Puppet Master Setup
The Puppet Master must be setup in order to manage the configuration of the network switches. This is done once:
- Download, install and configure the Puppet master software
- Install the Cisco Puppet module directly from GitHub
- Optionally, set up certificate auto-signing for Puppet agent nodes in your data center
Switch Native Puppet Agent Setup
Puppet Agents must be installed on each switch to enable communications with the Puppet Master. These steps are done once per switch:
- Ensure basic networking is configured, and communication is established between switch and Puppet master in the management namespace.
- Enter Bash Shell
In NX-OS, Puppet Agent gets installed in the Bash Shell of the Cisco Nexus Switch
n9k-sw-1# run bash
bash-4.2$ whoami
admin
- Change to the "management" namespace in the linux shell
This will result in changing the vrf to the management vrf.
bash-4.2# sudo ip netns exec management bash
bash-4.2# whoami
root
bash-4.2#
- Add the DNS server to resolv.conf
bash-4.2# vi /etc/resolv.conf
nameserver <<DNS Server>>
- Download puppet release agent rpm from yum.puppetlabs.com
Note: For the latest Puppet Agent info please refer to https://github.com/cisco/cisco-network-puppet-module/blob/master/docs/README-agent-install.md#agent-config
This step configures the yum repository on the switch for the agent, imports linux GPG encryption keys and copies the agent RPM to the switch.
bash-4.2# yum install https://yum.puppetlabs.com/puppetlabs-release-pc1-cisco-wrlinux-5.noarch.rpm
Loaded plugins: downloadonly, importpubkey, localrpmDB, patchaction, patching, protect-packages
| groups-repo | 1.1 kB | 00:00 ... |
| localdb | 951 B | 00:00 ... |
| patching | 951 B | 00:00 ... |
| thirdparty | 951 B | 00:00 ... |
Setting up Install Process
| puppetlabs-release-pc1-cisco-wrlinux-5.noarch.rpm | 5.8 kB | 00:00 |
Examining /var/tmp/yum-root-g33Fyq/puppetlabs-release-pc1-cisco-wrlinux-5.noarch.rpm: puppetlabs-release-pc1-0.9.4-1.cisco_wrlinux5.noarch
Marking /var/tmp/yum-root-g33Fyq/puppetlabs-release-pc1-cisco-wrlinux-5.noarch.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package puppetlabs-release-pc1.noarch 0:0.9.4-1.cisco_wrlinux5 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
| Package | Arch | Version | Repository | Size |
|---|---|---|---|---|
============================================================================================================
Installing:
| puppetlabs-release-pc1 | noarch | 0.9.4-1.cisco_wrlinux5 | /puppetlabs-pc1-cisco-lnx-5.noarch | 2.2 k |
Transaction Summary
============================================================================================================
Install 1 Package
Total size: 2.2 k
Installed size: 2.2 k
Is this ok [y/N]: y
Downloading Packages:
Running Transaction Check
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : puppetlabs-release-pc1-0.9.4-1.cisco_wrlinux5.noarch 1/1
Installed: puppetlabs-release-pc1.noarch 0:0.9.4-1.cisco_wrlinux5
Complete!
- Installing the Puppet Agent from the yum repository
bash-4.2# yum install puppet
Loaded plugins: downloadonly, importpubkey, localrpmDB, patchaction, patching, protect-packages
groups-repo | 1.1 kB 00:00 ...
localdb | 951 B 00:00 ...
patching | 951 B 00:00 ...
thirdparty | 951 B 00:00 ...
puppetlabs-pc1 | 2.5 kB 00:00
puppetlabs-pc1/primary_db | 6.6 kB 00:00
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package puppet-agent.x86_64 0:1.2.5-1.cisco_wrlinux5 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
Package Arch Version Repository Size
Installing:
puppet-agent x86_64 1.2.5-1.cisco_wrlinux5 puppetlabs-pc1 39 M
Transaction Summary
Install 1 Package
Total download size: 39 M
Installed size: 139 M
Is this ok [y/N]: y
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs
Downloading Packages:
puppet-agent-1.2.5-1.cisco_wrlinux5.x86_64.rpm | 39 MB 00:11
Running Transaction Check
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : puppet-agent-1.2.5-1.cisco_wrlinux5.x86_64 1/1
Installed:
puppet-agent.x86_64 0:1.2.5-1.cisco_wrlinux5
Complete!
bash-4.2#
Install net_http_unix, cisco_nxapi, and cisco_nodeutil gem modules either individually on the switch, or as part of the Puppet manifest for the switch.
Download these packages as part of the Cisco agent software from https://forge.puppetlabs.com/puppetlabs/ciscopuppet
Additional information regarding installation instructions is available at https://puppetlabs.com/solutions/cisco
- Edit the switch manifest on the Puppet Master to enable tenant on-boarding
For tenant on-boarding in data center environments, typical operations are creating VLAN, SVI, assigning ports to VLANs. An example manifest that on-boards a new Tenant A in VLAN 220 would appear as:
Provision Tenant A:
cisco_vlan { "220":
ensure => present,
vlan_name => 'TenantA',
shutdown => 'true',
state => 'active',
}
Provision VLAN Interface for Tenant A:
cisco_interface { "Vlan220" :
svi_autostate => false,
}
Provision Tenant A Switch Port:
cisco_interface { "Ethernet1/2" :
description => 'default',
shutdown => 'default',
access_vlan => '220',
}
- When applied to a switch the resulting configuration would be:
interface Ethernet1/2
switchport access vlan 220
vlan 220
name TenantA
interface Vlan220
no shutdown