Installing puppetdb

It just makes sense to use the puppet database in your puppet environment. It is used to store the inventory facts about every node in your puppet environment and as this can be big, you need to have a good back end database which can handle this. Here is how I installed puppet DB

There are no special requirements for SELINUX when installing puppet DB. Keep SELINUX set to enforcing mode.

1.    Install the puppet repo

rpm -ivh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-6.noarch.rpm

2.    Install the puppet agent and request a CSR

$ yum install puppet -y
$ puppet agent --test

3.    Sign the puppet agents CSR on the puppet master

$ puppet cert --list
$ puppet cert sign <puppet client>

4.    Install puppet DB on the puppet DB server

puppet resource package puppetdb ensure=latest

5.    Install postgres

Install instructions taken from http://wiki.postgresql.org/wiki/YUM_Installation

vi /etc/yum.repos.d/CentOS-Base.repo

To the [base] and [updates] sections in  /etc/yum.repos.d/CentOS-Base.repo, you need to append a line

exclude=postgresql*

Download and install the rpm repos for postgres

rpm -ivh  http://yum.postgresql.org/9.1/redhat/rhel-6-i386/pgdg-centos91-9.1-4.noarch.rpm
yum list postgres*
yum install postgresql91-server -y

6.    Start the postgres service and run at boot

service postgresql-9.1 initdb
service postgresql-9.1 start
chkconfig postgresql-9.1 on

7.    Configure postgres

vi /var/lib/pgsql/9.1/data/postgresql.conf
listen_addresses = '*'
log_line_prefix = '%t %u %d'

8.    Create the puppet DB

sudo -u postgres sh

cd /var/lib/puppetdb
createuser -DRSP puppetdb
createdb -O puppetdb puppetdb

9.    Allow host access to the postgresql pupetdb

vi /var/lib/pgsql/9.1/data/pg_hba.conf
local all all trust
host puppetdb puppetdb 10.10.10.0/24 trust

•    Comment out this line (near the end of pg_hba.conf)

#local    all    all    peer

•    Restart the postgres service

service postgresql-9.1 restart

•    Test login

psql -h 10.33.22.162 puppetdb puppetdb
and
psql -d puppetdb -U puppetdb -W

10.    Configure puppdb conf.d/config.ini file

vi /etc/puppetdb/conf.d/config.ini

Below details an example config.ini file

# See README.md for more thorough explanations of each section and
# option.

[global]

# Store mq/db data in a custom directory
vardir = /var/lib/puppetdb

# Use an external log4j config file

logging-config = /etc/puppetdb/conf.d/../log4j.properties

# Maximum number of results that a resource query may return

resource-query-limit = 20000

[database]

classname = org.postgresql.Driver
subprotocol = postgresql
subname = //localhost:5432/puppetdb
username = puppetdb
password = <password>

[jetty]

port = 8080

[command-processing]
 
# How many command-processing threads to use, defaults to (CPUs / 2)
# threads = 4

11.    Start the puppetdb services

sudo puppet resource service puppetdb ensure=running enable=true

12.    Open puppetdb port 8081  in iptables

Modify where necessary

iptables -I INPUT 5 -s 10.10.10.0/24 -m tcp -p tcp --dport 8081 -j ACCEPT
iptables -I INPUT 6 -s 10.10.10.0/24 -m tcp -p tcp --dport 8080 -j ACCEPT

service iptables save
service iptables restart

The 2nd firewall rule is used to access the puppetdb-dashboard

13.    Set up a puppet master to connect to puppetdb

•    Run the following on each of your puppet masters:

sudo puppet resource package puppetdb-terminus ensure=latest

•    Add this to /etc/puppet/puppetdb.conf. Note: you may have to create this file.

[main]

server = <puppetdb>
port = 8081

•    Add this to /etc/puppet/puppet.conf

[master]

  storeconfigs = true
  storeconfigs_backend = puppetdb

•    Add this to /etc/puppet/routes.yaml. Note: you may have to create this file.

master:
  facts:
    terminus: puppetdb
    cache: yaml

14.    Restart the puppet service on each puppet master

service httpd restart

15.    Check in an agent and monitor the puppetdb logs

On the puppetdb server, monitor the puppetdb log

tail -f /var/log/puppetdb/puppetdb.log

On an agent run the following:

puppet agent --test

16.    (Optional) Open up access to the puppet DB dashboard

Reference:

http://docs.puppetlabs.com/puppetdb/1/maintain_and_tune.html#monitor-the-performance-dashboard

To access the puppetdb, you need to make some configuration changes. Edit the following file 

/etc/puppetdb/conf.d/config.ini

[jetty]

...

host = 0.0.0.0

Access the puppet DB using the following URL, changing the host name accordingly

http://puppetdb.example.com:8080/dashboard/index.html

Troubleshooting issue:

If the puppet DB, port 8080 and 8081 are not listening when the puppetdb service is set to start and you see in /var/log/puppetdb/puppdb.log the following error:

2013-02-26 19:40:43,327 ERROR [main] [puppetlabs.utils] Uncaught exception
java.io.FileNotFoundException: /etc/puppetdb/ssl/keystore.jks (No such file or directory)

Run the following command and reboot the server

sudo /usr/sbin/puppetdb-ssl-setup

This will create a keystore and truststore in /etc/puppetdb/ssl and will print the password to both files in /etc/puppetdb/ssl/puppetdb_keystore_pw.txt.