Bootstrap Puppet in Kickstart Script within Cobbler

CobblerPuppetLabsIn this short article I am going to quickly demonstrate the use of Kickstart, via Cobbler, to install the Puppet agent on a new Centos 6.5 server.

This article is a follow-on to two previous articles:

  1. Cobbler Installation
  2. Puppet Installation

At the end of the Puppet article I promised to write a quick article about their integration.  In order to fully appreciate the contents of this article (i.e. to install Puppet via Kickstart in Cobbler, I recommend you follow the above two articles to build out the necessary infrastructure.

Summary - What and How

If Puppet is installed onto the same server as Cobbler a higher level of integration is possible than I am going to do today (see here for well commented sample scripts and here for an overview of the aforementioned approach).  The goal of today's article is simply to install Puppet via the Kickstart build script associated with the Cobbler profile. i.e. install Puppet while a new server is building.  The script will also wait for that certificate to be signed on the Puppet server.

Specifically, therefore, what needs to happen in this proof-of-concept?

  • Set-up the client hostname in /etc/sysconfig/network and via the commandline
  • ​Ensure client can resolve Puppet server name to IP address
  • ​Install the Puppetlabs repository location information
  • Install Puppet agent
  • Set Puppet to start on server boot up
  • Request that the Puppet server sign the new client's certificate

Additionally, on the actual Puppet server I will set the server to automatically sign certificate requests

Add Script Lines to Existing Kickstart Script

If you have followed the related previous articles then you will already have a single working profile in Cobbler that utilises the default 'sample_end.ks' Kickstart script. You already know that this script is capable of building a Centos 6.5 server in an unattended fashion.  In order to quickly demonstrate the Puppet install, alter this file

Edit /var/lib/cobbler/kickstarts/sample_end.ks and add the following lines in the '%post' section

#Update system with latest patches
yum update -y

#Set system name
# Write out the hostname to network file
/bin/echo -e "NETWORKING=yes\" > /etc/sysconfig/network

# install puppetlabs repo
rpm -ivh

# Install puppet client agent
yum install -y puppet

#switch on Puppet agent at system boot
/sbin/chkconfig --level 345 puppet on

# add host entry for puppet server
/bin/echo " puppet" >> /etc/hosts

# add server to 'test' group of machines
# /bin/echo "PUPPET_EXTRA_OPTS=\"--environment test\"" >> /etc/sysconfig/puppet

#request and wait for certificate
puppet agent --test --waitforcert 1 --server ''
  • Restart and sync Cobbler
service cobblerd restart
cobbler sync

Quick Hack on the Puppet Server

It is 'unlikely' that in your production environment you would pre-approve all certificate signing requests from clients but for this quick demonstration that is exactly what we are going to do.

  • Add the following line to /etc/puppet/puppet.conf [main] section
autosign = true
  • Restart apache web server
service httpd restart

And that's it.  Build a new minimal centos 6.5 server utilising these alterations and you should see a fully updated server, registered in the Puppet server, ready to receive Puppet instigated changes.