Using libcloud and Puppet to bootstrap Cloud Servers
First, follow the steps in my last article to set up your puppetmaster. The Puppet client portions are not required as we will bootstrap our client servers. Now, let's install the libcloud library:
git clone git://github.com/apache/libcloud.git
sudo python setup.py install
UPDATE: Since libcloud has been updated since this post, you need to use pip with a specific version:
pip install apache-libcloud==0.11.3
You may need to install other Python libraries like paramiko for deployments.
Create a shell script for installing Puppet
You need to create a short shell script that will be executed on your new Puppet clients. This script should install Puppet and configure the client to talk to your puppetmaster. All of the files I create here are in a local directory called "puppet-deploy."
Create a JSON file for your credentials
For security purposes, you can create a separate file with your Rackspace Cloud API credentials. Just replace the username and apikey values with those from your Rackspace Cloud account:
Use libcloud to deploy a Puppet client
Next we use libcloud to create a server with our SSH key and Puppet that is ready to get instructions from our puppetmaster.
Since I didn't have the client SSL certificates installed, I'm electing to not verify the SSL certificate from Rackspace. This can open you up to man-in-the-middle attacks, so it's best to install those. This is for testing only.
This script is basically authenticating with Rackspace using our API credentials, then creating a 1GB Ubuntu 12.04 server in Chicago with our SSH key. Our Puppet install script is then run to upgrade packages and configure puppet. As soon as the server is online, Puppet will connect to the puppetmaster for instructions. The only thing left to do is sign the certificate on the puppetmaster:
puppet cert --list "puppet02" (5A:A0:BB:FA:DF:2A:E6:24:70:24:63:85:67:2F:DC:08) puppet cert --sign puppet02 notice: Signed certificate request for puppet02 notice: Removing file Puppet::SSL::CertificateRequest puppet02 at '/var/lib/puppet/ssl/ca/requests/puppet02.pem'
Your Puppet client will start getting manifests and modules from the puppetmaster and installing your application.