Automating configuration management with Google Cloud Deployment Manager and Puppet

In this blog post, you'll learn how to use Google Cloud Deployment Manager to simplify the deployment and configuration of your Puppet nodes. Deployment Manager and Puppet cover similar, complementary ground. Deployment Manager lets you provision, configure and manage your Google Cloud Platform resources, and Puppet lets you do the same for your servers and software. By combining these powerful tools, you can automate just about every aspect of your cloud-based application.

The examples we’ll outline here use Google Compute Engine instances, which are billable resources. If you're new to Cloud Platform, you can work through the examples for free by signing up a free trial.

Install and configure the Google Cloud SDK

Before you jump in, install and configure the Google Cloud SDK. This tutorial uses the Cloud SDK's gcloud tool to run Deployment Manager deployments.

Set up a Puppet master

Start by creating a Puppet master instance. Compute Engine's Click-to-Deploy service makes this step easy. Just open Click-to-Deploy Puppet in the Developers Console, choose your project, and click the Deploy Puppet button. In a few minutes, your Puppet master instance will be ready.

Create a Deployment Manager configuration file

Now that your Puppet master instance has been deployed, you'll want to start connecting instances to it. To do so, you'll define a configuration file that Deployment Manager can use to automate the provisioning and configuration of new instances.

On your local machine, create a new Deployment Manager configuration file named web-server.yaml and populate it as follows. Replace (your_project) with your Developers Console project name, and replace (puppet_master_instance_name) with the name of your Puppet master instance (puppet1-puppet-master if you used the Click to Deploy default name):

- name: managed-by-puppet
 type: compute.v1.instance
   zone: us-central1-f
   - deviceName: boot
     type: PERSISTENT
     boot: true
     autoDelete: true
   - network:<your_project>/global/networks/default
     - name: External NAT
       type: ONE_TO_ONE_NAT
       - http-server
     - key: startup-script
       value: |
         apt-get install -y puppet

         cat <<EOF >> /etc/puppet/puppet.conf
         server = <puppet_master_instance_name>

         systemctl enable puppet
         systemctl restart puppet

When you run Deployment Manager using this template, Deployment Manager will create a new Debian-based f1-micro instance, then run the startup script defined by the startup-script attribute in the metadata section of the template. Here, the startup script is configured to perform the following actions:

  • Install Puppet
  • Edit the Puppet configuration file to point at your Puppet master instance
  • Connect your instance to the Puppet master instance as a Puppet node

Create and connect a new instance

Run the following command to create a deployment based on your Deployment Manager template:

$ gcloud deployment-manager deployments create managed-by-puppet --config web-server.yaml

You now have a new f1-micro instance that’s configured as a Puppet node. To create additional, identical deployments, simply rerun the above command, replacing managed-by-puppet with a new deployment name.

Approve the pending certificate request

Each Puppet node instance attempts to connect to the Puppet master instance by creating and sending a certificate request. Unfortunately, for security reasons, you cannot automate the approval of this certificate request; to register your Puppet node instance, you must approve its pending certificate request manually.

To approve a certificate request:
  1. Navigate to the VM Instances page in your Developers Console.
  2. Click the SSH button next to your Puppet master instance to connect to your instance via a browser-based SSH terminal.
  3. In the SSH terminal, run the following command to see a list of outstanding Puppet certificate requests:
    $ sudo puppet cert list                                             
    The output should be similar to the following, with only one request listed: [evan@puppet1-puppet-master c2d]# puppet cert list "managed-by-puppet.c..internal" (SHA256) 4D:B3:C2:33:38:
  4. Sign that request by running the following command, replacing (your_project) with your project name:
    $ sudo puppet cert sign                                                managed-by-puppet.c.(your_project).internal

Congratulations! You now have a running Puppet master instance and a Deployment Manager configuration that automatically connects newly deployed instances to the Puppet master.

Delete your deployment and Puppet master

Be sure to delete the deployment and Puppet master instances so you don’t continue to pay for the instances you're not using.

To delete your deployment:
  1. Navigate to the Deployments page in your Developers Console:
  2. Click the trash can icon next to the deployment.

To delete your Puppet master instance:
  1. Navigate to the VM Instances page in your Developers Console.
  2. Check the box next to your Puppet master instance.
  3. Click the Delete button at the top of the page.
-Posted by Evan Brown (@evandbrown), Solutions Architect