Project

General

Profile

mcollective » History » Version 6

Laurent Domb, 05/03/2013 10:31 AM

1 1 Laurent Domb
h1.  mcollective 
2
3
As adding support for mCollective is currently a work in progress [[ http://projects.theforeman.org/projects/1/wiki/MCollective_integration ]] and primarily focused around the smart-proxy, this how to can change at any time. 
4
5 6 Laurent Domb
h2. Mcollective 1.2.1, Foreman and Puppet PE 
6 1 Laurent Domb
7
As puppet PE comes with mcollective it's fairly easy to make it work with the foreman smart proxy. Sam Kottler wrote a patch (https://github.com/theforeman/smart-proxy/pull/58/files) to integrate mcollective and foreman-proxy. 
8
9 3 Laurent Domb
I assume you have followed the guide [[  passenger on Puppet PE and use foreman as an ENC and reporting engine ]]. If so you need to replace, create and edit the following files: 
10 1 Laurent Domb
11
<pre>
12
/usr/share/foreman-proxy/config/settings.yml 
13
/usr/share/foreman-proxy/lib/proxy/puppet.rb
14
/usr/share/foreman-proxy/lib/proxy/puppet/runner.rb
15
/usr/share/foreman-proxy/lib/puppet_api.rb
16
</pre>
17
18
In /usr/share/foreman-proxy/config/settings add the following line after the puppet management entry:
19
20
<pre>
21
# enable MCollective integration
22 4 Laurent Domb
:mcollective: true
23 1 Laurent Domb
</pre>
24
25 2 Laurent Domb
Now your puppet pe / foreman installation is ready for a puppet run via foreman host page. 
26
27 1 Laurent Domb
Then replace puppet.rb and puppet_api.rb
28
<pre>
29
# rm -f /usr/share/foreman-proxy/lib/proxy/puppet.rb
30
# cd /usr/share/foreman-proxy/lib/proxy/
31
# wget https://raw.github.com/skottler/smart-proxy/2a7b5fbfcdb3a0e9a4b22d46a09d4bfa2aa0f765/lib/proxy/puppet.rb
32
# rm -f /usr/share/foreman-proxy/lib/puppet_api.rb
33
# cd /usr/share/foreman-proxy/lib/
34
# wget https://raw.github.com/skottler/smart-proxy/2a7b5fbfcdb3a0e9a4b22d46a09d4bfa2aa0f765/lib/puppet_api.rb
35
</pre>
36
37 6 Laurent Domb
The 4th script runner.rb needs a little bit more attention. Puppet pe 2.7.2 does use mcollective 1.2 which means the agent puppet cannot be used. So we need to swap it with puppetd. Also to be able to query the hosts, all the mcollective commands need to be running in the peadmin user environment.  
38 1 Laurent Domb
39
<pre>
40
# cd /usr/share/foreman-proxy/lib/proxy/puppet/
41
# wget https://raw.github.com/skottler/smart-proxy/2a7b5fbfcdb3a0e9a4b22d46a09d4bfa2aa0f765/lib/proxy/puppet/runner.rb
42
</pre>
43
44
Modify the runner.rb file on line 8 and line 16: 
45
46
<pre>
47
  1 module Proxy::Puppet
48
  2   class Mcollective
49
  3     extend Proxy::Util
50
  4
51
  5     def self.run(nodes)
52
  6       mco_search_path = ["/usr/bin", "/opt/puppet/bin"]
53
  7       sudo = which("sudo", "usr/bin")
54
  8       sudo = sudo << " -u peadmin"
55
  9       mco = which("mco", mco_search_path)
56
 10
57
 11       unless sudo and mco
58
 12         logger.warn "sudo or the mco binary is missing."
59
 13         return false
60
 14       end
61
 15
62
 16       mco << " puppetd runonce -I #{nodes}"
63
</pre>
64
65
h3. Mcollective sudo 
66
67
Create an mcollective sudoers file to allow the foreman proxy to execute mco commands.
68
69
<pre>
70
Defaults:foreman-proxy !requiretty
71
foreman-proxy ALL=(peadmin) NOPASSWD: /opt/puppet/bin/mco *
72
</pre>
73 6 Laurent Domb
74
h2. Mcollective 1.2.1 / Foreman / Puppet Opensource
75
76
Installing mcollective on a opensource puppet host is slightly different than the above procedure as puppet enterprise comes with pre configured puppet modules which do most of the steps automatically which I show here manually. You could also download the puppet modules from puppet forge for mcollective and activemq and customize them for your needs. First we need to install mcollective and mcollective-client. The mcollective-client is only needed by the puppet master host. To be consistent with the above installation I choose the same version of mcollective as in puppet pe. 
77
78
h3. Install activemq / mcollecitve
79
80
To be able to install mcollective and activemq you need to install the puppetlabs repo. 
81
82
<pre>
83
$ sudo rpm -ivh sudo rpm -ivh http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-7.noarch.rpm 
84
</pre>
85
86
Install activemq and mcollective on the puppet server
87
88
<pre>
89
$ sudo yum install mcollective-1.2.1-1.el6.noarch mcollective-common-1.2.1-1.el6.noarch mcollective-client-1.2.1-1.el6.noarch 
90
</pre>
91
92
Configure activemq first and edit the following lines in /etc/activemq/activemq.xml
93
94
<pre>
95
109               <authenticationUser username="mcollective" password="marionette" groups="mcollective,everyone"/>
96
119                   <authorizationEntry topic="mcollective.>" write="mcollective" read="mcollective" admin="mcollective" />
97
120                   <authorizationEntry queue=">" write="mcollective" read="mcollective" admin="mcollective" />
98
</pre>
99
100
Enable activemq to start on boot and start the service
101
102
<pre>
103
# chkconfig activemq on
104
# service activemq start
105
</pre>
106
107
Configure the server.cfg in /etc/mcollective/server.cfg
108
109
<pre>
110
topicprefix = /topic/
111
main_collective = mcollective
112
collectives = mcollective
113
libdir = /usr/libexec/mcollective
114
logfile = /var/log/mcollective.log
115
loglevel = info
116
daemonize = 1
117
118
# Plugins
119
securityprovider = psk
120
plugin.psk = unset
121
122
connector = stomp
123
plugin.stomp.host = YOUR ACTIVEMQ HOST can be local host
124
plugin.stomp.port = 61613
125
plugin.stomp.user = mcollective
126
plugin.stomp.password = marionette
127
128
# Facts
129
factsource = yaml
130
plugin.yaml = /etc/mcollective/facts.yaml
131
132
# Puppet Classes
133
classesfile = /var/lib/puppet/classes.txt
134
135
# Puppet Agent plugin configuration
136
plugin.puppetd.puppetd   = /usr/sbin/puppetd
137
plugin.puppetd.lockfile  = /var/lib/puppet/state/puppetdlock
138
plugin.puppetd.statefile = /var/lib/puppet/state/state.yaml
139
plugin.puppetd.splaytime = 120
140
# Note the following two are "puppet" and not "puppetd"
141
plugin.puppet.pidfile    = /var/run/puppet/agent.pid
142
plugin.puppet.summary    = /var/lib/puppet/state/last_run_summary.yaml
143
144
145
# Periodcally broadcast metdata for registration purposes.
146
# This registration plugin will broadcast current Facter fact values.
147
registration = Meta
148
# registerinterval is intentionally "long" to prevent systems from being overly
149
# chatty on the message bus by default.  If you want a higher frequency, this
150
# may be set to 300 (5 minutes)
151
registerinterval = 14400
152
153
# authorization
154
rpcauthorization = 1
155
rpcauthprovider = action_policy
156
plugin.actionpolicy.allow_unconfigured = 1
157
</pre>
158
159
Configure the client.cfg in /etc/mcollective/client.cfg
160
161
<pre>
162
topicprefix = /topic/
163
main_collective = mcollective
164
collectives = mcollective
165
libdir = /usr/libexec/mcollective
166
logfile = /dev/null
167
loglevel = info
168
169
# Plugins
170
securityprovider = psk
171
plugin.psk = unset
172
173
connector = stomp
174
plugin.stomp.host = localhost
175
plugin.stomp.port = 61613
176
plugin.stomp.user = mcollective
177
plugin.stomp.password = marionette
178
179
# Facts
180
factsource = yaml
181
plugin.yaml = /etc/mcollective/facts.yaml
182
</pre>
183
184
h2. Install the mcollective plugins
185
186
Per default mcollective comes only with discovery and rpcutil as an agent. As we want to run puppet we need to get the puppetd agent and application. Please be aware that the puppetd agent is an old plugin. Its recommended to run puppet.rb from (https://github.com/puppetlabs/mcollective-puppet-agent.git) which does need mcollective >= 2.2. 
187
188
To be consistent with the puppet pe env we are going to install the following additional agents / applications which you can get from here
189
 git://github.com/puppetlabs/mcollective-plugins.git: 
190
<pre>
191
agents (/usr/libexec/mcollective/mcollective/agent): 
192
--- package.ddl
193
--- package.rb
194
--- puppetd.ddl
195
--- puppetd.rb
196
--- puppetral.ddl
197
--- puppetral.rb
198
--- service.ddl
199
--- service.rb
200
201
applications (/usr/libexec/mcollective/mcollective/application): 
202
203
--- package.rb
204
--- puppetd.rb
205
--- service.rb
206
207
and util (/usr/libexec/mcollective/mcollective/util):
208
--- actionpolicy.rb
209
</pre>
210
211
h3. Collect puppet facts for mcollective
212
213
If you look at the mcollective server.cfg you'll see that we mentioned the file /etc/mcollective/facts.yaml. This file is needed so that mcollective can query the host facts. There are 2 approaches to create the file. The first one was written by Jordan Sissel. He added a file resource to the mcollective module which creates the facts.yaml file each time puppet runs. 
214
215
<pre> 
216
file { 
217
  "/etc/mcollective/facts.yaml": 
218
    ensure => file, 
219
    content => inline_template("<%25= scope.to_hash.reject { |k,v| !( k.is_a?(String) && v.is_a?(String) ) }.to_yaml %25>"), 
220
    require => Package["mcollective"]; 
221
} 
222
</pre>
223
Another approach is to create a cron entry to update the facts every 15 minutes
224
<pre>
225
0,15,30,45 * * * * /usr/sbin/refresh-mco-meta
226
</pre>
227
228
Create the file refresh-mco-meta in /usr/sbin/ and add the following content
229
230
<pre>
231
#! /bin/bash
232
/usr/bin/facter --puppet --yaml > /etc/mcollective/facts.yaml.new
233
mv /etc/mcollective/facts.yaml.new /etc/mcollective/facts.yaml
234
</pre>
235
236
h3. Starting the service mcollective and enableing mcollective at boot on the puppet server
237
238
<pre>
239
# service mcollective start
240
# chkconfig mcollective on 
241
</pre>
242
243
h3. Include the smart proxy mcollective function (only on the puppet server which runs the smart proxy)
244
As foreman 1.1 does not include the mcollective functionality we need to apply Sam Kottler patch (https://github.com/theforeman/smart-proxy/pull/58/files) to integrate mcollective and foreman-proxy. 
245
246
Get the 4 files you need to replace from the above url and replace, create and edit the following files: 
247
248
<pre>
249
/usr/share/foreman-proxy/config/settings.yml 
250
/usr/share/foreman-proxy/lib/proxy/puppet.rb
251
/usr/share/foreman-proxy/lib/proxy/puppet/runner.rb
252
/usr/share/foreman-proxy/lib/puppet_api.rb
253
</pre>
254
255
In /etc/foreman-proxy/setings.yml add the following line after the puppet management entry:
256
257
<pre>
258
# enable MCollective integration
259
:mcollective: true
260
</pre> 
261
262
Then replace puppet.rb and puppet_api.rb
263
<pre>
264
# rm -f /usr/share/foreman-proxy/lib/proxy/puppet.rb
265
# cd /usr/share/foreman-proxy/lib/proxy/
266
# wget https://raw.github.com/skottler/smart-proxy/2a7b5fbfcdb3a0e9a4b22d46a09d4bfa2aa0f765/lib/proxy/puppet.rb
267
# rm -f /usr/share/foreman-proxy/lib/puppet_api.rb
268
# cd /usr/share/foreman-proxy/lib/
269
# wget https://raw.github.com/skottler/smart-proxy/2a7b5fbfcdb3a0e9a4b22d46a09d4bfa2aa0f765/lib/puppet_api.rb
270
</pre>
271
272
The 4th script runner.rb needs a little bit more attention. As we use mcollective 1.2 we need to use the agent puppetd. 
273
274
<pre>
275
# cd /usr/share/foreman-proxy/lib/proxy/puppet/
276
# wget https://raw.github.com/skottler/smart-proxy/2a7b5fbfcdb3a0e9a4b22d46a09d4bfa2aa0f765/lib/proxy/puppet/runner.rb
277
</pre>
278
279
Modify the runner.rb file on line 8 and line 16: 
280
281
<pre>
282
  1 module Proxy::Puppet
283
  2   class Mcollective
284
  3     extend Proxy::Util
285
  4
286
  5     def self.run(nodes)
287
  6       mco_search_path = ["/usr/bin", "/opt/puppet/bin"]
288
  7       sudo = which("sudo", "usr/bin")
289
  8       sudo = sudo << " -u puppet"
290
  9       mco = which("mco", mco_search_path)
291
 10
292
 11       unless sudo and mco
293
 12         logger.warn "sudo or the mco binary is missing."
294
 13         return false
295
 14       end
296
 15
297
 16       mco << " puppetd runonce -I #{nodes}"
298
</pre>
299
300
h3. Mcollective sudo 
301
302
Create an mcollective sudoers file to allow the foreman proxy to execute mco commands.
303
304
<pre>
305
Defaults:foreman-proxy !requiretty
306
foreman-proxy ALL=(puppet) NOPASSWD: /usr/bin/mco *
307
</pre>
308
309
h2. Installing mcollective on the puppet clients
310
311
The puppet client only needs the mcollective and mcollective-common package. Which means you can follow the steps for the puppet server and skip the section for activemq and mcollective client. The rest is the same. 
312
313
h2. Testing the the configuration
314
315
After installing mcollective on the server and clients, you should be able to fire the following command form the puppet server
316
<pre>
317
#mco ping
318
</pre>
319
You should get a response from each puppet client which is subscribed to the mcollective topic.