How to set up PuppetDB for your puppet environment

First of all I would like to share a few words about PuppetDB from the official site site (https://docs.puppetlabs.com/puppetdb/latest/):

“PuppetDB collects data generated by Puppet. It enables advanced Puppet features like exported resources, and can be the foundation for other applications that use Puppet’s data.”

Before you start the installation steps of this article, please make sure that the previous steps from the “Puppet first steps: How to install a puppetmaster with a puppetclient” are already done.

1. Install the necessary packages:
yum -y install puppetdb puppetdb-terminus

2. Make sure that puppetmaster and puppetdb are stopped:

[root@puppetmaster ~]# service puppetmaster stop
Stopping puppetmaster:                                     [  OK  ]
[root@puppetmaster ~]# service puppetdb stop
Stopping puppetdb:                                         [  OK  ]

3. Add/modify following lines in to the [main] section of the /etc/puppet/puppet.conf:

[master]
 storeconfigs = true
 storeconfigs_backend = puppetdb
 reports = store,puppetdb
 autosign = true

4. Set up puppetDB: set host parameter in /etc/puppetdb/conf.d/jetty.ini

[jetty]
# Hostname or IP address to listen for clear-text HTTP.  Default is localhost
# host = <host>
host = 0.0.0.0

5. Run puppetdb ssl-setup, but first you have to run puppetmaster once (if you did not do that after its installation) to generate its certificates.

[root@puppetmaster ~]# service puppetmaster start; service puppetmaster stop; puppetdb ssl-setup
Starting puppetmaster:                                     [  OK  ]
Stopping puppetmaster:                                     [  OK  ]
PEM files in /etc/puppetdb/ssl already exists, checking integrity.
Setting ssl-host in /etc/puppetdb/conf.d/jetty.ini already correct.
Setting ssl-port in /etc/puppetdb/conf.d/jetty.ini already correct.
Setting ssl-key in /etc/puppetdb/conf.d/jetty.ini already correct.
Setting ssl-cert in /etc/puppetdb/conf.d/jetty.ini already correct.
Setting ssl-ca-cert in /etc/puppetdb/conf.d/jetty.ini already correct.

6. Create /etc/puppet/puppetdb.conf with the following content
[root@puppetmaster ~]# cat /etc/puppet/puppetdb.conf
[main]
server = puppetmaster
port = 8081
soft_write_failure = false

7. Create /etc/puppet/routes.yaml with the following content
[root@puppetmaster ~]# cat /etc/puppet/routes.yaml

master:
    facts:
    terminus: puppetdb
    cache: yaml

8. Set /etc/sysconfig/puppetdb (I recommend to increase the maximum Java heap size (-Xmx) to 1024m)
[root@puppetmaster ~]# cat /etc/sysconfig/puppetdb | grep ARGS
JAVA_ARGS=”-Xmx1024m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -Djava.security.egd=file:/dev/urandom”

9. Set puppetmaster and puppetdb services to run automatically after a restart
[root@puppetmaster ~]# chkconfig puppetmaster on
[root@puppetmaster ~]# chkconfig puppetdb on

10. Set /etc/puppetdb/conf.d/config.ini


Maximum amount of disk space (in MB) to allow for ActiveMQ persistent message storage
store-usage = 2048

Maximum amount of disk space (in MB) to allow for ActiveMQ temporary message storage
temp-usage = 2048

11. Start puppetdb
[root@puppetmaster ~]# service puppetdb start
Starting puppetdb:                                         [  OK  ]

12. You should see something like this in /var/log/puppetdb/puppetdb.log
[root@puppetmaster ~]# tail -f /var/log/puppetdb/puppetdb.log
2015-01-12 14:02:07,508 INFO  [c.p.p.c.services] Starting 1 command processor threads
2015-01-12 14:02:07,521 WARN  [c.j.b.BoneCPConfig] JDBC username was not set in config!
2015-01-12 14:02:07,527 WARN  [c.j.b.BoneCPConfig] JDBC password was not set in config!
2015-01-12 14:02:07,541 INFO  [c.p.p.c.services] Starting query server
2015-01-12 14:02:07,567 WARN  [o.e.j.s.h.ContextHandler] Empty contextPath
2015-01-12 14:02:07,586 INFO  [o.e.j.s.h.ContextHandler] Started o.e.j.s.h.ContextHandler@24984906{/,null,AVAILABLE}
2015-01-12 14:02:07,655 INFO  [c.p.p.c.services] Starting sweep of stale reports (threshold: 14 days)
2015-01-12 14:02:07,693 INFO  [c.p.p.c.services] Finished sweep of stale reports (threshold: 14 days)
2015-01-12 14:02:07,693 INFO  [c.p.p.c.services] Starting database garbage collection
2015-01-12 14:02:07,727 INFO  [c.p.p.c.services] Finished database garbage collection

13. You have to see, that the ports of puppetDB are opened:
[root@puppetmaster ~]# netstat -tapn | grep 808*
tcp        0      0 :::8080                     :::*                        LISTEN      27327/java
tcp        0      0 :::8081                     :::*                        LISTEN      27327/java

14. If puppetDB is up and running, run puppetmaster:
[root@puppetmaster ~]# service puppetmaster start
Starting puppetmaster:                                     [  OK  ]

15. Run puppet agent -t to make sure, that it works. You should see:
[root@puppetmaster ~]# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppetmaster
Info: Applying configuration version ‘1421067995’
Notice: Finished catalog run in 0.06 seconds

16. If you want to test if it get the data from puppetdb, then stop puppetDB and run puppet agent -t again..
In this case the result will be somthing like this:
[root@puppetmaster ~]# service puppetdb stop
Stopping puppetdb:                                         [  OK  ]
[root@puppetmaster ~]# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit ‘replace facts’ command for puppetmaster to PuppetDB at puppetmaster:8081: Connection refused – connect(2)
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s