• Installing Puppet on EOS

 
 
Print Friendly, PDF & Email
Getting started with Puppet and EOS isn’t a difficult process. It involves taking advantage of the extensible nature of EOS. There are two primary extensions that need to be loaded in EOS in order for an Arista network element to be included in the Puppet ecosystem.

Installation

Installation of the agent on a switch includes adding the Ruby Client for eAPI (rbeapi) and the Puppet agent extensions, basic management configuration, including hostname, domain, and time synchronization (for SSL certificate management), and enabling eAPI access to the switch. Additionally, the Puppet master needs the appropriate modules installed (NetDev_stdlib and EOS) so you can write manifests describing the desired state of your nodes.

See the Quickstart section of the official documentation for detailed instructions.

Both, Puppet Enterprise and Open-Source Puppet masters are supported and the agent, extension, above, may be used with either type of master.  The agent package includes the Puppet agent, facter, ruby 1.9.3, and other prerequisites.

Configuring Puppet

At this point, both the Ruby framework and Puppet binaries should now be loaded and active in EOS. To verify Puppet is successfully installed issue the following command from the EOS CLI.

eos# bash puppet --version
3.7.4 (Puppet Enterprise 3.7.2)

If everything is successful, the command should return the version of Puppet loaded in EOS. The next step is to configure the Puppet agent.

Configuring the Puppet agent involves setting up name resolution (using either DNS or local hosts files), enabling eAPI, and modifying the puppet.conf configuration file, if desired. The following sections will provide a walkthrough.

Configuring Name Resolution

There are two methods that can be used to configure name resolution for use with Puppet. The first method is to configure DNS in EOS allowing the system to query a DNS server for hostname to IP address mapping. The second method is to create entries into the hosts table. This section will provide an example of the commands for each method. For more details, please consult the Arista EOS User Manual.

Configuring DNS

The first method configures EOS to use DNS server and requires two configuration commands. The first command configures the IP address of the primary, secondary and tertiary (if needed) DNS servers.

eos# configure
eos(config)# ip name-server 192.168.1.32
eos(config)# ip name-server 192.168.1.33
eos(config)# ip name-server 192.168.1.34

Once the DNS servers have been configured, the configuration can be validated by issuing the appropriate show command.

eos# show ip name-server
192.168.1.32
192.168.1.33
192.168.1.34

Once the DNS servers are configured, the next step is to define the domain name this host belongs to using the ip domain-name configuration command.

eos# configure
eos(config)# ip domain-name local.aristanetworks.com

Again, the configuration settings can be verified using the show ip domain-name command

eos# show ip domain-name
local.aristanetworks.com

At this point, the EOS node is configured to use DNS for name resolution. A quick check is to ping the Puppet server by name and verify name resolution is working.

eos#ping puppet
PING puppet.local.aristanetworks.com (192.168.1.35) 72(100) bytes of data.
80 bytes from 192.168.1.35: icmp_req=1 ttl=64 time=0.676 ms
80 bytes from 192.168.1.35: icmp_req=2 ttl=64 time=0.160 ms
80 bytes from 192.168.1.35: icmp_req=3 ttl=64 time=0.160 ms
80 bytes from 192.168.1.35: icmp_req=4 ttl=64 time=0.187 ms
80 bytes from 192.168.1.35: icmp_req=5 ttl=64 time=0.182 ms

--- puppet.local.aristanetworks.com ping statistics ---
5 packets transmitted, 5 received, +12 duplicates, 0% packet loss, time 2ms
rtt min/avg/max/mdev = 0.160/0.304/0.703/0.216 ms, pipe 2, ipg/ewma 0.570/0.274 ms

In the above example, the hostname puppet.local.aristanetworks.com has resolved to 192.168.1.35 and the ping is successful.

Configuring Hosts

The other method for providing name resolution is to configure static hostname to IP address mappings in EOS. In order to configure hostname mappings, the ip host command is used in configuration mode.

eos# configure
eos(config)# ip host puppet.local.aristanetworks.com 192.168.1.35

Once the static hostname mapping has been entered into configuration mode, the settings can be verified using the show hosts command.

eos#show hosts

Default domain is not configured
Name/address lookup uses domain service
Name servers are: 

Static Mappings:

Hostname                       IP     Addresses

puppet.local.aristanetworks.com IPV4    192.168.1.35

The output from the show hosts command displays the static hostname to IP address mappings in use.

Configuring eAPI

eos# configure
eos(config)# management api http-commands
eos(config-mgmt-api-http-cmds)# protocol unix-socket
eos(config-mgmt-api-http-cmds)# no shutdown

Configuring puppet.conf

By default the Puppet agent configuration files are in /etc/puppetlabs/puppet/ and the main configuration file is /etc/puppetlabs/puppet/puppet.conf.  This location has been mapped to persistent storage, so changes are not lost after a reload.

Create puppet alias

Once all of the Puppet configuration files are in place, the puppet agent can be run from the bash shell. In order to run the puppet agent directly from the EOS CLI, use of an alias simplifies manual operations.

eos# configure
eos(config)# alias puppet bash sudo puppet

Creating the alias command allows network operators to run the puppet agent directly from the EOS CLI without having to use the bash shell.

Use the show alias command is validate the alias was created successfully.

eos#show aliases
puppet  bash sudo puppet

With the alias configuration in place, the puppet agent can be launched directly from the EOS CLI using the puppet command. Additional command line arguments can also be added using the alias command to see additional output.

eos#puppet agent --test
info: Retrieving plugin
info: Loading facts in /persist/local/puppet/lib/facter/eos_version.rb
info: Caching catalog for veos02.local.aristanetworks.com
info: Applying configuration version '1378739176'
notice: Finished catalog run in 0.05 seconds

The above output shows using the puppet alias command to run the puppet agent and includes the verbose command line option for more detailed output.

SSL Certificates

Puppet uses certificates to authorize new agents to the master.  The first time you run the puppet agent, it will contact the master and submit a certificate request.  The Puppet administrator must sign that certificate before other functions will work.  See the Puppet documentation to determine the correct way to sign the certificate request.  In general, in Puppet Enterprise, a pending node request will show in the PE Dashboard and can be authorized (signed) with a click, there.   In open-source Puppet masters, use the sudo puppet cert list and sudo puppet cert sign <fqdn> commands.

Summary

Getting up and running with Puppet on EOS is fairly straightforward process that involves loading the some EOS extensions and configuring the Puppet client. Once all of the steps have been completed, the Puppet client should be able to communicate with the Puppet server. The EOS node is now available to be automated using Puppet modules.

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: