I want to share the way, how I manage hosts with puppet. Let's say we have a new box, which runs ubuntu.

First of all I install latest puppet and configure a hostname.

We have to check if puppet is properly installed (e.g. 3.4):

# puppet --version 3.4.0

Then we have to check if the hostname looks good with puppet's facter:

# facter fqdn hans.example.org

As you can see I don't use the final domain name as hostname, but a subdomain (in this example hans). This helps if the machine is used for a different purpose or if the domain is used for multiple domains afterwards.

Since the puppet configuration will be managed and hosted on a private github.com or bitbucket.org repository, I need a ssh public key on the machine (I do not use a password here):

# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again:

Afterwards we add the content of the resulting /root/.ssh/id_rsa.pub as deploy key to the repository on github/bitbucket.

Now we need to install git:

# apt-get install git

Commit the content of the file /etc/puppet/puppet.conf to the newly created git repository. In my case the file looked like this:

[main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY

Additionally I add a folder manifests and a file in it called default.pp with the following contents:

package { 'wget': } package { 'curl': } package { 'htop': } package { 'vim': } package { 'tree': } package { 'unzip': }

Your repository looks like this now:

puppet.conf manifests\ default.pp

If you committed the puppet.conf file, you can now safely remove the existing /etc/puppet directory. It should be nearly empty anyways (only empty folders and a puppet.conf)!

# rm /etc/puppet

Now clone the git repository into the folder /etc/puppet (e.g. user ExampleOrg with repository hans-box on github):

# git clone [email protected]:ExampleOrg/hans-box.git /etc/puppet Cloning into '/etc/puppet'... remote: Counting objects: 7, done. remote: Compressing objects: 100% (5/5), done. remote: Total 7 (delta 1), reused 3 (delta 0) Receiving objects: 100% (7/7), done. Resolving deltas: 100% (1/1), done.

So our /etc/puppet config is now version controlled. Since we added the keys only as deploy keys, we can't be tempted to fix things on the live machine, since we can't commit them anyways.

To update the machine, I run the following command (as root):

# cd /etc/puppet/ && git pull origin master && puppet apply /etc/puppet/manifests/default.pp

If you run this for the first time:

From github.com:ExampleOrg/hans-box * branch master -> FETCH_HEAD Already up-to-date. Notice: Compiled catalog for hans.example.org in environment production in 0.05 seconds Notice: /Stage[main]/Main/Package[tree]/ensure: ensure changed 'purged' to 'present' Notice: /Stage[main]/Main/Package[curl]/ensure: ensure changed 'purged' to 'present' Notice: /Stage[main]/Main/Package[htop]/ensure: ensure changed 'purged' to 'present' Notice: /Stage[main]/Main/Package[vim]/ensure: ensure changed 'purged' to 'present' Notice: /Stage[main]/Main/Package[unzip]/ensure: ensure changed 'purged' to 'present' Notice: Finished catalog run in 9.82 seconds

then you will have htop and vim installed, finally!

Next run will be much faster:

From github.com:ExampleOrg/hans-box * branch master -> FETCH_HEAD Already up-to-date. Notice: Compiled catalog for hans.example.org in environment production in 0.05 seconds Notice: Finished catalog run in 0.10 seconds

Happy administrating!