Setting up Puppet agents in Docker containers

The impetus behind this blog  is to set up puppet agents in docker containers. We followed the following architecture –

docker_puupet

We provisioned our own docker container from scratch. You can refer to following link how to make docker containers-
http://www.dev2ops.in/provisioning-linux-containers-through-vagrant-docker-plugin/

or you can pull our docker container at your node by running the following command

# docker pull boxupp/centos-puppet 

To install puppet server on puppet  master node please refer to the following link .

http://docs.puppetlabs.com/guides/install_puppet/install_el.html

We had preinstalled puppet in our container but in order to communicate with puppet agent we have to edit../etc/hosts file in our container which cannot be edited and  is a bug of docker as mentioned in the following ticket. https://github.com/dotcloud/docker/issues/1951

We tried few permutation combinations in our containers in order to make them work-

1. Copied /ete/hosts file to /tmp .

#cp /etc/hosts /tmp/

2. Then created a directory

#mkdir -p -- /lib-override

3. Copied libnss_files.so.2 module to the directory created above.

# cp /lib64/libnss_files.so.2 /lib-override

4. Now we have to edit the libnss_files.so.2 module and set our LD_LIBRARY_PATH.
accordingly.

What is LD_LIBRARY_PATH ?

LD_LIBRARY_PATH is an environment variable. It is used for debugging a new library or a non standard library. It is also also used to search directories. Path to search for directories has to be provided.
We copied the original libnss_files.so.2 module to newly created directory by following command.

# cp /lib64/libnss_files.so.2 /lib-override

5. Changed the path to, from where linux will get its hosts file configuration.

#sed -i.bak 's:/etc/hosts:/tmp/hosts:g' /lib-override/libnss_files.so.2

6. Set out LD_LIBRARY_PATH to /lib-override directory which we created by following command.

#export LD_LIBRARY_PATH=/lib-override

7. Also we added the environment variables to the following file so as to make the changes permanent by entering the above  command in the following file

#vi /etc/profile.d/ld.jh
export LD_LIBRARY_PATH=/lib-override

Saved the file and executed the following command in order to make permanent changes.

source /etc/profile.d/ld.jh

Now we configured our puppet agent on the docker container by adding our puppet master server in the following file.

/etc/puppet/puppet.conf file as shown
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
server = devops.paxcel
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig

and edited our /tmp/hosts file to make entry of puppet server IP address in order to resolve host-name

192.168.1.230 devops.paxcel
172.17.0.75 46c670aaef5d
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Then we started our puppet agent service on our container by running the following command.

# /etc/init.d/puppet start

We pinged our puppet master server in order to check whether it is resolving our hosts or not and included our agent in our site.pp file as shown.

node "46c670aaef5d"
{ include nagios }

and executed catalog for agent node with following command on the agent node.

#puppet agent --server devops.paxcel --waitforcert 60 --test 

as you can see in the screen shot below

screen

simultaneously we ran puppet cert –list on master machine and then got the following output

# puppet cert --list
#+ "46c670aaef5d" (SHA256) C5:2B:07:8F:6A:C4:C9:CD:C7:74:DB:89:77:E3:5D:C1:99:7C:90:7B:22:8F:84:22:0C:A2:0E:8A:69:B9:97:8B
and then ran In order to apply catalog on the agent server as shown in the above screenshot.
#puppet cert --sign 46c670aaef5d

At this stage we are done we have provisioned a puppet master server running on another node on the same network and then created a docker container running on different node on the same network and finally provisioned a puppet module to install nagios from the puppet master server and provisioned our docker container from it.

Leave a Reply

Your email address will not be published. Required fields are marked *