Setting up your Sandbox

The first thing we did was set up an ide, the second thing we’re going to do is we’re going to set up a sandbox. This is a bit long, so bear with me.

Why?

Really short answer: So we can only harm ourselves.

What am I going to end up with?

NOTE: CentOS was chosen as the puppet master because it is the current lowest common denominator of the latest long term release / server distros.

  • A CentOS 6.5 puppet master / dns server
  • A CentOS 6.5 puppet agent test machine
  • An Ubuntu 12.04 LTS puppet agent test machine

All running the latest everything and dwelling in the 203.0.113.0/24 TEST-NET-3 documentation network set aside by RFC5737(with example.com DNS as defined by RFC2606) and isolated to virtualbox. So while it should be pretty safe to assume they’re sandboxed, they’ll be able to talk to each other and our master.

I also created individual shared folders for the ssl certs and signed everything; as well as constructed some simple puppet modules for provisioning the machines.

Or in other words a complete puppet kit, including examples, suitable for testing and play.

Great, let’s get started!

NOTE: Heads up, vagrant moves really, really fast. Between February and March of 2014 it went from 1.4.3 to 1.5.1. This wasn’t always without incident: 1.4.3 reintroduced an old virtualbox private networking bug in regards to Fedora(this commit) and 1.4.2 broke box packaging on OSX.

  • Get the latest version of VirtualBox. (Currently 4.3.10)
  • Download the latest version of Vagrant (currently 1.5.1)

Once you have them, install them. There isn’t anything particularly tricky to either installer and they adhere to the norms of every operating system I tried(which is everything but linux, and I think if you run linux you can deal).

NOTE: If you’re on windows after installation you will have to append the Vagrant and VirtualBox installation directories to your path.

Now we need to retrieve the vagrant file and basic provisioning information I prepped for this. Pick a location and download the prepped environment.

I normally choose to place everything in ~/Vagrant but wherever you choose to put it is fine.

Construct the Boxes

The original plan was to include the boxes with the repository, but GitHub doesn’t let you store binaries over 100MB and the boxes clock in at well over that. Instead we’re going to jump ahead(I initially intended for this to be much simpler and shorter post) and I’m going to guide you through constructing those boxes.

In your favorite shell navigate to where you uncompressed everything. You will know you are in the right place when you see a Vagrantfile file.

Install the vagrant-vbguest plugin

To start with we’re going to install the vbguest plugin, which keeps virtualbox guest additions up to date. Run:

vagrant plugin install vagrant-vbguest

Prep the CentOS6.5 Base Box

The next thing we’re going to do is set up the base CentOS box, as I also use this as the base for puppet and DNS. We’re going to start with the PuppetLab’s CentOS6.5 base box for the sake of saving a great deal of time and refresh it.

To get started run:

vagrant up centos --no-provision

This will download the basebox from puppet and bring it up(but not provision it) as well as update the virtualbox guest additions thanks to the plugin we installed earlier.

Once up, we need to install the passenger and epel repositories and update everything:

vagrant ssh centos -c "sudo rpm --import http://passenger.stealthymonkeys.com/RPM-GPG-KEY-stealthymonkeys.asc && \
sudo yum install -y http://passenger.stealthymonkeys.com/rhel/6/passenger-release.noarch.rpm && \
sudo yum install -y http://mirrors.kernel.org/fedora-epel/6/i386/epel-release-6-8.noarch.rpm && \
sudo yum update -y"

This could take a while, so be patient.

Now the above likely updated the kernel, so we need to trigger the vagrant-vbguest plugin to reinstall the add-ons. A reload alone won’t do it; we need to shutdown and then start up the machine:


vagrant halt centos
vagrant up centos --no-provision

Once that’s done we clean up after packer / make damn sure the vagrant modifications were made:


vagrant ssh centos -c "echo '' | sudo tee -a /etc/motd && \
sudo sed -i'' s/^\#UseDNS\ yes/UseDNS\ no/g /etc/ssh/sshd_config && \
sudo sed -i'' s/^Defaults\ requiretty/\#Defaults\ requiretty/g /etc/sudoers"

Then clear the logs, the interface vagrant added, tmp, and history. Clean it up, in other words:


vagrant ssh centos -c "sudo rm -f /etc/sysconfig/network-scripts/ifcfg-eth1 && \
sudo find /var/log -type f -delete && \
sudo rm -f /tmp/* && \
sudo rm -f /root/.bash_history -c && \
history -c"

Finally, package it up:


vagrant package centos --output boxes/centos.box

Prepping the Puppet Master

We can now proceed to use our existing CentOS box to construct our puppet master. First we bring the centos machine(which would have been halted for packaging) back up:


vagrant up centos --no-provision

Then we install everything we need and ensure the services are off:


vagrant ssh centos -c "sudo yum install -y httpd \
mod_ssl mod_passenger puppet-server bind && \
sudo chkconfig named off && \
sudo chkconfig httpd off"

Clean it up:


vagrant ssh centos -c "sudo rm -f /etc/sysconfig/network-scripts/ifcfg-eth1 && \
sudo find /var/log -type f -delete && \
sudo rm -f /tmp/* && \
sudo rm -f /root/.bash_history -c && \
history -c"

And finally package it:


vagrant package centos --output boxes/puppetmaster.box

We have one last bit of cleanup to do. We don't want the old basebox lurking around, so we go ahead and purge that:


vagrant box remove example-CentOS6.5

Prepping Ubuntu 12.04LTS


Now we move on to ubuntu. The base box here is based on the last LTS, 12.04, and again comes from PuppetLabs. Again, bring it up without provisioning.

vagrant up ubuntu --no-provision

It complained about /var/lib/puppet/ssl or something, right? That just means that in addition to updating everything we need to install puppet.


vagrant ssh ubuntu -c "sudo curl -o /tmp/puppetlabs-release-precise.deb https://apt.puppetlabs.com/puppetlabs-release-precise.deb && \
sudo dpkg -i /tmp/puppetlabs-release-precise.deb && \
sudo apt-get update -y && \
sudo apt-get install puppet -y && \
sudo apt-get upgrade -y"

That is definitely going to take a bit, and it is likely going to want to update grub, which is going to prompt you for an install location. Select /dev/sda.

Next you need to fix ubuntu / vagrant combining to do something stupid(see this vagrant issue):


vagrant ssh ubuntu -c "sudo ln -s /opt/VBoxGuestAdditions-4.3.10/lib/VBoxGuestAdditions /usr/lib/VBoxGuestAdditions"

And then in case the kernel was updated go ahead cycle the server:


vagrant halt ubuntu
vagrant up ubuntu --no-provision

Clean it:


vagrant ssh ubuntu -c "sudo perl -i'' -p0e 's/\#VAGRANT-BEGIN.*\#VAGRANT-END\n//s' interfaces && \
sudo find /var/log -type f -delete && \
sudo rm -f /tmp/* && \
sudo rm -f /root/.bash_history -c && \
history -c"

Package it:

vagrant package ubuntu --output boxes/ubuntu.box

And then remove the old basebox:

vagrant box remove example-Ubuntu12.04

Apply some polish

Now we have a set of baseboxes which should be up to date. If you stopped here, everything would work, but you'd need to wait a bit while your machines provisioned every time you reinitialized them. To save us that step we're going to provision them and then repackage them. This will set up puppet testing gems as well as the puppet master / dns and bake them into our base boxes.

First we need to destroy everything so we can reinitialize it:

vagrant destroy -f

And then bring them all up:

vagrant up

This will bring up all of the machines, in sequence, starting with the puppet master. As we didn't flag it not to, it's also going to provision them with our puppet manifests/modules(in ./puppet). It is going to take a bit.

Once they're up we clean the puppet master:


vagrant ssh puppet -c "sudo rm -f /etc/sysconfig/network-scripts/ifcfg-eth1 && \
sudo find /var/log -type f -delete && \
sudo rm -rf /var/lib/puppet/reports/* && \
sudo rm -f /tmp/* && \
sudo rm -f /root/.bash_history -c && \
history -c"

and the CentOS box:


vagrant ssh centos -c "sudo rm -f /etc/sysconfig/network-scripts/ifcfg-eth1 && \
sudo find /var/log -type f -delete && \
sudo rm -rf /var/lib/puppet/reports/* && \
sudo rm -f /tmp/* && \
sudo rm -f /root/.bash_history -c && \
history -c"

And finally, the ubuntu box:


vagrant ssh ubuntu -c "sudo perl -i'' -p0e 's/\#VAGRANT-BEGIN.*\#VAGRANT-END\n//s' interfaces && \
sudo find /var/log -type f -delete && \
sudo rm -rf /var/lib/puppet/reports/* && \
sudo rm -f /tmp/* && \
sudo rm -f /root/.bash_history -c && \
history -c"

With the boxes relatively clean we repackage our base boxes:


rm -f boxes/*.box
vagrant package ubuntu --output boxes/ubuntu.box
vagrant package centos --output boxes/centos.box
vagrant package puppet --output boxes/puppetmaster.box

And then finally remove the old base boxes and purge the active VMS:


vagrant box remove example-CentOS6.5
vagrant box remove example-PuppetMaster
vagrant box remove example-Ubuntu12.04
vagrant destroy -f

All that's left is...

Testing

NOTE: The centos and ubuntu machines are dependent on the puppet vm for DNS by default.

First bring everything back up:

vagrant up

This should, if you remember, bring all of the vms up in sequence starting with the puppetmaster.

You can then verify the agents work:


vagrant ssh puppet -c "sudo puppet agent -t"
vagrant ssh centos -c "sudo puppet agent -t"
vagrant ssh ubuntu -c "sudo puppet agent -t"

Everything should come up green.

And we're done! Next we'll set up a new shared folder for these machines and begin to go into what exactly we just did.

Leave a Reply

Your email address will not be published. Required fields are marked *