Puppet Agent - Bootstrap EOS¶
I want to bootstrap an EOS node with the Puppet agent.
Prior to EOS 4.14.5, eAPI must be configured with HTTPS or HTTP and a flash:eapi.conf must be created for rbeapi. Starting with EOS 4.14.5, rbeapi can use unix-sockets to communicate with eAPI, locally.
Download the Puppet Enterprise agent (may be used with Puppet Enterprise or Open Source) from PuppetLabs and the Ruby client for eAPI (pe-rbeapi) SWIX from GitHub. Place these files in /usr/share/ztpserver/files/puppet/``
--- name: puppet-test actions: - name: "Install Puppet agent" action: install_extension always_execute: true attributes: url: files/puppet/puppet-enterprise-3.8.2-eos-4-i386.swix - name: "Install rbeapi - Ruby client for eAPI" action: install_extension always_execute: true attributes: url: files/puppet/rbeapi-0.3.0.swix - name: "Configure host alias and eAPI for Puppet" action: add_config attributes: url: files/templates/puppet.template variables: hostname: allocate('mgmt_hostnames') domainname: example.com puppetmaster: 172.16.130.10 ntpserver: 22.214.171.124 onstart: "Starting to configure EOS for Puppet" onsuccess: "SUCCESS: Base config for Puppet"
! alias puppet bash sudo /opt/puppet/bin/puppet ! hostname $hostname ! ip domain-name $domainname ! ip host puppet $puppetmaster ! ntp server $ntpserver prefer iburst ! management api http-commands no protocol https protocol unix-socket no shutdown !
Here we use the
install_extension action to install the Puppet agent and
Ruby client for eAPI, then apply a minimal configuration so the Puppet agent
can generate its SSL keys and contact the Puppet Master. The attributes listed
add_config action will be passed to the node so that it is able to
properly generate its SSL keypair and certificate signing request (CSR) and
validate the Puppet master’s certificate.
For more Action recipes see the Actions section.