet$ puppet config set modulepath /home/dell/.puppet/modules
Next, install the Dell Networking Puppet Agent provider in the designated directory (create it if it does not exist): /home/dell/.puppet/modules
This provider can be downloaded from iSupport.
dell@oa-server:~/.puppet/modules$ cp /tmp/netdev_config.tar.gz .
dell@oa-server:~/.puppet/modules$ tar xfv netdev_config.tar.gz
dell@oa-server:~/.puppet/modules$ rm netdev_config.tar.gz
dell@oa-server:~/.puppet/modules$ ls
dell-dnos
Next, check the date and time of the server. The Puppet Master and Agents must be in synch. In a production
environment, you want to use an NTP service. Here, we just update the time manually. We will use the server’s
time as the reference:
dell@oa-server:~/.puppet$ date -u
Tue Jan 27 09:27:22 UTC 2015
Finally, run the master for the first time in the foreground and notice if there are errors: (Some output and
warnings removed for brevity)
dell@oa-server:~/.puppet$ puppet master --verbose --no-daemonize
Info: Creating a new SSL key for ca
Info: Creating a new SSL certificate request for ca
.
.
Info: Creating a new SSL key for oa-server.openautomation.demo
Info: csr_attributes file loading from /home/dell/.puppet/csr_attributes.yaml
.
.
Notice: oa-server.openautomation.demo has a waiting certificate request
Info: Autosigning oa-server.openautomation.demo
.
.
Notice: Starting Puppet master version 3.6.2
Puppet in Dell Networking v1.2
5
2.2 Puppet Agent
2.2.1 Puppet Agent installation
Uninstall any previous Open Automation package
Upgrade the switch to OS 9.7+
Install the corresponding Scripting package:
Dell# package install tftp://1.2.3.4/SMARTSCRIPTS-P-x.y.z.u.tar.gz
Install the corresponding Puppet Agent package:
Dell# package install tftp://1.2.3.4/PUPPET-P-x.y.z.u.tar.gz
2.2.2 With Open Automation Starter Kit VM
Skip the next section and continue with Section 2.2.4.
2.2.3 Without Open Automation Starter Kit VM
Enter the NetBSD shell as root:
S4810-2# start shell
login: root
Password:
Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
2006, 2007, 2008, 2009, 2010
The NetBSD Foundation, Inc. All rights reserved.
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California. All rights reserved.
SStk-0 #
Edit the file /etc/hosts to add the IP address of the Puppet Master server and the switch. Notice we can use
either the server hostname or the server Puppet name. As said earlier, we use the hostname for the server, and
the Puppet name for the switch (s4810-2)
SStk-0 # cat /etc/hosts
127.0.0.1 localhost
10.10.4.1 oa-server
Note, this file is reset after a reload. You will need to update it again.
Exit the NetBSD shell and continue from the CLI.
2.2.4 Puppet Agent initial configuration
Check the date and time of the switch and ensure is as close as possible to that of the server. The Open
Automation Starter Kit VM has a NTP service that can be used to easily configure all these names.
Puppet in Dell Networking v1.2
6
With Open Automation Starter Kit VM:
S4810-2(conf)# ntp server 10.10.4.1
S4810-2(conf)# end
S4810-2# show clock
09:27:40.221 UTC Tue Jan 27 2015
Without Open Automation Starter Kit VM:
S4810-2# show clock
08:21:50.249 UTC Wed Nov 5 2014
S4810-2# clock set 09:27:30 Jan 27 2015
S4810-2# show clock
09:27:40.221 UTC Tue Jan 27 2015
Create a CLI user called puppet with privilege 15: (Choose any password)
S4810-2(conf)# username puppet password xxxx privilege 15
For convenience, let’s add the path of the Puppet Agent scripts to the CLI path:
S4810-2(conf)# script path /usr/pkg/dnos-puppet/scripts/bin
Puppet Agent requires the REST interface be enabled. HTTP suffices:
S4810-2(conf)# rest-server http
Remove any previous SSL certificates that might no longer be valid:
S4810-2# script execute puppet-agent args "clear-ssl" username puppet
You must use this user puppet to interact with Puppet Agent. You can login with this user, or you can use the
username parameter. Let’s display the current configuration:
S4810-2# script execute puppet-show args "config" username puppet
agentrestipaddr : 127.0.0.1
agentrestpasswd :
agentrestport : 8008
agentrestproto : http
agentrestuser :
agentsyncinterval : 60
S4810-2#
Puppet in Dell Networking v1.2
7
We need to configure the following parameters for Puppet Agent:
A CLI user with privilege 15 for the REST interface. Since we created puppet, let’s user it here, but any other
user will do as well
The REST interface details (e.g., protocol and port)
The Puppet name of the agent (i.e., s4810-2)
The Puppet name of the server where Puppet Master runs (i.e., oa-server)
We use another script to configure these parameters:
S4810-2# script execute puppet-config args "user=puppet" username puppet
S4810-2# script execute puppet-config args "group=users" username puppet
S4810-2# script execute puppet-config args "server=oa-server" username puppet
S4810-2# script execute puppet-config args "certname=s4810-2" username puppet
S4810-2# script execute puppet-config args "agentrestuser=puppet" username puppet
S4810-2# script execute puppet-config args "agentrestpasswd=xxxx" username puppet
S4810-2# script execute puppet-config args "agentrestproto=http" username puppet
S4810-2# script execute puppet-config args "agentrestport=8008" username puppet
S4810-2# script execute puppet-show args "config" username puppet
agentrestipaddr : 127.0.0.1
agentrestpasswd : ********
agentrestport : 8008
agentrestproto : http
agentrestuser : puppet
agentsyncinterval : 60
certname : s4810-2
group : users
server : oa-server
user : puppet
S4810-2#
If you wonder where the configuration files are stored, there are two.
The master configuration file is /usr/pkg/dnos-puppet/scripts/conf/dnos-puppet.cfg. This file
contains the Puppet Agent portion and the REST parameters
The configuration file for Puppet Agent is /usr/pkg/dnos-puppet/puppet/puppet.conf
Now, run the agent for the first time in the foreground and notice if there are errors: (Some output and warnings
removed for brevity)
S4810-2# script execute puppet-agent args "poll-master" username puppet
PING oa-server (10.10.4.1): 56 data bytes
64 bytes from 10.10.4.1: icmp_seq=0 ttl=64 time=0.612 ms
.
.
Info: Creating a new SSL key for s4810-2
Info: Caching certificate for ca
Info: Creating a new SSL certificate request for s4810-2
.
.
Info: Retrieving plugin
Puppet in Dell Networking v1.2
8
.
.
Info: Caching catalog for s4810-2
Info: Applying configuration version '1415154666'
.
.
Notice: Finished catalog run in 0.63 seconds
S4810-2#
Look at the Puppet Master console and verify the agent has been added to its database:
.
.
Notice: Starting Puppet master version 3.6.2
.
.
Notice: s4810-2 has a waiting certificate request
Info: Autosigning s4810-2
.
.
Notice: Compiled catalog for s4810-2 in environment production in 0.01 seconds
Info: Caching node for s4810-2
Congratulations. You have added the first node.
Repeat the same steps on the second switch.
3 Applying the first Puppet manifest Create a file with this content. The extension for Puppet manifest files is .pp. The name of the file does not
matter much. I use S4810-2.pp. What is important is the node name (s4810-2). Puppet Master will apply the
manifest whose node name matches the Puppet Agent name.
node "s4810-2" {
netdev_device { "S4810-2-Puppet":
ensure => present
}
netdev_interface {
"TenGigabitEthernet 0/1":
active => true,
admin => up,
description => "Interface tengig 0/1",
speed => 1g,
duplex => full,
mtu => 2500,
ensure => present
}
netdev_vlan {
"vlan-red":
active => true,
vlan_id => 100,
description => "Red network vlan",
ensure => present
}
netdev_vlan {
Puppet in Dell Networking v1.2
9
"vlan-green":
active => true,
vlan_id => 200,
description => "Green network vlan",
ensure => present
}
netdev_vlan {
"vlan-blue":
active => true,
vlan_id => 300,
description => "Blue network vlan",
ensure => present
}
}
Copy it to the Puppet Master server in the path provisioned for manifest in its puppet.conf , i.e.,
/home/dell/.puppet/manifests. Puppet Master will read and process all .pp files found in that directory.
Restart Puppet Master. Run Puppet Agent again:
S4810-2# script execute puppet-agent args "poll-master" username puppet PING oa-server (10.10.4.1): 56 data bytes
64 bytes from 10.10.4.1: icmp_seq=0 ttl=64 time=0.612 ms
.
.
Info: Retrieving plugin
Info: Loading facts in /usr/pkg/dnos-puppet/puppet/modules/dell-dnos/lib/facter/dell_dnos.rb
.
.
Notice: /Netdev_vlan[vlan-green]/ensure: created
Notice: /Netdev_interface[TenGigabitEthernet 0/1]/admin: admin changed 'down' to 'up'
.
.
Notice: /Netdev_vlan[vlan-red]/ensure: created
Notice: /Netdev_vlan[vlan-blue]/ensure: created
.
.
INFO : Completed Dell puppet agent run. Exit status : 2
S4810-2-Puppet#
Notice the prompt has changed to what the Puppet manifest has. If we display the Vlans, we will see them too:
S4810-2-Puppet# show vlan
NUM Status Description Q Ports
* 1 Active U Te 0/41
100 Inactive Red network vlan
200 Inactive Green network vlan
300 Inactive Blue network vlan
S4810-2-Puppet#
Congratulations. You have provisioned the first node with Puppet
Repeat the same steps on the second switch.
Puppet in Dell Networking v1.2
10
4 Using Puppet In a production scenario, Puppet Agent is running continuously in the background. At some given intervals, it will
wake up and contact Puppet Master to retrieve its configuration in order to apply it.
The beauty of Puppet is a term called Desired State Configuration, which means, Puppet guarantees an end state.
For example, if you delete any of the Vlans by accident or purposely, Puppet Agent will re-create them again in
the next run cycle.
By default, our Puppet Agent syncs with Puppet Master every hour. For this demo, we will set the minimum
interval that we allow: 10 minutes.
S4810-2-Puppet# script execute puppet-config args "agentsyncinterval=10" username puppet
Start now the Puppet Agent daemon, which will run in the background:
S4810-2-Puppet# script execute puppet-agentd username puppet bg
S4810-2-Puppet# show script process
JobID Script Name
000 puppet-agentd
Now change the hostname and delete Vlan 200:
S4810-2-Puppet(conf)# hostname NoNAME
NoNAME(conf)# no int vlan 200
NoNAME(conf)# end
NoNAME#
Wait some minutes. In the next sync cycle, the Puppet Agent daemon will wake up and perform the following
actions:
Retrieve the manifest from the master
Compare the actual status with the manifest
If there is any discrepancy, the daemon will update the system. In other words, the hostname and Vlan
200 will appear again
NoNAME#
NoNAME#
<.. Puppet Agent wakes up and syncs with the master ..>
S4810-2-Puppet# show vlan
NUM Status Description Q Ports
* 1 Active U Te 0/41
100 Inactive Red network vlan
200 Inactive Green network vlan
300 Inactive Blue network vlan
S4810-2-Puppet#
Puppet in Dell Networking v1.2
11
Let’s check whether Puppet made this change: (The timestamp will give us a hint)
S4810-2-Puppet# script execute puppet-show args "status" username puppet
Daemon Status : Running
Agent Sync Status : Running
Last Sync : 2015-01-28 06:57:28 AM
Last Sync Result : success
.
.
Master Status : alive
S4810-2-Puppet#
And what the log files say:
S4810-2-Puppet# script execute puppet-show args "log" username puppet
Previous puppet agent run log :
Latest puppet agent run log : 2015-01-28 06:57:57 +0000 Puppet (info): Retrieving plugin
2015-01-28 06:58:16 +0000 Puppet (info): Loading facts in /usr/pkg/dnos-puppet/puppet ...
.
.
2015-01-28 06:59:37 +0000 Puppet (notice): Finished catalog run in 13.97 seconds
S4810-2-Puppet#
Lastly, you can pause and resume the Puppet Agent daemon with the following commands. The daemon will
continue being alive, it will just skip the sync operations:
S4810-2-Puppet# script execute puppet-agent args "stop" username puppet
DEBUG : Stop request raised for Dell puppet agent daemon
S4810-2-Puppet#
S4810-2-Puppet# script execute puppet-agent args "start" username puppet
DEBUG : Start request raised for Dell puppet agent daemon
S4810-2-Puppet#
These commands are useful if you want to run an out-of-band synchronization with the command used in Chapter
3, without killing the daemon, and thus, avoiding race conditions if both processes tried to sync with the master at
the same time.
Finally, terminate the daemon:
S4810-2-Puppet# show script process
JobID Script Name
000 puppet-agentd
S4810-2-Puppet# script kill job-id 000
S4810-2-Puppet# show script process
JobID Script Name
Puppet in Dell Networking v1.2
12
S4810-2-Puppet#
If you want, you leave the daemon configured to be executed after a reload:
S4810-2-Puppet# configure
S4810-2-Puppet(conf)# script execute puppet-agentd watch username puppet
S4810-2-Puppet(conf)# end
S4810-2-Puppet# write
S4810-2-Puppet# show script process
JobID Script Name
000 puppet-agentd
5 Stand-alone Puppet on switches The Open Automation Puppet package contains the full Puppet distribution. This allows you to use Puppet
manifest files directly on the switch without having to configure an external Puppet Master.
The process for applying Puppet files to the switch is simpler. First, create or copy a manifest file to the switch
flash, or mount an NFS share from the switch. Notice it has the same node name as the previous files. In fact, you
can use the same manifest file used on the Puppet Master. For instance:
S4810-2-Puppet(conf)# mount nfs 10.10.50.3:/Share/Puppet puppet
S4810-2-Puppet(conf)# end
S4810-2-Puppet# dir nfsmount://puppet
Directory of nfsmount:/puppet
.
.
8 -rw- 182 Nov 05 2014 18:08:49 +00:00 example.conf
9 -rwx 1068 Nov 06 2014 10:52:01 +00:00 S4810-2.pp
S4810-2-Puppet# show file nfsmount://puppet/S4810-2.pp
node "s4810-2" {
netdev_device { "S4810-2-Standalone":
ensure => present
}
netdev_vlan {
"vlan-white":
active => true,
vlan_id => 400,
description => "White network vlan",
ensure => present
}
}
S4810-2-Puppet#
Puppet in Dell Networking v1.2
13
Note that the switches mount NFS shares in /f10/mnt/nfs/<mount-point>. Therefore, we will execute this
manifest file with this command:
S4810-2-Puppet# script execute puppet-apply args "-f /f10/mnt/nfs/puppet/S4810-2.pp" username puppet
Warning: Could not retrieve fact fqdn
Warning: Host is missing hostname and/or domain: s4810-2
.
.
Notice: /Netdev_vlan[vlan-white]/ensure: created
.
.
Notice: Finished catalog run in 12.62 seconds
INFO : Puppet manifest file (/f10/mnt/nfs/puppet/S4810-2.pp) has been applied.
S4810-2-Standalone#
Notice the prompt has changed and a new Vlan has been added:
S4810-2-Standalone# show vlan
NUM Status Description Q Ports
* 1 Active U Te 0/41
100 Inactive Red network vlan
200 Inactive Green network vlan
300 Inactive Blue network vlan
400 Inactive White network vlan
S4810-2-Standalone#
Puppet will not touch Vlans or any other resource that is not explicitly configured in the manifest files. As a result,
the previous Vlans 100, 200, 300 are maintained on the switch. To make the point, edit S4810-2.pp and add a
block to ensure Vlan 200 cannot exist:
S4810-2-Standalone# script execute vi args "/f10/mnt/nfs/puppet/S4810-2.pp"
<.. Use the vi commands to edit the file ..>
S4810-2-Standalone# show file nfsmount://puppet/S4810-2.pp
node "s4810-2" {
netdev_device { "S4810-2-Standalone":
ensure => present
}
netdev_vlan {
"vlan-green":
active => true,
vlan_id => 200,
description => "Gren network vlan",
ensure => absent
}
netdev_vlan {
"vlan-white":
active => true,
Puppet in Dell Networking v1.2
14
vlan_id => 400,
description => "White network vlan",
ensure => present
}
}
S4810-2-Standalone#
Let’s run the manifest again:
S4810-2-Puppet# script execute puppet-apply args "-f /f10/mnt/nfs/puppet/S4810-2.pp" username puppet
Warning: Could not retrieve fact fqdn
Warning: Host is missing hostname and/or domain: s4810-2
.
.
description : Green network vlan
Notice: /Netdev_vlan[vlan-green]/ensure: removed
.
.
Notice: Finished catalog run in 5.50 seconds
INFO : Puppet manifest file (/f10/mnt/nfs/puppet/S4810-2.pp) has been applied.
S4810-2-Standalone#
If we display the current Vlans, we see 200 is gone:
S4810-2-Standalone# show vlan
NUM Status Description Q Ports
* 1 Active U Te 0/41
100 Inactive Red network vlan
300 Inactive Blue network vlan
400 Inactive White network vlan
S4810-2-Standalone#
6 Conclusion There are multiples places to learn the syntax and the features of Puppet. We have just scratched the surface.
Moreover, you are not restricted to the NetdevOps classes. All native resources are also available, for instance,
you can create and delete files, execute commands, etc.
We will introduce more advanced scenarios and another important tool, Facter, in following editions of this user
guide.
top related