Authors

Rich Jerrido - Principal Technical Product Marketing Manager, Red Hat

Overview

As a user of Red Hat Satellite 6.1, you would like to deploy Red Hat Satellite in conjunction with Puppet Enterprise.

Requirements

• Red Hat Satellite 6.1.x or newer
• Puppet Enterprise 3.8.1 or newer

Architectural Overview

In this usage, the customer wants to use Puppet Enterprise for Configuration Management i.e. node classification, infrastructure event reporting, application orchestration, and device integrations such as networking and storage, and use Satellite 6 for everything else (Provisioning, Errata Management, Subscription Management, etc)

The customer deploys a Red Hat Satellite server, along with Red Hat Satellite Capsule Servers as needed to support integration and content delivery functionality. It is expected that the customer does not leverage the puppet capabilities as included in Satellite 6 (as they are being provided by Puppet Enterprise). The integration points are in three well-defined areas:

• Leveraging Satellite's repository synchronization capabilities to mirror Puppet Enterprise agent packages
• Using Satellite's provisioning capabilities to install the PE agent and perform its initial configuration.
• Leveraging Puppet Enterprise to update Satellite with updated facts & reports. (As ongoing puppet runs are being reported to PE, we need a means to keep Satellite's database up to date with fact and run report information such that reporting is accurate). To this end, Puppet Labs has developed a custom reports processor and facts terminus (effectively plugins), which reports this data from PE to Satellite (via Satellite's API)

Support Stance

How it works

First, Red Hat Satellite is used to synchronize in the Puppet Enterprise (PE) Agent RPMs for the versions of RHEL that will be managed. This is done by means of a Custom Product, and a repository of type yum. This allows the customer to deploy the Agent RPM during provisioning as part of a Content View. Additionally, as with all custom product, subscription tracking capabilities (via hammer subscription list for example)

Next, the system is provisioned using any of the supported methods in Satellite. We provide a customized provisioning template & snippet (more on these below), which install the PE agent and not the Puppet Agent as shipped in the Satellite tools repository. Additionally, the provisioning templates configure the pe-puppet.conf file with the user-provided hostname of the Puppet Master that is to be used. A Hostgroup Parameter is used to configure the hostname of the Puppet Master and Puppet Certificate Authority

After the node completes its first puppet run, its agent certificate is approved and it is classified (either manually or via rules). Ongoing puppet runs are reported to whichever Puppet Master was designated during provisioning.

Lastly, ongoing facts and reporting data are reported to Satellite via the custom reports processor and facts terminus. Additionally this data is stored in PuppetDB

Getting Started with the Satellite 6 & Puppet Enterprise Integration.

• Add the Puppet Enterprise (PE) certificate to the Satellite's trust.
  • Copy from the PE server: /etc/puppetlabs/puppet/ssl/certs/ca.pem
  • To the Satellite server: /etc/pki/ca-trust/source/anchors/pe-ca.pem
• Run update-ca-trust
• Restart katello-services
• Create a Custom Product named 'Puppet Enterprise' in Satellite 6, with a yum repository named 'PE-EL6-x86_64-RPMs'. (This example uses RHEL6 x86_64)
• PE stores all of their agents at

https://$hostname:8140/packages/$version/$platform-$arch

Example: https://pe-master.example.com:8140/packages/3.7.2/el-6-x86_64/'

• Next, create a content view with
  • the RHEL 6Server rpms repo (this example uses RHEL 6, but any version of RHEL supported by Satellite 6 and Puppet Enterprise is supported)
  • the RHEL 6.6 kickstart repo
  • RHEL Satellite Tools repo.
• Additionally, add the PE-EL6-x86_64-RPMs repo from above to the content view.
• Publish and promote the content view into a lifecycle environment.
• Create an activation key to register content hosts to the lifecycle environment, with a RHEL sub and a 'Puppet Enterprise' sub attached.
• Create a hostgroup, with two hostgroup parameters 'pe_puppet_ca' & 'pe_puppet_master', which are used in a modified version of the Satellite 6 provisioning templates. This will allow the user to define different CA's and masters depending on their setup. In a simple setup, this doesn't matter, but if the installation of Puppet Enterprise is a 'split' install with multiple puppet masters, the flexibility is provided to do such without having to modify the provisioning templates.
• Download the attached provisioning templates sat_kickstart_default_w_pe.erb_.txt and pe-puppet.conf_.erb_.txt from this article.
• Upload the templates to your Satellite and associate them with the Operating Systems, Organization and Location that is desired.
• Provision the system using any supported Kickstart based method.

Frequently Asked Questions

• Q: When will this reference architecture be released?

• A: Red Hat is expecting release of this reference architecture mid-Fall 2015

• Q: May I use the community edition of Puppet?

• A: This reference architecture was designed around the Enterprise version of Puppet. If a customer chooses to use a non-Enterprise version of Puppet Red Hat will request that any issue be reproduced using the Enterprise version of Puppet.
  Please note that customers cannot install a non-Red Hat provided Puppet agent on a Satellite or Capsule, nor do we provide any higher level integrations between Satellite + Community Puppet.