{"id":848,"date":"2018-10-18T16:09:29","date_gmt":"2018-10-18T16:09:29","guid":{"rendered":"https:\/\/www.appservgrid.com\/paw92\/?p=848"},"modified":"2018-10-21T00:34:36","modified_gmt":"2018-10-21T00:34:36","slug":"katello-separate-lifecycle-for-puppet-modules-lisenet-com-linux-security","status":"publish","type":"post","link":"https:\/\/www.appservgrid.com\/paw92\/index.php\/2018\/10\/18\/katello-separate-lifecycle-for-puppet-modules-lisenet-com-linux-security\/","title":{"rendered":"Katello: Separate Lifecycle for Puppet Modules | Lisenet.com :: Linux | Security"},"content":{"rendered":"

Working with Katell. We\u2019re going to configure a separate lifecycle for Puppet modules. This article is part of the Homelab Project with KVM, Katello and Puppet<\/a> series.<\/p>\n

Homelab<\/p>\n

We have Katello installed on a CentOS 7 server:<\/p>\n

katello.hl.local (10.11.1.4) \u2013 see here<\/a> for installation instructions<\/p>\n

See the image below to identify the homelab part this article applies to.<\/p>\n

\"\"<\/p>\n

Separate Lifecycle for Puppet Modules<\/h2>\n

The idea for using a separate lifecycle for Puppet modules was taken from a Red Hat blog post<\/a> that was published by Maxim Burgerhout.<\/p>\n

We already know that we can create a repository that contains RPM files. We can then create a content view by snapshotting the repository.<\/p>\n

We can create a content view with Puppet modules, just like we would do with RPMs. Based on that content view, Katello creates a special directory on the filesystem and it\u2019s where the Puppet master looks for Puppet modules.<\/p>\n

Katello creates a Puppet environment from the Puppet module content view the moment we publish it. As a result, using a Puppet module content view as a Puppet environment directly makes it easy to iterate quickly during development of our homelab Puppet modules.<\/p>\n

The Plan<\/h2>\n

Below is a step-by-step plan that we\u2019ll be following in this article.<\/p>\n

    \n
  1. Step 1: create a Puppet product.<\/li>\n
  2. Step 2: build Puppet modules.<\/li>\n
  3. Step 3: create a Puppet repository.<\/li>\n
  4. Step 4: sync Puppet repository.<\/li>\n
  5. Step 5: create a content view.<\/li>\n
  6. Step 6: add Puppet modules to the content view.<\/li>\n
  7. Step 7: publish Puppet content view.<\/li>\n
  8. Step 8: backup Katello configuration.<\/li>\n<\/ol>\n

    Configure Katello<\/h2>\n

    Step 1: Create a Puppet Product<\/h3>\n

    # hammer product create –name “puppet”<\/p>\n

    Step 2: Build Puppet Modules<\/h3>\n

    See here for more info: Build and Import Puppet Modules into Katello<\/a><\/p>\n

    The idea here is to have a single Katello repository containing all our Puppet modules.<\/p>\n

    A Katello repository may be a plain directory containing a Pulp manifest and packaged Puppet modules. According to the Pulp project documentation, the Pulp manifest is a file listing each Puppet module contained in the directory. Each module is listed on a separate line which has the following format: <name>,<checksum>,<size>. The name is the file name, the checksum is SHA256 digest of the file, and the size is the size of the file in bytes. The Pulp manifest must be named PULP_MANIFEST. Having all this information, we can build Puppet modules manually, generate a Pulp manifest and import everything into Katello.<\/p>\n

    Get the source from GitHub:<\/p>\n

    # cd \/opt
    \n# git clone https:\/\/github.com\/crylium\/build-puppet-modules-for-katello.git<\/p>\n

    Build the modules, providing the path to the modules\u2019 directory:<\/p>\n

    # bash .\/build-puppet-modules-for-katello\/puppet-module-build.sh
    \n\/etc\/puppetlabs\/code\/environments\/homelab\/modules\/<\/p>\n

    This will also create the file PULP_MANIFEST.<\/p>\n

    Step 3: Create a Puppet Repository<\/h3>\n

    # hammer repository create
    \n–product “puppet”
    \n–name “homelab_modules”
    \n–content-type “puppet”
    \n–url “file:\/\/\/etc\/puppetlabs\/code\/environments\/homelab\/modules\/”<\/p>\n

    Step 4: Synchronise Puppet Repository<\/h3>\n

    # hammer repository synchronize
    \n–product “puppet”
    \n–name “homelab_modules”<\/p>\n

    Step 5: Create a Content View<\/h3>\n

    # hammer content-view create
    \n–name “puppet_content”
    \n–description “Puppet modules”<\/p>\n

    Step 6: Add Puppet Modules to the Content View<\/h3>\n

    View the module list:<\/p>\n

    # hammer puppet-module list
    \n—|————————–|————–|———|————————————-
    \nID | NAME | AUTHOR | VERSION | UUID
    \n—|————————–|————–|———|————————————-
    \n38 | graylog | graylog | 0.6.0 | f27d9a89-9e0a-44fe-b72d-f101d94629a4
    \n37 | sudo | saz | 5.0.0 | f088fa68-bfa3-4429-a8f2-f9c893d52bfc
    \n36 | ruby | puppetlabs | 1.0.0 | eaaef4ba-bf52-4275-8eff-0340d98aa3f7
    \n35 | archive | puppet | 2.3.0 | e09d2bc5-ec62-488c-a1a8-df6364448378
    \n34 | elasticsearch | elastic | 6.2.1 | d965e7b4-ec88-4813-b575-745f9e78c2f1
    \n33 | augeasproviders_shellvar | herculesteam | 2.2.2 | cbbe2521-890b-476d-b3b5-beef1b72fd73
    \n32 | haproxy | puppetlabs | 2.1.0 | c9113401-719a-4d19-8ee8-8faca9a30317
    \n31 | mongodb | puppet | 2.1.0 | c8e47d0c-e54c-4cef-9b16-c1bad02e7fba
    \n30 | sysctl | thias | 1.0.6 | c23fabcc-0d62-4ecb-8ac3-ebe06e9772e6
    \n29 | nfs | derdanne | 2.0.7 | c09f3853-43a8-4d30-b81d-7ce160d8b3b8
    \n28 | stdlib | puppetlabs | 4.24.0 | 9ec2939a-3b08-4fbe-a7ff-1c34984350d7
    \n27 | ssh | saz | 3.0.1 | 99b1c530-fbe7-487a-8842-cfeacc688b74
    \n26 | apache | puppetlabs | 2.3.1 | 93f56575-da3d-41b6-964c-a70af87bcb0c
    \n25 | concat | puppetlabs | 2.2.1 | 9379ce64-6135-4b17-a1c3-5731b0ac89c3
    \n24 | mysql | puppetlabs | 5.3.0 | 92695de8-45c0-4271-832c-5721bdb5ffd9
    \n23 | openldap | camptocamp | 1.16.1 | 924b998d-b361-4f75-9e41-55f825d209da
    \n22 | accounts | puppetlabs | 1.3.0 | 8bf8366e-81f1-4dd1-8de6-9e330e7de759
    \n21 | sssd | sgnl05 | 2.7.0 | 8afc1e88-9d4a-46ad-8107-5d457f4cd740
    \n20 | snmp | razorsedge | 3.9.0 | 8aed966e-e973-4d87-af1d-6f4b63051c32
    \n19 | lisenet_firewall | lisenet | 1.0.0 | 8513e8ec-7cdd-4606-8d8c-92a660dc5da5
    \n18 | corosync | puppet | 6.0.0 | 7b4dba49-c793-47f7-b872-a683a4b8d131
    \n17 | augeasproviders_core | herculesteam | 2.1.4 | 77afedf9-65b8-4168-a8a1-5e534e84462d
    \n16 | pe_gem | puppetlabs | 0.2.0 | 5e639097-072a-4486-bc19-0b3ab6a8bbae
    \n15 | keepalived | arioch | 1.2.5 | 4ff5c45b-0a93-4cbd-8574-1b246363378c
    \n14 | firewall | puppetlabs | 1.12.0 | 3a86241a-3c52-4339-a05d-6f6de0a033ac
    \n13 | rsyslog | saz | 5.0.0 | 330447a4-010a-4cfb-8b99-5cbcf327adaa
    \n12 | systemd | camptocamp | 1.1.1 | 2fea15c7-99d4-49cd-9eea-578c5e249657
    \n11 | ntp | puppetlabs | 7.1.1 | 2fd3c5d5-4943-4f54-bd60-3bd1d73af0d3
    \n10 | translate | puppetlabs | 1.1.0 | 2e46f4e3-34f6-41a0-9466-4b163b87f5d9
    \n9 | selinux | puppet | 1.5.2 | 2e12d841-2801-45d2-a70c-e287d134b1e8
    \n8 | postgresql | puppetlabs | 5.3.0 | 28f11fd1-223b-46fe-a92c-cfc485aa28ef
    \n7 | datacat | richardc | 0.6.2 | 24f45f62-7012-4ac1-809e-3efd9d5d9daa
    \n6 | zabbix | puppet | 6.2.0 | 2426fdbc-9dc2-4cf2-8810-a7702fdd7faa
    \n5 | limits | saz | 3.0.2 | 1b893348-11e9-45e7-9d64-5fb2819c1e96
    \n4 | apt | puppetlabs | 4.5.1 | 13c33cf0-acbe-4369-b44e-def9933e6d87
    \n3 | wordpress | hunner | 1.0.0 | 0f928270-7b36-407b-b603-1efe6e261812
    \n2 | staging | puppet | 3.1.0 | 0a6ffb28-5049-4556-923d-7af3850ece63
    \n1 | java | puppetlabs | 2.4.0 | 081cb24f-cec7-4c12-a203-5685edc1936d
    \n—|————————–|————–|———|————————————-<\/p>\n

    We can loop the module IDs to add them to the content view:<\/p>\n

    # for i in $(seq 1 38);do
    \nhammer content-view puppet-module add
    \n–content-view “puppet_content”
    \n–id “$i”; done<\/p>\n

    Step 7: Publish Puppet Content View<\/h3>\n

    Let us check the environments that we have available before we publish the content view:<\/p>\n

    # hammer environment list
    \n—|———–
    \nID | NAME
    \n—|———–
    \n2 | homelab
    \n1 | production
    \n—|———–<\/p>\n

    The production environment is the default one, and the homelab environment is the one we created manually. Publish Puppet content view:<\/p>\n

    # hammer content-view publish
    \n–name “puppet_content”
    \n–description “Publishing Puppet modules”<\/p>\n

    As mentioned earlier, Katello creates a Puppet environment from the Puppet module content view the moment we publish it. Verify:<\/p>\n

    # hammer environment list
    \n—|————————————
    \nID | NAME
    \n—|————————————
    \n3 | KT_lisenet_Library_puppet_content_4
    \n2 | homelab
    \n1 | production
    \n—|————————————<\/p>\n

    We can now associate a host or hostgroup with whatever Puppet environment we want, including the one created for the Puppet module content view.
    \n\"\"<\/p>\n

    Step 8: Backup Katello Configuration<\/h3>\n

    Let us create a backup of our Katello configuration so that we don\u2019t lose any changes that we\u2019ve made so far:<\/p>\n

    # katello-backup \/mnt\/backup\/ –features=all -y<\/p>\n

    Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

    Working with Katell. We\u2019re going to configure a separate lifecycle for Puppet modules. This article is part of the Homelab Project with KVM, Katello and Puppet series. Homelab We have Katello installed on a CentOS 7 server: katello.hl.local (10.11.1.4) \u2013 see here for installation instructions See the image below to identify the homelab part this … <\/p>\n

    Continue reading “Katello: Separate Lifecycle for Puppet Modules | Lisenet.com :: Linux | Security”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-848","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/848","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/comments?post=848"}],"version-history":[{"count":1,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/848\/revisions"}],"predecessor-version":[{"id":1028,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/848\/revisions\/1028"}],"wp:attachment":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/media?parent=848"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/categories?post=848"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/tags?post=848"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}