A solution instance such as Puppet Master, must be created in an Application Services deployment environment so that the Puppet Master is always used when an application using Puppet-based services is deployed in that deployment environment.
You can create only one Puppet Master solution instance per a deployment environment. The solution instances of multiple deployment environments can point to the same Puppet Master. For information on using a Ruby script that runs locally on the Puppet Master server, see “Register a Puppet Master Solution Instance,” on page 68.
Prerequisites
n Log in to Application Services as an application cloud administrator.
n Depending on your cloud provider, you must have at least one vCloud Director, vRealize Automation, or Amazon EC2 deployment environment mapped in Application Services. See “Create a vCloud Director Deployment Environment,” on page 81, “Create a vCloud Director Deployment
Environment,” on page 81, “Create a vRealize Automation Deployment Environment,” on page 60, or
“Create an Amazon EC2 Deployment Environment,” on page 91.
n Make sure that the Puppet Master is configured to work with the Application Services server. See
“Prepare the Puppet Master Environment for Registration,” on page 63 or “Register a Puppet Master Solution Instance,” on page 68.
n If you are using a custom policy, verify that it is available in the library. See “Add a Policy to the Library,” on page 127.
Procedure
1 Log in to the Application Services Web interface.
2 On the Application Services title bar, click the drop-down menu and select Clouds > Deployment Environments.
3 Select an existing deployment environment.
4 Select the Solution Instances tab and click Create Solution Instance.
5 Complete the solution instance information for the deployment environment.
Option Description
Name and Description Include the solution name.
You can add property or agent configuration information for the solution in the description section.
Solution Select the available Puppet Master v1.0.0 solution from the drop-down list.
The solution properties and corresponding agents are populated.
6 In the Properties section, enter the required property values.
Property Description
puppet_server Qualified domain name of the Puppet Master server.
For the agent to trust the Puppet Master certificate, use one of the valid DNS names you set when you installed the Puppet Master. The Application Services server must be able to contact Puppet Master at this DNS name, unless the puppet_server_ip property is also supplied.
puppet_server_ip Puppet Master server IP address.
The IP address must be specified if the host name of the Puppet Master server is not resolvable in the Application Services server or agent nodes.
puppet_environment Name of the Puppet Master environment assigned to a puppet agent. This name corresponds to the environment configuration property of a puppet agent .
agent_run_interval How frequently the puppet agent applies the library. The default run interval is every 30 minutes (30m). You can specify the run interval in the following units.
n Seconds. For example, 30 or 30s.
n Minutes. For example, 30m.
n Hours. For example, 6h.
n Days. For example, 5d.
n Years. For example, 2y.
A run interval of 0 tells the puppet agent to run continuously.
identity_private_key Private key of the certificate issued to the Application Services server by the Puppet Master.
Application Services uses this certificate for authentication with Puppet Master and MCollective. The format of the certificate is PEM encoded including the header and trailer. The header for example is formatted as, '---BEGIN RSA PRIVATE KEY--'
Copy contents of the file TempCredsDir/private_keys/Name.pem you created to prepare the Puppet Master, as the value for this property.
identity_public_cert The X509 certificate corresponding to the identity_private_key property.
The format of the certificate is PEM encoded including the header and trailer. The header for example is formatted as, '---BEGIN
CERTIFICATE--'
Copy contents of the file TempCredsDir/certs/Name.pem you created to prepare the Puppet Master, as the value for this property.
Property Description
ca_cert The X509 certificate of the certificate authority that issues digital certificates used to authenticate with Puppet Master and MCollective.
The format of the certificate is PEM encoded including the header and trailer. The header for example is formatted as, '---BEGIN
CERTIFICATE--'
Copy contents of the file TempCredsDir/certs/ca.pem you created to prepare the Puppet Master, as the value for this property.
mc_servers_shared_cert Shared server certificate or public key for the MCollective cluster.
The format of the certificate is PEM encoded including the header and trailer. The header for example is formatted as, '---BEGIN
CERTIFICATE---' or '---BEGIN PUBLIC KEY--'
Copy contents of the file TempCredsDir/certs/pe-internal-mcollective-servers.pem for Puppet Enterprise or TempCredsDir/certs/mcollective-servers.pem for Puppet Open Source you created to prepare the Puppet Master, as the value for this property.
The trailer for example is formatted as,' ---END CERTIFICATE---' or '---END RSA PUBLIC KEY--'
mc_messaging_server_password Password corresponding to the config setting plugin.activemq.pool.
1.password in the MCollective server config file.
For example, the MCollective server config file in the Puppet Enterprise is located at /etc/puppetlabs/mcollective/server.cfg .
identity_cert_name Name of the identity certificate.
This name is the string which you set when you generated the Application Services certificate to correspond to the Puppet Master during the preparation of the Puppet Master.
puppet_version Puppet Enterprise suite version for a Puppet Enterprise and Puppet package version for a Puppet open source.
For example, the Puppet Enterprise version is 3.2.3 and the Puppet open source version is 3.6.2.
mc_messaging_server_username User name corresponding to the config setting plugin.activemq.pool.1.user in the MCollective server config file.
For example, the MCollective server config file in the Puppet Enterprise is located at /etc/puppetlabs/mcollective/server.cfg .
mc_messaging_server_port Port corresponding to the config setting plugin.activemq.pool.1.port in the MCollective server config file.
For example, the MCollective server config file in the Puppet Enterprise is located at /etc/puppetlabs/mcollective/server.cfg .
node_manifest_dir Directory where the node definition manifests are located for virtual machines deployed using Application Services.
The Puppet Master site.pp must be able to import *.pp files from this directory.
mc_appd_agent_ddl Location of the MCollective Application Services agent DDL file.
You do not need to override this value.
mc_client_setup_script Location of the MCollective Client setup Beanshell script.
You do not need to override this value.
global_conf URL to download the Darwin global configuration for each node.
agent_post_install_wait Time in seconds to wait after installing the agent.
7 In the Agents section, enter the required values.
Option Description
pe_installer_payload_base_path Base URI where the operating system and architecture specific Puppet Enterprise tar files are hosted. Not for Windows.
The script detects the URI based on the pe_installer_payload_base_path and the current version of operating system and architecture on the machine. You can skip this auto detection by specifying a value for the pe_installer_payload property. Automatic detection assumes that the specific directory structure mirrors the structure of the Puppet Labs hosted tar files that are located at https://s3.amazonaws.com/pe-builds/.
installer_payload_base_path Windows version of pe_installer_payload_base_path.
is_enterprise Indicates if the Puppet Master being registered is a Puppet Enterprise with a value set to true or a Puppet open source with a value set to false.
8 In the Agents section, enter the optional value.
Option Description
pe_installer_payload Link to download tar file for Puppet Enterprise. Not for Windows.
Leave this value empty unless you want to explicitly provide a complete URI of an OS-neutral Puppet Enterprise tar file. If the value is not specified, the script detects the URI based on the
pe_installer_payload_base_path and current version of operating system and architecture on the machine. An example URI is,
https://s3.amazonaws.com/pe-builds/released/3.0.1/puppet-enterprise-3.0.1-all.tar.gz
installer_payload Windows version of pe_installer_payload.
9 Click Save.
Application Services checks the property and agent values you entered and displays an error message if the required values are missing.
10 Click Validate Connection to verify the connection to the server.
11 Click the arrow next to the solution instance name to return to the previous page.
12 (Optional) On the client machine that has Puppet installed, enter the command to remove the temporary credential directory you created when you downloaded the public certificate from the Puppet Master.
rm -rf TempCredsDir
Register a Puppet Master Solution Instance
You can register a Puppet Master solution instance in an Application Services deployment environment using a Ruby script that runs locally on the Puppet Master server.
For information on the equivalent alternative to using a Ruby script, see “Create a Puppet Solution Instance,” on page 65.
Prerequisites
n Log in to Application Services as an application cloud administrator.
n You must have a Puppet Master server available with Ruby version 1.8.7, 2.0.x for Puppet 3.2 and higher, or 2.1.x for Puppet 3.5 and higher installed on it.
Procedure
1 Log in to the Puppet Master server.
2 Download the Ruby script from the Application Services server URL.
http://ApplicationDirectorIP/artifacts/solutions/puppet/RegisterWithAppD.rb 3 (Optional) Run the Ruby script with the -h option to view the registration options.
ruby RegisterWithAppD.rb -h Options:
-i, --appd_ip APPSERVICESIP Specify the IP address or host name of the Application Services instance.
-u, --appd_user USERNAME Specify the user name of the administrator account for the Application Services instance. The default is admin.
-p, --appd_password PASSWORD Specify the password for the administrator account.
-t, --appd_tenant TENANT Specify the name of the tenant assigned to the user.
-g, --appd_group GROUP Specify the business group assigned to the user.
-d, --appd_de_name DENAME Specify the name of the deployment environment to register this puppet master under.
-n, --node_manifest_dir DIR Specify the directory where Application Services places node definition files for servers under its management.
The default is the 'appd_nodes' sub-directory under the site manifest directory.
-c, --cert_name CN Specify the 'subject' for the certificate that Application Services uses to authenticate to Puppet Master. The default is 'vmware-appd'.
-s, --[no-]skip_mc_agent Install the Application Services MCollective agent and restart the MCollective daemon. Installs the MC agent by default. Use -s to skip.
4 Run the Ruby script to register the Puppet Master solution instance with the Application Services instance.
ruby RegisterWithAppD.rb -i APPSERVICESIP -u USERNAME -p PASSWORD -d DENAME -t TENANT -g GROUP
5 Verify that you receive a notification when the script successfully registers the solution instance.
6 Log in to the Application Services Web interface.
7 On the Application Services title bar, click the drop-down menu and select Clouds > Deployment Environments.
8 Select the existing deployment environment with the registered solution instance.
9 Select the Solution Instances tab and click the solution instance.
10 If you are running the Ruby script on Puppet Master Open Source, perform the following steps.
a Click Edit in the toolbar.
b In the Agents section, set the is_enterprise property value to false.
c Click Save to finish.
11 Click Validate Connection to check the connection to the server.
A notification informs you that the connection is successful and a green check mark appears next to the Validate Connection button.
What to do next
Import Puppet content into the Application Services library as services. See “Import a Puppet Service to the Library,” on page 115.