FreeBSD and Puppet

Puppet is great. No seriously. It’s really fucking great. I’m not sure what I would do without it these days.

If you’re not familiar, Puppet is an automation framework that allows you to essentially define your servers as code, and maintain configs in a central repository. This way, you have idempotent configurations. You include foobar and foobar is always going to be set up JUST how you like.

Problem is, automation still seems to be primarily focused towards Linux boxes, especially with the advent of devops (eeew, I know!). That’s not to say tools like puppet are only meant for the lusers desperately trying to figure out their Ubuntu boxen. I’m a die-hard FreeBSD user, and puppet has found its way into my servers.

This being said, getting puppet working on FreeBSD is a bit harder than you’d think, so I’m here to talk about how I did it, pitfalls, ways to improve, and all that shit.

PuppetMaster Instructions

  1. If you haven’t already, update your Base. freebsd-update fetch install
  2. Same goes for pkg! pkg update && pkg upgrade
  3. Time to install puppet! pkg install -y puppet4
  4. Now that puppet is installed, let’s configure it! (/usr/local/etc/puppet should have been automatically created by the package install.) puppet master --genconfig > /usr/local/etc/puppet/puppet.conf
  5. Copy your auth config. Edit as you see fit, but the defaults work fine here. cp /usr/local/etc/puppet/auth.conf-dist /usr/local/etc/puppet/auth.conf
  6. Create a puppet.conf file at /usr/local/etc/puppet/puppet.conf. Configuring puppet itself is beyond the scope of this setup thanks to many variables involved, but you can see https://github.com/RainbowHackerHorse/FreeBSD_Puppet_Demonstration for help!
  7. Create your skel files! These come in handy in a bit: ` mkdir -p /usr/local/etc/puppet/environments/production`
  8. Create an environment.conf inside the folder you just made and add the contents from https://github.com/RainbowHackerHorse/FreeBSD_Puppet_Demonstration/blob/master/environments/production/environment.conf
  9. Inside the /usr/local/etc/puppet/environments/production folder, we’re going to create a new folder set now. For the most basic setup, create a folder named manifests and a folder named modules.
  10. Inside manifests, touch site.pp.
  11. In this file, you define nodes. You can include all the modules here, or include a single module written for the server that includes the other requisites. The syntax is as follows: node 'puppetclient.domain' { include foo } I personally like to have mine as follows: node 'puppetclient.domain' { include base include puppetclient } In my setup, base is a basic module that includes the standard puppet stdlib module and some other basic things all servers need.
  12. Next, add puppetmaster_enable="YES" to your /etc/rc.conf file and run service puppetmaster start to start the service! Now we can move onto the client!

Puppet Client Instructions

  1. Install the package puppet4: pkg update && pkg install -y puppet4
  2. Request a certificate signing from the puppetmaster: puppet agent -v --server puppetmaster.domain --waitforcert 60
  3. Sign the client request on the master by running: puppet cert --sign puppetagent.domain
  4. Kick off a puppet run with the command: puppet agent -t -d --server puppetmaster.domain
  5. You can either enable the puppet client in rc.conf, or, the way i prefer, have puppet agent run on a cron every few minutes. My personal cron entry looks something like this: 0 * * * * root /usr/local/bin/puppet agent -t -d --server puppetmaster.domain >> /var/log/puppet/puppetcron.log
  6. Done!

More Talking

I hope this brief tutorial has been helpful! For more information on puppet, see:

  • https://puppet.com - Official Site
  • https://forge.puppet.com - Puppet Forge
  • https://www.freshports.org/sysutils/puppet4/ - FreshPorts entry for Puppet4 FreeBSD Package

You can also find my modules under the user hackerhorse on PuppetForge. Happy puppeteering!

Written on November 13, 2017