Introduction

Puppet is a Ruby based Configuration Management System with client/server model,  licensed under GPLv2 .It has one Master server puppetmasterd  and all other machines are configured as puppet clients . We set configurations at the puppet server and then push them to all clients which are connected to the master. The client puppet correctly applies the corresponding configurations on the client machine regardless of their platform difference.

Puppet is a gift to the server administrators who need to manage a large number of systems with different flavor of Gnu/Linux, Mac, Solaris and other Unix Based systems.If we are managing systems via remote administration then it would be a headache to the administrator and if the systems are different then the complexity will increase. Some accidental configuration changes may cause inconsistent working of the server. If we are using the Puppet for the configuration management then it will be a one time implementation of these configuration changes only at puppet server, then we just apply them to different puppet clients without any delay.

Another power of the puppet is it uses a Declarative Language to define configuration settings at the puppet master server. This language includes all major high level language features like Functions, Conditional Statements, Inheritance and other OOPs concepts. This feature makes for more readable , reusable and consistent Puppet configurations settings, when we compared with other configuration management tools like Cfengine.

Working

Puppet master server stores all client configurations, and  each client will contact the server via port 8140 (by default). The connection between server and client is encrypted. The client will generate a self-signed key before it connects to server and will submit this self-signed key to the master server and get the verified key back. Here master server acts like a Certification Authority. After this process, the client will establish a encrypted session with the server and get the configuration settings, then compile and apply it on client system. When the client compiles the configurations from server it may rise error messages if  there are any syntax errors in the configuration definitions. We can verify this on the puppet server and client log file.

Here is the outline of puppet server and client Architecture

Installation

Before installing Puppet, we need to setup some dependencies. First we need ruby with common library files(xml,ssl,etc.) installed, and facter, which is another ruby project that gathers all system information. Facter will be installed in all puppet clients. The puppet server retrieves the client configuration settings and other system-specific details from facter.

You can use the ruby’s built-in library management tool rubygem(rake) (similar to CPAN for Perl) to solve the dependency problems with libraries.

Facter installation :-

Get latest version from www.reductivelabs.com

tar -zvf facter-<version>.tar.gz

cd facter

ruby install.rb

facter --version

Puppet installation :-

If we are installing from the package manager, there will be two packages: puppetd as the client and puppet-master as the Puppet server. We need to install both to setup the client and server, and both can be installed from the source code.

Download latest package from the www.puppetlabs.com, then similar to facter installation:

tar -xzvf puppet-<latest version>;

cd puppet-<latest-version>;

ruby install.rb

#Create user and group for puppet
groupadd puppet
useradd -g puppet puppet

This step will install the required packages for the Puppet client and server. If you have any dependency problems then it might be due to a version mismatch problem between ruby/puppet/facter, so select correct the versions.

By default, the configuration files are listed under /etc/puppet and all others are in the /var/lib/puppet  folder (including log files).

Currently Puppet support all major Unix like systems but not Windows.The latest versions of the Puppet has introduced support for the Windows operating system by developing Windows specific facter tool.

How to configure Puppet server :-

After  successful installation of the Puppet master server and client, there is a set of daemons associate with this package as well as command line utilities to manage these daemons. They are:

puppetmasted       #Puppet Master Server

puppetd            #puppet Client.

puppetca           #Key management daemon

#and Set of other Utility commands.

Puppet  work without creating configuration files explicitly; they are already pre-configured. But to start the interaction with clients we need to make some changes. First, we can check the structure of the puppet configuration file.

It’s a good practice maintaining an explicit puppet configuration file;the latest versions of puppet use single configuration file to manage every daemons. By default, configuration files are stored under /etc/puppet. We save  all the configuration details of major daemons at /etc/puppet/puppet.conf.The puppet.conf use a special type of configuration structure to include every daemon’s configuration details,described below:

#Cat /etc/puppet/puppet.conf

[main]

Here We specify a set of configuration details common to all daemons.

[puppetmasterd]

Here comes the Puppet master server configuration details.

[puppetd]

To include the Puppet client configurations.

[puppetca]

Configuration details of puppet key management tool.

To get all the parameters under each daemons and main section with its functional details, please refer this page

How to Connect Puppet Client with Puppet Server

To set up a client we  just have to install the puppet client version or every package in another system.Your master server is now capable to work as a puppet client also. At the master server we need to specify the set of configuration that will guide how to change the configurations at clients.

Puppet server and client use Hostname to communicate with each other and also used to generate ssh key and key verification etc.., so we need a stable hostname resolution system (DNS or Local settings) in our network to ensure the proper connection between clients and server.So select proper hostnames to your server and clients like:

puppet-server.com #For your Master Server

puppet-client1.com,puppet-client2.com,etc... #Your clients.

After the hostname allocation we need to start the server and client daemons.Use command line options now to know the more about the interactions between client and server.

To start the master server :-

 puppetmasterd --no-daemonize --logdest console

Then Start the puppet Client, specify the server name

puppetd --server puppet-server.com --verbose --waitforcert 30

On the client side we will get the message regarding the creation of a self signed key and waiting for server verification.

Creating a new SSL key for puppet-client.com
Creating a new SSL certificate request for puppet-client.com
Certificate Request fingerprint (md5): 37:89:4E:86:C0:A7:5B:24:1A:E2:9B:85:83:90:0F:CE
Did not receive certificate

At the same time server side we will get the following message.

notice: Starting Puppet master version 2.6.0
notice: puppet-client.com has a waiting certificate request

To proceed further , at server side we need to verify this key from the puppet-client.com. For that we can use the key management tool puppetca.

puppetca --list  #To list the unverified requests.

puppetca --sign puppet-client.com  # To complete the verification process.

Now If we are restarting the puppet client with following command, you can see the client will immediately apply the configurations. You can check this from the log file or from the console if you are running the client in none daemonize mode.

puppetd --server puppet-server.com

Note:- If we are specify these settings at puppet.conf then you can just type the commands without any parameters to start appropriate daemons.

The Configuration Management

Last and very powerful feature of the puppet is the way Puppet server define the Client configurations. For that Puppet use one declarative language which support most of the high level language constructs like OOPs. So lets try one simple configuration which change the permission of /etc/passwd file at all the clients connected with server to 640 and check Apache webserver installed or not , if not, puppet client will install it automatically.

These configuration specifications are defined under a file “/etc/puppet/manifests/site.pp” by default, we can split this file in to several files then include them at sites.pp.

Here is the sample site.pp file.

file { "password":
name => "/etc/passwd",
 owner => "root",
 group => "bin",
 mode => 644,
}

class apache {

package {       httpd: ensure => installed  }

service { "httpd":

name => $operatingsystem ? {
debian  => "apache2",
redhat  => "httpd",
default => "apache",
CentOS  => "httpd",
},
ensure => running,
require => Package["httpd"],
}
}

node 'puppet-client.com' {
include apache
}
#All other nodes they don't have definitions associated with them will use the following node definition.

node default {
case $operatingsystem {
CentOS: {include apache }
default: {}
}
}

The above file is the Puppet client configuration specification written in puppet declarative language on puppet master server.

This language has a lot of constructs to define the resource and its properties.Using these constructs we manage the resources on client systems. The types of resources that puppet manages are listed bellow, plus we can add our own customized resources to mange.

Type of Resources that puppet can manage, by default:-

• Files
• Packages
• Services
• Corn Jobs
• Users and Groups
• To run Shell Commands
• And User defined resource types
  

Each of the above resources has a set of attributes or properties and values. Using the puppet configuration language, we can set the corresponding property values. The resource can defined by providing three main parameters: Resource type name, then inside braces({}) title of the resource and set of property values. From the above example, take the resource of type File with title name “password” inside that we have set of property values like name,owner,groups etc… so if a client successfully connect to server,the client puppet will apply these setting on client machine. If we change this property values, after next interval we can see the client will successfully apply it.

In this way we can control the resource configurations. On our networks there should be  different types of systems (Redhat,Debian,etc..),and they have some changes in the structure of the files and other package names, so here we need to apply the configurations based on the type of clients.Puppet provide Conditional statements (if and case ) to check and apply configurations depending on client architecture. For that we need some system information from the client and facter will provide these details. We can use that information in the puppet configuration specifications like a variable, for example: $operatingsystem (You can see all the details that facter will provide by just typing the command facter at command prompt.)

Similarly, we can specify the rules based on the client name, and using the OPPs constructs we can define the classes and reuse them with other client definitions. You can find some of them from  above example site.pp file.You can do a high level configuration design using puppet language. To learn more about the language constructs, please check the puppet online wiki or a nice book  which describe everything associated with Puppet by James Turnbull(Pulling Strings with Puppet.)

Haridas N linux Datacenter Administration Tool, install and configure puppet', Puppet, puppet configurations, Setup Puppet

Bacula : –   It comes by night and sucks the vital essence from your computers..

Introduction:

Bacula is an on-linebased back up tool. Which is used to backup files from different servers into back up server where the bacula is running. For setup this backup tool across network first you have to install bacula server package on backup server machine where you are storing your backup contents ,and install bacula client daemon on all other servers from where we are going to backup data.

Bacula has five main components.

1.Director daemon

This daemon co-ordinate all working of backup,and through its configuration file we can specify all these things.

2.File daemon

This daemon works in all clients from that client we are backup data. Director daemon connect to this daemon after authentication and backup the files from this client.

3.Storage daemon

This daemon is for store the backup data from client in to hard disk of backup server,usually this daemon and director daemon works in the same backup server. director works as intermediate between the file daemon and storage daemon.

4.Console daemon

This is a terminal to control all works.This console connect to director daemon and using its commands we can define all things related with backup .

5.Catalog Database

The database used here is for store all information related to the backup, including the file indexing.Commonly used database for bacula is Mysql.

This figure shows how the different bacula daemon configuration files were linked together.

Install and Configure Bacula Server

You can install bacula from rpm packages or from Source compilation. Here we are focusing on the source method,which is tested and is working fine.

* Download latest version of bacula from bacula.org site .

Here we are using following versions

1. bacula-3.0.3.tar.gz (http://sourceforge.net/projects/bacula/files/bacula/3.0.3/bacula-3.0.3.tar.gz/download)

2. depkgs-18Feb09.tar.gz or later versions (http://sourceforge.net/projects/bacula/files/depkgs/18Feb09/depkgs-18Feb09.tar.gz/download)

This two packages are used to setup a bacula,In which you have to install depkgs-18Feb09.tar.gz first to solve remaining dependency problems before starting bacula-3.0.3.tar.gz. You should not hesitate to install depkgs-18Feb09.tar.gz ,it contains different packages ,in which you can install “mtx and qwt”. you need not install sqlite database because mysql is the default database.

tar -xzf depkgs-18Feb09.tar.gz
cd depkgs
make qwt
make mtx
gmake mtx-instal

Then Enter in to the bacula source directory and Use the following configurations settings to install bacula (Or You can use system default configuration)

 CFLAGS="-g -O2" \
./configure \
--sbindir=/usr/local/bacula/bin \
--sysconfdir=/usr/local/bacula/bin \
--with-pid-dir=/usr/local/bacula/bin/working \
--with-subsys-dir=/usr/local/bacula/bin/working \
--enable-smartalloc \
--with-mysql \
--with-working-dir=/usr/local/bacula/ \
 --with-dump-email=user.name=@????.se \     #The mail addresses is to mail all activities of your backup in to your inbox.
--with-job-email=user.name@????.se \
--with-smtp-host=localhost \
--enable-bat \
--with-qwt=/usr/local/qwt-5.0.2/        #path to qwt source folder( usually it is inside depkg folder that you are installed previously)</pre>

make

make install

make install-autostart   #only supported for the officially supported systems (Redhat/Fedora...).This will put all startup script into the /etc/init.d/ folder and corresponding syslinks , so automatically start corresponding daemon at  startup.

make distclean  # type this to clear all configuration settings if you are starting ./configure from beginning.

Now you are successful completed the installation of bacula server , then type

Then we have to setup the Database to store the catalog information.Most commonly used database is Mysql,and setup the corresponding users,databases and privileges for the bacula application.

 /etc/init.d/mysqld start 

Bacula installation has included some scripts to complete the initial database and other server setups, these scripts are under your bin folder of the installed directory.

cd <Installed path>/bin

./grant_mysql_privileges -u root -p

Create database

./create_mysql_database -u root -p
./make_mysql_tables -u root -p

create a directory called working under /usr/local/bacula/bin/

Afrer installation of bacula. navigate to installed folder and run bacula by typing

./bacula start

This will start all three daemons ( bacula-dir,bacula-sd and bacula-fd)

default case:

daemon    |  port
===================
bacula-dir   9101
bacula-fd    9102
bacula-sd    9103

make sure that the above mentioned ports are added and opened in the csf.conf file of the server or in some other firewall settings

After successful installation to start the sample backup from same system where you installed all three daemons . Follow this simple tutorial :

http://www.bacula.org/en/rel-manual/Brief_Tutorial.html#TutorialChapter

To administrate  bacula it  provide a console or terminal named as bconsole . Using this console we can do all work from back end.

NB: For installation from source package, after detar you should read the README and INSTALL files. Most of the time this will helps you to complete installation.

Install and Configure Bacula Client

After downloading the source and depkgs do the depkgs installation as mentioned  above
Use these following  configuration to install client  :

CFLAGS="-g -O2" ./configure  --bindir=/usr/local/bacula/bin --sysconfdir=/usr/local/bacula/bin --with-pid-dir=/usr/local/bacula/bin/working --with-subsys-dir=/usr/local/bacula/bin/working --enable-smartalloc --with-working-dir=/usr/local/bacula/ --with-dump-email=user@yourdomain.com --with-job-email=user@yourdomain.com  --with-smtp-host=localhost  --with-qwt=../depkgs/qwt-5.0.2/(here path to qwt source) --enable-client-only

If your system is 64-bit(To know it use the command arch ) then add –libdir=/usr/local/lib64

make

make install

make install-autostart-fd     //It helps start client daemon at start up.

create a directory called working under /usr/local/bacula/bin/

start the file daemon using

/etc/init.d/bacula-fd start

add a new “client”and “job” in to the bacula-dir.conf

and set the password in the in the conf’s as shown in the above figure (Use above tutorial also)

Use Follwing configuration checking if you have any problems with the bacula setup

a) Client bacula-fd daemon listening to 9102
b) Edit bacula-fd.conf ,Change the Director name and password to Director name and client resource password in the  bacula-dir.conf
    file of the Server.
c) Add server hostname to the /etc/hosts of the client system, inorder to ensure correct resolution.

d) Also check the ports 9102 to listen server request and 9103 to contact server storage daemon by typing

telnet server-hostname 9103 (from client )
telnet client-hostname 9102  (from server)

========================================================================================
Above procedure is the standard installation steps ; You can download and use the documentation (*.gz) package from bacula.org for more details.
========================================================================================

SET UP WEB BASED INTERFACE TO MONITOR BACULA( php and perl based)

—————————————————————————————————————-
( Install this package in your backup server where your bacula-server is installed)

1.Bweb web based comprehensive admin tool

Bweb developed up on perl,so in order to install bweb we need to install some perl dependencies files.
you can use cpan.
You can install this tool just following the INSTALL file under bacula-gui-XXX/bweb/. This file is more than enough to complete the installation of bweb.

2. bacula-gui-3.0.3.tar.gz

Download this package to setup web interface .

Detar this package and Read README to complete installtaion [in this package You need not type ‘make or make install’ , just

 ./configure --with-bacula=(path to bacula source folder)

Then copy the bacula-web from this source folder and place it in your document root of the apache.

NB: This gui was only tested with php 4.3.4 and php-5.0.4,later. you may get blank page while you are using later versions.check the error log and correct it (may be some permission error ). If you have any problem to install php 4.3.4 with your latest apache 2.2.* then go for apache 2.0.* versions.

Here we tested the following versions.
1.Install pear DB by typing “#pear install DB ”
2.apache 2.0.63
3.php-4.3.4

After installation web-servercopy copy folder bacula-web to its document root , then type : http://system-ip:/bacula-web

Some Error Fixes:

————————————

1.If your configuration of server and clients seems to be correct, but you still receiving  this error

eg:”: Fatal error: bsock.c:135 Unable to connect to Client: server.client.com-fd on server.client.com:9102. ERR=Interrupted system call ”

* Please check the firewall configurations,whether ports 9102 not blocked at client server and 9101or 9102 are not blocked at server .
* To check this telnet to destination port. If the system is installed with csf ,then check the TCP IN and OUT allowed ports.

Haridas N general, linux bacula installation, how to configure baccula, setup bacula