Puppet Notes
Rsyslog Client Profile
Uses saz/rsyslog module. This profile can install a client to log to our rsyslog server.
class profiles::rsyslogclient (
) {
class { 'rsyslog::client':
log_remote => true,
spool_size => '1g',
spool_timeoutenqueue => false,
remote_type => 'tcp',
remote_forward_format => 'RSYSLOG_ForwardFormat',
log_local => false,
log_local_custom => undef,
log_auth_local => false,
listen_localhost => false,
split_config => false,
custom_config => undef,
custom_params => undef,
server => '192.168.102.50',
port => '514',
remote_servers => false,
ssl_ca => undef,
ssl_permitted_peer => undef,
ssl_auth_mode => 'anon',
log_templates => false,
log_filters => false,
actionfiletemplate => false,
high_precision_timestamps => false,
rate_limit_burst => undef,
rate_limit_interval => undef,
imfiles => undef
}
}
Rsyslog Server Profile
Also uses saz/rsyslog. Configures basic rsyslog server. Note, with selinux you will need to set the correct selinux context for /srv/log:
mkdir /srv/log
chcon --reference /var/log /srv/log
class profiles::rsyslogserver (
) {
class { 'rsyslog::server':
enable_tcp => true,
enable_udp => false,
enable_relp => false,
enable_onefile => true,
relay_server => false,
server_dir => '/srv/log/',
custom_config => undef,
content => undef,
port => '514',
relp_port => '20514',
address => '*',
high_precision_timestamps => false,
ssl_ca => undef,
ssl_cert => undef,
ssl_key => undef,
log_templates => false,
log_filters => false,
actionfiletemplate => false,
rotate => undef
}
firewalld_rich_rule { 'Accept Rsyslog':
ensure => present,
zone => 'public',
source => '192.168.102.0/24',
port => {
'port' => 514,
'protocol' => 'tcp',
},
action => 'accept',
}
}
Puppet Agent Logs
The below log file on the PuppetServer records all agents' puppet runs.
/var/log/puppetlabs/puppetserver/puppetserver.log
site.pp
node default {
notify {'Puppet is working with the Puppetserver':}
}
node 'linuxagent0.openstacklocal' {
include profiles::linuxbase
}
node 'puppetserver.openstacklocal' {
include profiles::linuxbase
include profiles::puppetserver
}
node 'winagent0.openstacklocal' {
include profiles::winbase
}
Linux Base Profile
class profiles::linuxbase (
Array $apps = ['nc', 'bind-utils', 'vim', 'chrony', 'openssh-server', 'yum-cron'],
Array $services = ['sshd', 'chronyd', 'yum-cron'],
) {
package { $apps:
ensure => 'installed',
}
service { $services:
ensure => 'running',
enable => true,
}
class { 'firewalld': }
firewalld_rich_rule { 'Accept SSH':
ensure => present,
zone => 'public',
source => '192.168.1.0/24',
service => 'ssh',
action => 'accept',
}
}
Test Windows Profile
class profiles::winbase (
) {
file { 'c:/puppet.txt':
ensure => present,
content => 'puppet was here',
}
}
Puppet Server Profile
class profiles::puppetserver (
) {
firewalld_rich_rule { 'Accept Puppet':
ensure => present,
zone => 'public',
source => '192.168.102.0/24',
port => {
'port' => 8140,
'protocol' => 'tcp',
},
action => 'accept',
}
service { puppetserver:
ensure => 'running',
enable => true,
}
}