The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

Running Puppet on AIX

Puppet on AIX is partially unsupported but yet still useful (at least two sites have it deployed in a production environment). It doesn’t work with the ruby packages that are available from bull at http://www.bullfreeware.com/, as they lack socket functionality, however it does when ruby is built from source with openssl support (at least on 5.2 and 5.3! On early versions, mileage may very etc). Currently, as at 0.22.4 there is still some big holes in functionality, specifically:

  • Mount doesn’t work. Thank you, IBM!
  • Cron jobs mysteriously fail with ‘crontab: cannot access’. Bug 2798
  • Service management via init works, however AIX by default uses something else for internal packages Feature 2864

Service Management

Most things on AIX are handled using the system resource controller (SRC).

lssrc -a list all services available and their state

startsrc -s sshd start a subsystem

stopsrc -s sshd stop a subsystem

refresh -s sshd refresh a subsystem (does not work on all subsystems, ssh for instance).

You can also pass -g instead of -s to start/stop a group of systems (such as NFS).

Services to be managed via the SRC can be defined with the mkssys command. The example adds the sshd subsystem and the ssh group to the SRC. In the example the binaries reside in /usr. The -a flag allows passing of arguments.

/usr/bin/mkssys -s sshd -p /usr/sbin/sshd -a ‘-D’ -u 0 -S -f 9 -n 15 -R -G ssh

The so generated subsystem sshd can be started with the above mentioned commands.

Package Maintenance

Packages are installed one or two ways. Locally using a local collection of .bff files (native BFF filesets) or remotely using Network Install Manager (NIM), which is similar to kickstart or jump start, plus there’s client management after the fact. NIM has the ability to remotely run simple scripts, reinstalling the OS, or making a system backup (mksysb).

NIM installation

The way that seems to be most common is to deploy packages with NIM. The client is configured to communicate with the NIM server using the niminit command. This can be run on the client or server. In most cases the entry on the server should be created first.

niminit -a name=HOSTNAME -a master=NIM_SERVER_FQDN -a connect=nimsh

Packages can then be installed using the nimclient command with the CUSTomize operation.

nimclient -o cust -a lpp_source=LPP_NAME -a filesets=“package1 package2 package3”

LPP_NAME is the name of the package repository on the server, you can discover the available sources with nimclient -l -t lpp_source.

Local Installation

If the packages are local (or on NFS) they can be installed with the installp command.

installp -acgXY -d /usr/sys/inst.images package1 package2 package3

-a means to apply packages (install)

-c (optional) commit packages to the system, cannot be rejected after this

-g (optional) process dependencies. If depends are not met, install fails.

-X automatically extend filesystems if needed.

-Y automatically accept License agreements.

-d dir use install source location

Before packages can be installed from a local repository, an index of metadata must be created. This is done with the inutoc command. This generates a .toc file in the directory that installp uses to know what packages are where. The filenames of the packages are irrelevant.

Handling mounts

Mounts are dynamically created/removed by commands, instead of modifying /etc/filesystems directly.

lsfs, list filesystems with their attributes

mkfs, creates a filesystem and adds it to /etc/filesystems

rmfs, removes a filesystem (and underlying block device unless the filesystem is not JFS or JFS2)

mknfsmnt, create an NFS mount in /etc/filesystems

rmnfsmnt, remove an NFS mount from /etc/filesystems

chfs, change the mountpoint, attributes, mounting groups, etc. of a filesystem (example: chfs -An /usr causes /usr to not mount on boot)

Mounts are handled exclusively via command line or smitty, using the above commands or importvg/exportvg.

Inittab

/etc/inittab is managed by {ch,ls,mk,rm}itab commands. Do not write changes to this as a text file.

Building Puppet & Dependencies From Source

AIX 6.1 TL6 GCC Build Environment Software Prerequisites

The following environment allowed for a successful build of zlib, openssl, ruby, and finally facter and puppet on AIX 6.1:

$ oslevel -r
6100-06

$ oslevel -s
6100-06-06-1140

We need to install the libm package:

$ lslpp -l | grep -i bos.adt.libm
bos.adt.libm 6.1.6.0 APPLIED Base Application Development

We also need to install this APAR or bring your system up to AIX 6.1 TL6 SP6 so we don’t suffer from a GCC assembler error:
http://www.perzl.org/aix/index.php?n=Main.GCCAssemblerError

My fresh install of AIX 6.1 had the following RPM’s on it:
$ rpm -qa
cdrecord-1.9-7
mkisofs-1.13-4
tcl-8.4.7-3
tk-8.4.7-3
expect-5.42.1-3
TWeagent-7.7.0-0
AIX-rpm-6.1.6.15-2

Next we need to install the following RPM’s:

$ rpm -ivh make-3.80-1.aix5.1.ppc.rpm
$ rpm -ivh gcc-4.2.0-3.aix6.1.ppc.rpm
$ rpm -ivh libgcc-4.2.0-3.aix6.1.ppc.rpm
$ rpm -ivh db-3.3.11-4.aix5.1.ppc.rpm

I was able to download the above rpms from IBM here:
http://www-03.ibm.com/systems/power/software/aix/linux/toolbox/ezinstall.html

GCC Compiler Environment:

Michael Perzl has a great web page about howto create a competent compiler environment for AIX using GCC:
http://www.perzl.org/aix/index.php?n=Main.Instructions#environment_gcc

If you are coming from the Linux world the following is an informative post on some of the differences between libraries and linking between AIX and Linux.
http://archives.postgresql.org/pgsql-patches/2006-09/msg00251.php

Example RPM’s and SRPM’s

The following link provides both pre-compiled RPM’s and SRPMS for zlib, openssl, ruby, facter, and puppet.

http://t3chnick.blogspot.com/2012/01/32-bit-puppet-rpms-srpms-for-aix-howto.html

Install Puppet client using pre-compiled binary packages

Required pre-compiled binary packages

# rpm -ivh libgcc-4.2.0-3.aix6.1.ppc.rpm
libgcc                      ##################################################
# rpm -ivh db-3.3.11-4.aix5.1.ppc.rpm
db                          ##################################################
# rpm -ivh pup-zlib-1.2.5-1.32.puppet.local.aix6.1.ppc.rpm
pup-zlib                    ##################################################
# rpm -ivh pup-openssl-1.0.0e-2.32.puppet.local.aix6.1.ppc.rpm
pup-openssl                 ##################################################
# rpm -ivh pup-ruby-1.8.7-p352.1.32.puppet.local.aix6.1.ppc.rpm
pup-ruby                    ##################################################
# rpm -ivh pup-facter-1.6.3-1.puppet.local.aix6.1.noarch.rpm
pup-facter                  ##################################################
# rpm -ivh pup-puppet-2.7.6-1.local.aix6.1.ppc.rpm
pup-puppet                  ##################################################
# rpm -ivh pup-puppet-conf-0.1-1.local.aix6.1.noarch.rpm
pup-puppet-conf             ##################################################

Puppet sample client config file

 # mkdir -p /etc/puppet
 # vi /etc/puppet/puppet.conf
 # cat /etc/puppet/puppet.conf
 [main]
    vardir = /opt/puppet/var
    logdir = /opt/puppet/log
    rundir = /opt/puppet/run
    modulepath = /etc/puppet/modules:/opt/puppet/share/modules
    archive_files = true
    archive_file_server = archiveserver.local
 [agent]
    certname = localhost.local
    server = puppetmaster.local
    report = true
    classfile = $vardir/classes.txt
    localconfig = $vardir/localconfig
    graph = true
    pluginsync = true

Create puppet directory structure

 # mkdir -p /opt/puppet/var
 # mkdir -p /opt/puppet/log
 # mkdir -p /opt/puppet/run
 # mkdir -p /etc/puppet/modules
 # mkdir -p /opt/puppet/share/modules

Test connection to server

 # /opt/puppet/pup-puppet/bin/puppet agent --waitforcert 10 --test

Puppet server certificate list

 # puppet cert list
 puppetclient.local (F2:12:52:F5:66:63:98:E1:68:1E:F3:53:E8:35:1E:34)

Now sign the certificate on the server end

 # puppet cert --sign puppetclient.local
 notice: Signed certificate request for puppetclient.local

32-bit RPM’s Compiled on AIX5.3

pup-facter-1.6.3-1.puppet.local.aix5.3.noarch.rpm
pup-openssl-1.0.0e-2.32.puppet.local.aix5.3.ppc.rpm
pup-puppet-2.7.6-1.local.aix5.3.ppc.rpm
pup-puppet-conf-0.1-1.local.aix5.3.noarch.rpm
pup-ruby-1.8.7-p352.1.32.puppet.local.aix5.3.ppc.rpm
pup-zlib-1.2.5-1.32.puppet.local.aix5.3.ppc.rpm

32-bit RPM’s Compiled on AIX6.1

pup-facter-1.6.3-1.puppet.local.aix6.1.noarch.rpm
pup-openssl-1.0.0e-1.32.puppet.local.aix6.1.ppc.rpm
pup-puppet-2.7.6-1.local.aix6.1.ppc.rpm
pup-puppet-conf-0.1-1.local.aix6.1.noarch.rpm
pup-ruby-1.8.7-p352.1.32.puppet.local.aix6.1.ppc.rpm
pup-zlib-1.2.5-1.32.puppet.local.aix6.1.ppc.rpm

32-bit SRPM’s Used To Compile The Above RPM’s

pup-facter-1.6.3-1.puppet.local.src.rpm
pup-openssl-1.0.0e-1.32.puppet.local.src.rpm
pup-puppet-2.7.6-1.local.src.rpm
pup-puppet-conf-0.1-1.local.src.rpm
pup-ruby-1.8.7-p352.1.32.puppet.local.src.rpm
pup-zlib-1.2.5-1.32.puppet.local.src.rpm

pup-zlib-1.2.5-1.32.puppet.local.aix5.3.ppc.rpm (73.1 KB) Vincent Lin, 07/10/2012 10:41 am

pup-facter-1.6.3-1.puppet.local.aix5.3.noarch.rpm (63.2 KB) Vincent Lin, 07/10/2012 10:41 am

pup-openssl-1.0.0e-2.32.puppet.local.aix5.3.ppc.rpm (3.12 MB) Vincent Lin, 07/10/2012 10:41 am

pup-puppet-2.7.6-1.local.aix5.3.ppc.rpm (971 KB) Vincent Lin, 07/10/2012 10:41 am

pup-puppet-conf-0.1-1.local.aix5.3.noarch.rpm (1.62 KB) Vincent Lin, 07/10/2012 10:41 am

pup-ruby-1.8.7-p352.1.32.puppet.local.aix5.3.ppc.rpm (3.53 MB) Vincent Lin, 07/10/2012 10:41 am