mcollective » History » Version 6
Laurent Domb, 05/03/2013 10:31 AM
1 | 1 | Laurent Domb | h1. mcollective |
---|---|---|---|
2 | |||
3 | As adding support for mCollective is currently a work in progress [[ http://projects.theforeman.org/projects/1/wiki/MCollective_integration ]] and primarily focused around the smart-proxy, this how to can change at any time. |
||
4 | |||
5 | 6 | Laurent Domb | h2. Mcollective 1.2.1, Foreman and Puppet PE |
6 | 1 | Laurent Domb | |
7 | As puppet PE comes with mcollective it's fairly easy to make it work with the foreman smart proxy. Sam Kottler wrote a patch (https://github.com/theforeman/smart-proxy/pull/58/files) to integrate mcollective and foreman-proxy. |
||
8 | |||
9 | 3 | Laurent Domb | I assume you have followed the guide [[ passenger on Puppet PE and use foreman as an ENC and reporting engine ]]. If so you need to replace, create and edit the following files: |
10 | 1 | Laurent Domb | |
11 | <pre> |
||
12 | /usr/share/foreman-proxy/config/settings.yml |
||
13 | /usr/share/foreman-proxy/lib/proxy/puppet.rb |
||
14 | /usr/share/foreman-proxy/lib/proxy/puppet/runner.rb |
||
15 | /usr/share/foreman-proxy/lib/puppet_api.rb |
||
16 | </pre> |
||
17 | |||
18 | In /usr/share/foreman-proxy/config/settings add the following line after the puppet management entry: |
||
19 | |||
20 | <pre> |
||
21 | # enable MCollective integration |
||
22 | 4 | Laurent Domb | :mcollective: true |
23 | 1 | Laurent Domb | </pre> |
24 | |||
25 | 2 | Laurent Domb | Now your puppet pe / foreman installation is ready for a puppet run via foreman host page. |
26 | |||
27 | 1 | Laurent Domb | Then replace puppet.rb and puppet_api.rb |
28 | <pre> |
||
29 | # rm -f /usr/share/foreman-proxy/lib/proxy/puppet.rb |
||
30 | # cd /usr/share/foreman-proxy/lib/proxy/ |
||
31 | # wget https://raw.github.com/skottler/smart-proxy/2a7b5fbfcdb3a0e9a4b22d46a09d4bfa2aa0f765/lib/proxy/puppet.rb |
||
32 | # rm -f /usr/share/foreman-proxy/lib/puppet_api.rb |
||
33 | # cd /usr/share/foreman-proxy/lib/ |
||
34 | # wget https://raw.github.com/skottler/smart-proxy/2a7b5fbfcdb3a0e9a4b22d46a09d4bfa2aa0f765/lib/puppet_api.rb |
||
35 | </pre> |
||
36 | |||
37 | 6 | Laurent Domb | The 4th script runner.rb needs a little bit more attention. Puppet pe 2.7.2 does use mcollective 1.2 which means the agent puppet cannot be used. So we need to swap it with puppetd. Also to be able to query the hosts, all the mcollective commands need to be running in the peadmin user environment. |
38 | 1 | Laurent Domb | |
39 | <pre> |
||
40 | # cd /usr/share/foreman-proxy/lib/proxy/puppet/ |
||
41 | # wget https://raw.github.com/skottler/smart-proxy/2a7b5fbfcdb3a0e9a4b22d46a09d4bfa2aa0f765/lib/proxy/puppet/runner.rb |
||
42 | </pre> |
||
43 | |||
44 | Modify the runner.rb file on line 8 and line 16: |
||
45 | |||
46 | <pre> |
||
47 | 1 module Proxy::Puppet |
||
48 | 2 class Mcollective |
||
49 | 3 extend Proxy::Util |
||
50 | 4 |
||
51 | 5 def self.run(nodes) |
||
52 | 6 mco_search_path = ["/usr/bin", "/opt/puppet/bin"] |
||
53 | 7 sudo = which("sudo", "usr/bin") |
||
54 | 8 sudo = sudo << " -u peadmin" |
||
55 | 9 mco = which("mco", mco_search_path) |
||
56 | 10 |
||
57 | 11 unless sudo and mco |
||
58 | 12 logger.warn "sudo or the mco binary is missing." |
||
59 | 13 return false |
||
60 | 14 end |
||
61 | 15 |
||
62 | 16 mco << " puppetd runonce -I #{nodes}" |
||
63 | </pre> |
||
64 | |||
65 | h3. Mcollective sudo |
||
66 | |||
67 | Create an mcollective sudoers file to allow the foreman proxy to execute mco commands. |
||
68 | |||
69 | <pre> |
||
70 | Defaults:foreman-proxy !requiretty |
||
71 | foreman-proxy ALL=(peadmin) NOPASSWD: /opt/puppet/bin/mco * |
||
72 | </pre> |
||
73 | 6 | Laurent Domb | |
74 | h2. Mcollective 1.2.1 / Foreman / Puppet Opensource |
||
75 | |||
76 | Installing mcollective on a opensource puppet host is slightly different than the above procedure as puppet enterprise comes with pre configured puppet modules which do most of the steps automatically which I show here manually. You could also download the puppet modules from puppet forge for mcollective and activemq and customize them for your needs. First we need to install mcollective and mcollective-client. The mcollective-client is only needed by the puppet master host. To be consistent with the above installation I choose the same version of mcollective as in puppet pe. |
||
77 | |||
78 | h3. Install activemq / mcollecitve |
||
79 | |||
80 | To be able to install mcollective and activemq you need to install the puppetlabs repo. |
||
81 | |||
82 | <pre> |
||
83 | $ sudo rpm -ivh sudo rpm -ivh http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-7.noarch.rpm |
||
84 | </pre> |
||
85 | |||
86 | Install activemq and mcollective on the puppet server |
||
87 | |||
88 | <pre> |
||
89 | $ sudo yum install mcollective-1.2.1-1.el6.noarch mcollective-common-1.2.1-1.el6.noarch mcollective-client-1.2.1-1.el6.noarch |
||
90 | </pre> |
||
91 | |||
92 | Configure activemq first and edit the following lines in /etc/activemq/activemq.xml |
||
93 | |||
94 | <pre> |
||
95 | 109 <authenticationUser username="mcollective" password="marionette" groups="mcollective,everyone"/> |
||
96 | 119 <authorizationEntry topic="mcollective.>" write="mcollective" read="mcollective" admin="mcollective" /> |
||
97 | 120 <authorizationEntry queue=">" write="mcollective" read="mcollective" admin="mcollective" /> |
||
98 | </pre> |
||
99 | |||
100 | Enable activemq to start on boot and start the service |
||
101 | |||
102 | <pre> |
||
103 | # chkconfig activemq on |
||
104 | # service activemq start |
||
105 | </pre> |
||
106 | |||
107 | Configure the server.cfg in /etc/mcollective/server.cfg |
||
108 | |||
109 | <pre> |
||
110 | topicprefix = /topic/ |
||
111 | main_collective = mcollective |
||
112 | collectives = mcollective |
||
113 | libdir = /usr/libexec/mcollective |
||
114 | logfile = /var/log/mcollective.log |
||
115 | loglevel = info |
||
116 | daemonize = 1 |
||
117 | |||
118 | # Plugins |
||
119 | securityprovider = psk |
||
120 | plugin.psk = unset |
||
121 | |||
122 | connector = stomp |
||
123 | plugin.stomp.host = YOUR ACTIVEMQ HOST can be local host |
||
124 | plugin.stomp.port = 61613 |
||
125 | plugin.stomp.user = mcollective |
||
126 | plugin.stomp.password = marionette |
||
127 | |||
128 | # Facts |
||
129 | factsource = yaml |
||
130 | plugin.yaml = /etc/mcollective/facts.yaml |
||
131 | |||
132 | # Puppet Classes |
||
133 | classesfile = /var/lib/puppet/classes.txt |
||
134 | |||
135 | # Puppet Agent plugin configuration |
||
136 | plugin.puppetd.puppetd = /usr/sbin/puppetd |
||
137 | plugin.puppetd.lockfile = /var/lib/puppet/state/puppetdlock |
||
138 | plugin.puppetd.statefile = /var/lib/puppet/state/state.yaml |
||
139 | plugin.puppetd.splaytime = 120 |
||
140 | # Note the following two are "puppet" and not "puppetd" |
||
141 | plugin.puppet.pidfile = /var/run/puppet/agent.pid |
||
142 | plugin.puppet.summary = /var/lib/puppet/state/last_run_summary.yaml |
||
143 | |||
144 | |||
145 | # Periodcally broadcast metdata for registration purposes. |
||
146 | # This registration plugin will broadcast current Facter fact values. |
||
147 | registration = Meta |
||
148 | # registerinterval is intentionally "long" to prevent systems from being overly |
||
149 | # chatty on the message bus by default. If you want a higher frequency, this |
||
150 | # may be set to 300 (5 minutes) |
||
151 | registerinterval = 14400 |
||
152 | |||
153 | # authorization |
||
154 | rpcauthorization = 1 |
||
155 | rpcauthprovider = action_policy |
||
156 | plugin.actionpolicy.allow_unconfigured = 1 |
||
157 | </pre> |
||
158 | |||
159 | Configure the client.cfg in /etc/mcollective/client.cfg |
||
160 | |||
161 | <pre> |
||
162 | topicprefix = /topic/ |
||
163 | main_collective = mcollective |
||
164 | collectives = mcollective |
||
165 | libdir = /usr/libexec/mcollective |
||
166 | logfile = /dev/null |
||
167 | loglevel = info |
||
168 | |||
169 | # Plugins |
||
170 | securityprovider = psk |
||
171 | plugin.psk = unset |
||
172 | |||
173 | connector = stomp |
||
174 | plugin.stomp.host = localhost |
||
175 | plugin.stomp.port = 61613 |
||
176 | plugin.stomp.user = mcollective |
||
177 | plugin.stomp.password = marionette |
||
178 | |||
179 | # Facts |
||
180 | factsource = yaml |
||
181 | plugin.yaml = /etc/mcollective/facts.yaml |
||
182 | </pre> |
||
183 | |||
184 | h2. Install the mcollective plugins |
||
185 | |||
186 | Per default mcollective comes only with discovery and rpcutil as an agent. As we want to run puppet we need to get the puppetd agent and application. Please be aware that the puppetd agent is an old plugin. Its recommended to run puppet.rb from (https://github.com/puppetlabs/mcollective-puppet-agent.git) which does need mcollective >= 2.2. |
||
187 | |||
188 | To be consistent with the puppet pe env we are going to install the following additional agents / applications which you can get from here |
||
189 | git://github.com/puppetlabs/mcollective-plugins.git: |
||
190 | <pre> |
||
191 | agents (/usr/libexec/mcollective/mcollective/agent): |
||
192 | --- package.ddl |
||
193 | --- package.rb |
||
194 | --- puppetd.ddl |
||
195 | --- puppetd.rb |
||
196 | --- puppetral.ddl |
||
197 | --- puppetral.rb |
||
198 | --- service.ddl |
||
199 | --- service.rb |
||
200 | |||
201 | applications (/usr/libexec/mcollective/mcollective/application): |
||
202 | |||
203 | --- package.rb |
||
204 | --- puppetd.rb |
||
205 | --- service.rb |
||
206 | |||
207 | and util (/usr/libexec/mcollective/mcollective/util): |
||
208 | --- actionpolicy.rb |
||
209 | </pre> |
||
210 | |||
211 | h3. Collect puppet facts for mcollective |
||
212 | |||
213 | If you look at the mcollective server.cfg you'll see that we mentioned the file /etc/mcollective/facts.yaml. This file is needed so that mcollective can query the host facts. There are 2 approaches to create the file. The first one was written by Jordan Sissel. He added a file resource to the mcollective module which creates the facts.yaml file each time puppet runs. |
||
214 | |||
215 | <pre> |
||
216 | file { |
||
217 | "/etc/mcollective/facts.yaml": |
||
218 | ensure => file, |
||
219 | content => inline_template("<%25= scope.to_hash.reject { |k,v| !( k.is_a?(String) && v.is_a?(String) ) }.to_yaml %25>"), |
||
220 | require => Package["mcollective"]; |
||
221 | } |
||
222 | </pre> |
||
223 | Another approach is to create a cron entry to update the facts every 15 minutes |
||
224 | <pre> |
||
225 | 0,15,30,45 * * * * /usr/sbin/refresh-mco-meta |
||
226 | </pre> |
||
227 | |||
228 | Create the file refresh-mco-meta in /usr/sbin/ and add the following content |
||
229 | |||
230 | <pre> |
||
231 | #! /bin/bash |
||
232 | /usr/bin/facter --puppet --yaml > /etc/mcollective/facts.yaml.new |
||
233 | mv /etc/mcollective/facts.yaml.new /etc/mcollective/facts.yaml |
||
234 | </pre> |
||
235 | |||
236 | h3. Starting the service mcollective and enableing mcollective at boot on the puppet server |
||
237 | |||
238 | <pre> |
||
239 | # service mcollective start |
||
240 | # chkconfig mcollective on |
||
241 | </pre> |
||
242 | |||
243 | h3. Include the smart proxy mcollective function (only on the puppet server which runs the smart proxy) |
||
244 | As foreman 1.1 does not include the mcollective functionality we need to apply Sam Kottler patch (https://github.com/theforeman/smart-proxy/pull/58/files) to integrate mcollective and foreman-proxy. |
||
245 | |||
246 | Get the 4 files you need to replace from the above url and replace, create and edit the following files: |
||
247 | |||
248 | <pre> |
||
249 | /usr/share/foreman-proxy/config/settings.yml |
||
250 | /usr/share/foreman-proxy/lib/proxy/puppet.rb |
||
251 | /usr/share/foreman-proxy/lib/proxy/puppet/runner.rb |
||
252 | /usr/share/foreman-proxy/lib/puppet_api.rb |
||
253 | </pre> |
||
254 | |||
255 | In /etc/foreman-proxy/setings.yml add the following line after the puppet management entry: |
||
256 | |||
257 | <pre> |
||
258 | # enable MCollective integration |
||
259 | :mcollective: true |
||
260 | </pre> |
||
261 | |||
262 | Then replace puppet.rb and puppet_api.rb |
||
263 | <pre> |
||
264 | # rm -f /usr/share/foreman-proxy/lib/proxy/puppet.rb |
||
265 | # cd /usr/share/foreman-proxy/lib/proxy/ |
||
266 | # wget https://raw.github.com/skottler/smart-proxy/2a7b5fbfcdb3a0e9a4b22d46a09d4bfa2aa0f765/lib/proxy/puppet.rb |
||
267 | # rm -f /usr/share/foreman-proxy/lib/puppet_api.rb |
||
268 | # cd /usr/share/foreman-proxy/lib/ |
||
269 | # wget https://raw.github.com/skottler/smart-proxy/2a7b5fbfcdb3a0e9a4b22d46a09d4bfa2aa0f765/lib/puppet_api.rb |
||
270 | </pre> |
||
271 | |||
272 | The 4th script runner.rb needs a little bit more attention. As we use mcollective 1.2 we need to use the agent puppetd. |
||
273 | |||
274 | <pre> |
||
275 | # cd /usr/share/foreman-proxy/lib/proxy/puppet/ |
||
276 | # wget https://raw.github.com/skottler/smart-proxy/2a7b5fbfcdb3a0e9a4b22d46a09d4bfa2aa0f765/lib/proxy/puppet/runner.rb |
||
277 | </pre> |
||
278 | |||
279 | Modify the runner.rb file on line 8 and line 16: |
||
280 | |||
281 | <pre> |
||
282 | 1 module Proxy::Puppet |
||
283 | 2 class Mcollective |
||
284 | 3 extend Proxy::Util |
||
285 | 4 |
||
286 | 5 def self.run(nodes) |
||
287 | 6 mco_search_path = ["/usr/bin", "/opt/puppet/bin"] |
||
288 | 7 sudo = which("sudo", "usr/bin") |
||
289 | 8 sudo = sudo << " -u puppet" |
||
290 | 9 mco = which("mco", mco_search_path) |
||
291 | 10 |
||
292 | 11 unless sudo and mco |
||
293 | 12 logger.warn "sudo or the mco binary is missing." |
||
294 | 13 return false |
||
295 | 14 end |
||
296 | 15 |
||
297 | 16 mco << " puppetd runonce -I #{nodes}" |
||
298 | </pre> |
||
299 | |||
300 | h3. Mcollective sudo |
||
301 | |||
302 | Create an mcollective sudoers file to allow the foreman proxy to execute mco commands. |
||
303 | |||
304 | <pre> |
||
305 | Defaults:foreman-proxy !requiretty |
||
306 | foreman-proxy ALL=(puppet) NOPASSWD: /usr/bin/mco * |
||
307 | </pre> |
||
308 | |||
309 | h2. Installing mcollective on the puppet clients |
||
310 | |||
311 | The puppet client only needs the mcollective and mcollective-common package. Which means you can follow the steps for the puppet server and skip the section for activemq and mcollective client. The rest is the same. |
||
312 | |||
313 | h2. Testing the the configuration |
||
314 | |||
315 | After installing mcollective on the server and clients, you should be able to fire the following command form the puppet server |
||
316 | <pre> |
||
317 | #mco ping |
||
318 | </pre> |
||
319 | You should get a response from each puppet client which is subscribed to the mcollective topic. |