The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

Running Puppet on Solaris

Solaris was an early development target for Puppet, hence Puppet’s support for the platform is mature and stable.

Installation OpenSolaris?

Note: Please make sure to use at least Facter 1.5.4, previous versions had issues (#1555, #1761) determining the operatingsystemrelease fact.

Puppet and facter are available in pkg(5) format from Code Nursery, so all you have to do is to add them as a package provider, and then install the package.

# pkg set-publisher -O http://pkg.codenursery.com/ codenursery.com
# pkg install puppet

This installs two smf(5) services:

  • svc:/network/puppet/client:default
  • svc:/network/puppet/master:default

which both are disabled by default. They require /etc/puppet/puppet.conf to be present, so before trying to enable either of them you need to create that file.

Installation Solaris 8/9/10?

Puppet requires both Facter and Ruby, neither of which will be found in a standard Solaris 8/9/10 installation.

A good and easy way to install Puppet and its dependencies is to use the OpenCSW archive. The first step is to install pkgutil, which enables you to easily retrieve software from the OpenCSW repositories.

Please follow the instructions at the OpenCSW site to install pkgutil, then return here to continue installing Puppet.

With pkgutil installed, you can use it to install Puppet and it’s dependencies:

# /opt/csw/bin/pkgutil --yes --install puppet

Note that this not only installs puppet, it also enables the puppet agent. This installs a SMF(5) service:

# svcs svc:/network/puppetd:default

You may disable it after installation:

# svcadm disable puppetd

Installation (Blastwave Package)

Puppet has Facter and Ruby as prerequisites, neither of which will be found on a stock, default Solaris installation.

By far the easiest way to install puppet and its dependencies is to use the blastwave (Community Software) archive, aka CSW http://www.blastwave.org. The first step is to install pkgutil, which allows you to retreive software from the blastwave repositories.

Please follow the instructions located on the blastwave site http://www.blastwave.org/howto.html for installing pkgutil, then return here to continue installing Puppet.

Now that you have pkgutil installed, you can use pkgutil to install puppet. Pkgutil will resolve all of the dependencies, and install those packages as well.

# /opt/csw/bin/pkgutil -U
# /opt/csw/bin/pkgutil --install puppet

Note that this not only installs puppet, it also turns on the daemon which starts looking for a local puppet master server. To stop this, after installation:

# svcadm disable puppetd

Note: At the moment blastwave is going through some internal turmoil. This has caused Gary Law, the puppet solaris package maintainer, to temporarily postpone updating the blastwave repositories with the latest version of puppet. He has however provided the packages from his personal website: http://garylaw.net/packages/. For more information check out Gary’s post here: Gary’s google groups post

Installation (Sunfreeware + )Ruby Gems?

This is an alternative method for installing Puppet on Solaris 10. Rather than depending on Blastwave, which is an entire package framework, I prefer the simplest installation with the least steps and dependencies.

\1) Install Ruby from the Solaris Companion DVD or sunfreeware.com:

  pkgadd -d /cdrom/Solaris_Software_Companion/Solaris_sparc/Packages/ SFWruby

\2) Download and install the latest RubyGems (Like perl’s CPAN module, but for Ruby):

  $ wget http://rubyforge.org/frs/download.php/45905/rubygems-1.3.1.tgz
  $ gzcat rubygems-1.3.1.tgz | tar -xf -
  $ cd rubygems-1.3.1
  $ /opt/sfw/bin/ruby setup.rb

\3) Install the latest Puppet and it’s dependencies via Ruby Gems?:

  /opt/sfw/bin/gem update
  /opt/sfw/bin/gem install puppet

Ruby Gems? will automatically download and install all packages and pre-requisites.

\4) You’ll have to write your own /etc/init.d/puppetd and /etc/init.d/puppetmasterd scripts, or modify the Blastwave SMF manifests. Other than that, puppet is pretty much installed.

Installation (Cool Stack)

“Optimized Open Source Software Stack (Cool Stack) for the Sun Solaris Operating System™. Cool Stack is a collection of some of the most commonly used open source applications optimized for the Sun Solaris OS”

1) Download and install CSKruby package for your platform (Sparc or x86)

pkgadd -d CSKruby_1.3.1_sparc.pkg

\2) CSKruby will be installed to /opt/coolstack, so add that to your default path.

export PATH=$PATH:/opt/coolstack/bin

\3) Install facter + puppet from Ruby Gem? -or- tarball

gem install facter
gem install puppet

OR $ wget http://puppetlabs.com/downloads/facter/facter-latest.tgz

$ tar xvzf facter-1.5.8.tar.gz
$ cd facter-1.5.8
$ ./install.rb

$ wget http://puppetlabs.com/downloads/puppet/puppet-2.6.3.tar.gz
$ tar xvzf puppet-2.6.3.tar.gz
$ cd puppet-2.6.3
$ ./install.rb

\4) TODO: Will add SRV4 packaging instructions here *soon*

Integrating Puppet with Jumpstart

Solaris 10

post-install script:

#!/bin/sh

### Setup
mkdir /a/jumpstart
mount jumpstartserver:/opt/solaris/jumpstart /a/jumpstart

### Blastwave support
cd /a/jumpstart
cp root.profile /a/.profile
mkdir -p /a/usr/local/bin
cp wget-`uname -p`.bin /a/usr/local/bin/wget
chmod 755 /a/usr/local/bin/wget
mkdir -p /a/opt/csw
echo all | pkgadd -a admin.jumpstart -d pkg_get-3.8.1-all-CSW.pkg -R /a
cp /a/jumpstart/pkg-get.conf /a/opt/csw/etc
cp /a/var/pkg-get/admin-fullauto /a/var/pkg-get/admin

### Ruby from Blastwave
cd /a/jumpstart
mkdir -p /a/usr/local/sbin
cp /a/jumpstart/ruby-install.sh /a/usr/local/sbin
chmod 700 /a/usr/local/sbin/ruby-install.sh
chroot /a /usr/local/sbin/ruby-install.sh

### Facter and Puppet from garylaw.net
cp facter-1.3.8,REV=2007.09.23-SunOS5.8-all-CSW.pkg /a/tmp
cp puppet-0.23.2,REV=2007.09.23-SunOS5.8-all-CSW.pkg /a/tmp
cp admin.jumpstart /a/tmp
cp /a/jumpstart/puppet-install.sh /a/usr/local/sbin
chmod 700 /a/usr/local/sbin/puppet-install.sh
chroot /a /usr/local/sbin/puppet-install.sh

## Puppet setup
cp puppetd.conf /a/etc/puppet
cd /a/var/svc/manifest/network
ln -s ../../../../opt/csw/var/svc/manifest/puppetd.xml .
cd /a/jumpstart

### Teardown
cd /
umount /a/jumpstart
rmdir /a/jumpstart

root.profile

umask 022

PATH=/usr/bin:/usr/sbin:/usr/ccs/bin:/usr/dt/bin:/usr/openwin/bin:/bin:/usr/ucb:/opt/SUNWspro/bin:/usr/local/bin:/usr/local/sbin:/opt/csw/bin:/opt/csw/sbin
export PATH

MANPATH=/usr/man:/usr/dt/man:/usr/openwin/share/man:/usr/local/man:/opt/SUNWspro/man:/opt/csw/man
export MANPATH

PS1="`whoami`@`hostname`# "
export PS1

admin.jumpstart

mail=
instance=unique
partial=nocheck
runlevel=nocheck
idepend=nocheck
rdepend=nocheck
space=nocheck
setuid=nocheck
conflict=nocheck
action=nocheck
basedir=default

pkg-get.conf

url=http://www.gtlib.gatech.edu/pub/blastwave/unstable

ruby-install.sh — pkg-get running inside a chroot requires a working mnttab, and openssl (one of the Ruby dependencies) requires a working /dev/random and /dev/urandom. On my Solaris 10 Jumpstart installs, /dev/random and /dev/urandom exist in the chroot, but are symlinks to missing entries in /devices.

#!/bin/sh

/sbin/mount -F mntfs mnttab /etc/mnttab
mknod /devices/pseudo/random@0:random c 190 0
mknod /devices/pseudo/random@0:urandom c 190 1

PATH=$PATH:/usr/local/bin:/usr/local/sbin:/opt/csw/bin:/opt/csw/sbin
export PATH
pkg-get install ruby

puppet-install.sh — these installs might not require a chroot, and may work fine if installed similar to the pkg-get installation above.

#!/bin/sh
/sbin/mount -F mntfs mnttab /etc/mnttab
cd /tmp
mkdir /etc/puppet
echo all | pkgadd -a admin.jumpstart -d \
        facter-1.3.8,REV=2007.09.23-SunOS5.8-all-CSW.pkg
echo all | pkgadd -a admin.jumpstart -d \
        puppet-0.23.2,REV=2007.09.23-SunOS5.8-all-CSW.pkg

puppet.conf

[puppetd]
# Make sure all log messages are sent to the right directory
# This directory must be writable by the puppet user
logdir=/opt/csw/var/puppet/log
vardir=/opt/csw/var/puppet
rundir=/opt/csw/var/puppet/run
server=puppetserver.domain
factsync=true

Simple Puppetmaster install and configuration

To do

Puppet on older versions of Solaris

Of course, blastwave will only work on Solaris 8+. However, Puppet does work well with the Ruby from sunfreeware for at least Solaris 2.6 and 7, and people have even had success compiling pkg-get for use with those platforms by pointing it to the sunfreeware repository – however, your mileage may vary with that (not tested by the person writing this paragraph). Certainly, using sunfreeware packages and native sun packages on their own works quite well.

Required Sunfreeware packages + GEMs

 $ ls -l solaris-25-sparc
 total 21672
 facter-1.6.7.gem
 openssl-1.0.0c-sol25-sparc-local.gz
 puppet-2.7.6.gem
 ruby-1.8.7p72-sol25-sparc-local.gz
 rubygems-1.8.24.tar.gz
 zlib-1.2.5-sol25-sparc-local.gz

 $ ls -l solaris-26-sparc
 total 20584
 facter-1.6.7.gem
 openssl-1.0.0a-sol26-sparc-local.gz
 puppet-2.7.6.gem
 ruby-1.8.7p72-sol26-sparc-local.gz
 rubygems-1.8.24.tar.gz
 zlib-1.2.5-sol26-sparc-local.gz

 $ ls -l solaris-7-sparc
 total 20568
 facter-1.6.7.gem
 openssl-1.0.0d-sol7-sparc-local.gz
 puppet-2.7.6.gem
 ruby-1.8.7p72-sol7-sparc-local.gz
 rubygems-1.8.24.tar.gz
 zlib-1.2.5-sol7-sparc-local.gz

 $ ls -l solaris-8-sparc
 total 20568
 facter-1.6.7.gem
 openssl-1.0.0e-sol8-sparc-local.gz
 puppet-2.7.6.gem
 ruby-1.8.7p72-sol8-sparc-local.gz
 rubygems-1.8.24.tar.gz
 zlib-1.2.5-sol8-sparc-local.gz

 $ ls -l solaris-9-sparc
 total 20592
 facter-1.6.7.gem
 openssl-1.0.0e-sol9-sparc-local.gz
 puppet-2.7.6.gem
 ruby-1.8.7p72-sol9-sparc-local.gz
 rubygems-1.8.24.tar.gz
 zlib-1.2.5-sol9-sparc-local.gz

 $ ls -l solaris-10-sparc
 total 16096
 facter-1.6.7.gem
 openssl-1.0.0e-sol10-sparc-local
 puppet-2.7.6.gem
 ruby-1.8.7p72-sol10-sparc-local
 rubygems-1.8.24.tgz
 zlib-1.2.5-sol10-sparc-local

Install Puppet client packages, example used here is for Solaris 10 SPARC

 # pkgadd -d openssl-1.0.0e-sol10-sparc-local
 Installation of <SMCossl> was successful.

 # pkgadd -d zlib-1.2.5-sol10-sparc-local
 Installation of <SMCzlib> was successful.

 # pkgadd -d ruby-1.8.7p72-sol10-sparc-local
 Installation of <SMCruby> was successful.

 # gunzip -c rubygems-1.8.24.tgz | tar -xvf -
 # cd rubygems-1.8.24
 # ruby setup.rb
 RubyGems 1.8.24 installed

 # /usr/local/bin/gem install --local facter-1.6.7.gem
 Successfully installed facter-1.6.7

 # /usr/local/bin/gem install --local puppet-2.7.6.gem
 Successfully installed puppet-2.7.6

Puppet sample client config file

 # mkdir -p /etc/puppet
 # vi /etc/puppet/puppet.conf
 # cat /etc/puppet/puppet.conf
 [main]
    vardir = /opt/puppet/var
    logdir = /opt/puppet/log
    rundir = /opt/puppet/run
    modulepath = /etc/puppet/modules:/opt/puppet/share/modules
    archive_files = true
    archive_file_server = archiveserver.local
 [agent]
    certname = localhost.local
    server = puppetmaster.local
    report = true
    classfile = $vardir/classes.txt
    localconfig = $vardir/localconfig
    graph = true
    pluginsync = true

Create puppet directory structure

 # mkdir -p /opt/puppet/var
 # mkdir -p /opt/puppet/log
 # mkdir -p /opt/puppet/run
 # mkdir -p /etc/puppet/modules
 # mkdir -p /opt/puppet/share/modules

Test connection to server

 # /usr/local/bin/puppet agent --waitforcert 10 --test

Puppet server certificate list

 # puppet cert list
 puppetclient.local (F2:12:52:F5:66:63:98:E1:68:1E:F3:53:E8:35:1E:34)

Now sign the certificate on the server end

 # puppet cert --sign puppetclient.local
 notice: Signed certificate request for puppetclient.local

Minimal Solaris Puppet Client Installation Instructions

This assumes Solaris 10 or later, you are root, with bash and wget installed and in your PATH:–

Step 1, install pkgutil

exec bash
wget -q -O - \
http://ftp.math.purdue.edu/mirrors/opencsw.org/unstable/$(uname -p)/$(uname -r)/pkgutil-1.4,REV=2009.01.19-SunOS5.8-$(uname -p)-CSW.pkg.gz \
| gunzip --stdout - > /tmp/pkgutil.pkg
yes | pkgadd -d /tmp/pkgutil.pkg all
/opt/csw/bin/pkgutil -U

Step 2, install puppet

/opt/csw/bin/pkgutil -yi CSWpuppet

This will install common, ruby, facter and any other required dependencies, then puppet, and then start up puppetd with a blank config (defaults to looking for a puppet server at puppet.YOURDOMAIN)

More Detailed Solaris Puppet Client Installation Instructions

Installation of the Puppet infrastructure onto a client machine requires a number of prerequisites to be met first. This procedure outlines the installation process for these prerequisites and ultimately Puppet itself on the Solaris 10 platform. Note: This guide assumes that LDAPNodes is being used for node storage. If not, omit any steps that relate to LDAP and do whatever is needed for your node storage mechanism of choice.

All Blastwave packages are installed under: /opt/csw

Procedure

\1) Install Blastwave Support

# pkgadd -d http://www.blastwave.org/pkg_get.pkg

\2) Verify that the pkg-get configuration file is configured for your region

\3) Install the complete wget package

# /opt/csw/bin/pkg-get -i wget

\4) Configure pkg-get to support automation.

# cp -p /var/pkg-get/admin-fullauto /var/pkg-get/admin

\5) Now we are going to install gnupg and an md5 utility so that we can do some security validation of Blastwave packages.

# /opt/csw/bin/pkg-get -i gnupg textutils

\6) Next we will copy the Blastwave PGP public key to the local host.

# /opt/csw/bin/wget --output-document=pgp.key http://www.blastwave.org/mirrors.html

Which should result in output like this:

--10:39:55--  http://www.blastwave.org/mirrors.html
           => `pgp.key'
Resolving www.blastwave.org... 131.188.30.245
Connecting to www.blastwave.org[131.188.30.245]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 16,060 [text/html]

100%[====================================>] 16,060        52.41K/s

10:39:56 (52.33 KB/s) - `pgp.key' saved [16060/16060]

\7) Next we will import the PGP key that we just copied.

# gpg --import pgp.key

\8) Verify that the following two lines in /opt/csw/etc/pkg-get.conf are COMMENTED OUT.

#use_gpg=false
#use_md5=false

\9) Install the Ruby software (CSWruby) from Blastwave.

# /opt/csw/bin/pkg-get -i ruby

Note: This will also install any Ruby prerequisites.

\10) Install the Ruby Gems? software (CSWrubygems) from Blastwave.

# /opt/csw/bin/pkg-get -i rubygems

\11) Add /opt/csw/bin and /opt/csw/sbin to the root user’s PATH.

\12) Install Reductive Labs facter gem package using the Ruby Gem? installation tool.

# gem install facter

\13) Install Reductive Labs Puppet gem package using the Ruby Gem? installation tool. The current STABLE version is: 0.23.2.

# gem install puppet --version '0.23.2'

\14) Create the puppet user and group:

Info for /etc/passwd:

puppet:x:35001:35001:puppet user:/home/puppet:/bin/sh

Info for /etc/shadow:

puppet:*LK*:::::::

Info for /etc/group:

puppet::35001:

\15) Create the following core directories and set the permissions:

# mkdir -p /sysprov/dist/apps /sysprov/runtime/puppet/prod/puppet/master
# chown -R puppet:puppet /sysprov/dist /sysprov/runtime

\16) Grab this sample puppet.conf file and modify the attributes listed below. Copy the modified file to the /sysprov/runtime/puppet/prod/puppet/master directory on your host.

\17) Create a file containing the new LDAP entry information for your host. In this file you specify the Puppet class membership which is what Puppet uses to determine which configuration(s) to use on your host. In the example below, the device is a member of the sudo and syslog-ng classes. This means that whenever the puppetd process is running on your host, it will periodically check with the puppetmaster to see whether its configuration is out of date and apply the configuration for a machine in the sudo and syslog-ng puppet classes. Likewise, if you later modify the LDAP entry to include another puppetclass entry or remove an existing entry, the puppetmaster will apply that configuration instead.

Note: You should specify the fully qualified domain name. Puppet will compare this value to the SSL certificate to ensure a match. If you use a non-FQDN, you are going to run into issues.

# puppettest
dn: cn=puppettest.domain.edu,ou=Hosts,dc=puppet
objectClass: device
objectClass: ipHost
objectClass: puppetClient
objectClass: top
cn: puppettest.domain.edu
ipHostNumber: W.X.Y.Z
description: Test puppet client
l: statcomp
puppetclass: sudo
puppetclass: syslog-ng

\18) Add an LDAP entry for your host. YOUR-LDAP-ENTRY-FILENAME is the file created in the previous step.

$ ldapadd -h ld.domain.edu -x -D uid=12345, ou=humans, dc=domain, dc=edu -W -f YOUR-LDAP-ENTRY-FILENAME -v

If you are modifying an existing entry use this instead:

$ ldapmodify -h ld.domain.edu -x -D uid=12345, ou=humans, dc=domain, dc=edu -W -f YOUR-LDAP-ENTRY-FILENAME -v

\19) Verify that your LDAP entry exists.

$ ldapsearch -h ld.domain.edu -x -b'dc=puppet'

\20) From the Puppet client machine, request SSL Client Certificate from the puppetmaster.

# puppetd --server puppetmaster.domain.edu --waitforcert 60 --test --config=/sysprov/runtime/puppet/prod/puppet/master/puppet.conf

\21) Login to the puppetmaster and sign the certificates

# sudo puppetca --list --config=/sysprov/runtime/puppet/prod/puppet/master/puppet.conf

Which should show:

YOURHOSTNAME.domain.edu

# sudo puppetca --sign YOURHOSTNAME.domain.edu --config=/sysprov/runtime/puppet/prod/puppet/master/puppet.conf

\22) On the Puppet client machine you can then start the puppetd process. If you pass in the -v and/or -d parameters (verbose and debug), then the process does not run in the background. Omit these parameters to daemonize the process.

# puppetd --server puppetmaster.domain.edu --config=/sysprov/runtime/puppet/prod/puppet/master/puppet.conf

Example Using Verbose and Debug Mode:

# puppetd -v -d --server puppetmaster.domain.edu --config=/sysprov/runtime/puppet/prod/puppet/master/puppet.conf

\23) That is it. You should be able to check the system log to see whether your client is receiving updates from the puppetmaster.

# tail -f /var/adm/messages
Dec 17 09:06:39 cheshire puppetd[23486]: [ID 702911 daemon.notice] Starting configuration run
Dec 17 09:07:00 cheshire puppetd[23486]: [ID 702911 daemon.notice] (//sudo/File[/sysprov/dist/apps/sudo]/ensure) created
Dec 17 09:07:24 cheshire puppetd[23486]: [ID 702911 daemon.notice] (//sudo/File[/sysprov/dist/apps/sudo/UCRsudo]/ensure) created
Dec 17 09:07:33 cheshire puppetd[23486]: [ID 702911 daemon.notice] (//sudo/Package[UCRsudo]/ensure) created
Dec 17 09:07:33 cheshire puppetd[23486]: [ID 702911 daemon.notice] Finished configuration run in 54.72 seconds

Ruby-Shadow Library on Solaris (Assuming you have Ruby in /opt/csw)

1) Clone the source code from github:

# git clone git://github.com/apalmblad/ruby-shadow
# Note: as of January 27th the clone will stop on checkout with error:
# warning: remote HEAD refers to nonexistent ref, unable to checkout.
# Check for latest commit on https://github.com/apalmblad/ruby-shadow and run the checkout manually:
# git checkout cf669bcb4aa84a677970

2) Copy the attached Makefile into ruby-shadow directory

3) Build the library within the ruby-shadow directory

# /usr/sfw/bin/gmake

4) Copy the compiled shadow.so into the architecture directory

# cp shadow.so /opt/csw/lib/ruby/site_ruby/1.8/i386-solaris2.8/shadow.so

Please note that you will need to edit the Makefile to match your setup and the directory you copy the .so to will differ according to your setup. In our case it was build for an x86 Solaris 10.

Makefile (3.86 KB) Nick Tkach, 10/19/2010 02:09 pm