Wednesday, April 2, 2014

Deploying the Puppet Agent on Solaris 9

I manage ~300 UNIX/Linux servers, responsible for serving up POS sessions at our stores. Around 200 of these are Solaris 9. The following is how I automated the deployment of the Puppet agent onto these Solaris 9 servers. If anyone finds this useful but has some questions, feel free to ask. There's not a lot of info out there on Solaris 9 Puppet deployment, so this did take a little bit of research to accomplish.

A few points:

* Our Solaris 9 server's hostname does not match our DNS name.
* We use an authenticated proxy solution, so the local script will set the http_proxy env variable for this reason (pkgutil likes to check inventory before installing)
* I have included all of the files referenced below in one bundle.tar
* The patch 113713-29 was required for OpenCSW to work (to allow me to install puppet)
* During the rollout phase, I turned auto-signing on, on my Puppet Master. To do this, add the following line to /etc/puppet/puppet.conf on the master server, under [master]:
autosign = true
* Both scripts below are required to install the puppet agent.

---- ----

# Puppet OpenSource Client Installation script for Solaris 9
# Author Daniel Eather
# Usage for x in $(cat server_list); do ./ ${x}; done


# Check we have a hostname specified as an argument
if [ "$#" == 0 ] || [ "$#" -gt 1 ]
                echo "ERROR: You must only supply the hostname as an argument."
                exit 1

# Store and convert hostname to lower case (required for custom certname variable in agent's puppet.conf)
HOSTNAME=`echo $HOSTNAME | tr '[:upper:]' '[:lower:]'`

# Time stamp
timeStamp=`/bin/date \+\%Y\%m\%d\%H\%M\%S`

# Check Puppet Agent is not already installed
checkPuppet=$(ssh root@${HOSTNAME} "ls /opt/csw/bin/puppet")
if [ $checkPuppet ]
                echo "Puppet Agent is already installed on this system."
                exit 1
                echo "Puppet Agent not found on system."

# Generate default puppet config file
echo "# Puppet OpenSource Client Configuration File" > /tmp/puppet.conf.tmp
echo "# Author: Daniel Eather" >> /tmp/puppet.conf.tmp
echo "# Date:   ${timeStamp}" >> /tmp/puppet.conf.tmp
echo "" >> /tmp/puppet.conf.tmp
echo "[agent]" >> /tmp/puppet.conf.tmp
echo "    certname=${HOSTNAME}" >> /tmp/puppet.conf.tmp
echo "    node_name=${HOSTNAME}" >> /tmp/puppet.conf.tmp

# Copy over required files
scp root@${HOSTNAME}:/var/spool/pkg/
scp pkgutil-sparc.pkg root@${HOSTNAME}:/tmp/
scp root@${HOSTNAME}:/tmp/
scp /tmp/puppet.conf.tmp root@${HOSTNAME}:/tmp/
scp sol9_puppet_dep.tar root@${HOSTNAME}:/tmp/

# Execute install script locally on server
ssh root@${HOSTNAME} "chmod +x /tmp/"
ssh root@${HOSTNAME} "/tmp/"

---- ----


# Set http proxy environment variable

# Unpack and install patch 113713-29
cd /var/spool/pkg; unzip /var/spool/pkg/
yes | patchadd /var/spool/pkg/113713-29

# Install pkgutil
yes | pkgadd -d /tmp/pkgutil-sparc.pkg all

# Unpack install files for puppet, to save downloading them each time
mv /tmp/sol9_puppet_dep.tar /var/opt/csw/pkgutil/packages/
cd /var/opt/csw/pkgutil/packages/; tar xvf sol9_puppet_dep.tar

# Install Puppet
/opt/csw/bin/pkgutil -i -y  puppet

# Drop in puppet agent configuration file
mv /tmp/puppet.conf.tmp /etc/puppet/puppet.conf

# Connect to Puppet master and authenticate
/opt/csw/bin/puppet agent --waitforcert 60 -t

# Start Puppet
/etc/init.d/cswpuppetd start

# Cleanup large dependency file
rm -f /var/opt/csw/pkgutil/packages/sol9_puppet_dep.tar