Author Archives: Nitin J Mutkawoa

10 steps to install Puppet configuration management tool

Some days ago a guy asked me why I do not blog anything on Puppet configuration management tool and prefer Ansible over Puppet. True it is that I prefer Ansible because it is agentless and very easy to use. However, we agreed that there are certain situations that Puppet wins over Ansible. I decided to blog about this configuration management tool so as to enhance my knowledge and that of my readers. Puppet provides several services such as Windows automation, cloud management, configuration management, etc. However, in this blog post, we will talk about puppet as a configuration management tool. Puppet provides the ability to define which software and configuration a system requires and then maintain a specified state after the initial setup. The nodes that Puppet control must have the Puppet agent installed. In this blog post, we will focus on the installation of the Puppet Server and the Agent as well.

1. For that, I created two VMs (puppet-server and puppet-client) on my Virtual Box labs which are Puppet-Server and Pupper-Client. I have also mentioned each hostname and IP Address in the /etc/hosts file of each server.

2. You can get the repository on yum.puppetlabs.com. I downloaded it with the following commands on both servers:

rpm -Uvh https://yum.puppetlabs.com/puppet-release-el-7.noarch.rpm

3. On the puppet-server, install the puppet-server package.

yum install puppetserver

4. Since I am on a virtual machine with very low memory assigned, I tweak the memory Xms and Xmx value (heap size). The Xms is the initial minimum heap size when the service start whilst the Xmx is the maximum heap size. On the puppet-server, I edited the file /etc/sysconfig/puppetserver and change the heap value to this:

JAVA_ARGS="-Xms1g -Xmx1g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"

5. Add the puppet binary to your environment. I edited the bash_profile file for that.

PATH=$PATH:$HOME/bin:/opt/puppetlabs/bin

Also launched the following command:

source bash_profile

6. Also, install the puppet-agent on the puppetclient machine.

yum install puppet-agent -y

7. On the puppetserver, you can start the service with the following command:

systemctl start puppetserver

8. And, on the puppetclient you can start the service as follows:

systemctl start puppet

9. Now, that we have seen how to install the Puppet server and the agent. Let’s now see other directories related to Puppet.

  • /etc/puppetlabs/puppet – contain several configuration files
  • /etc/puppetlabs/puppet/ssl – contain the certificate
  • /etc/sysconfig/puppetserver – file that contain the java configuration such as heap size, start timeout etc.
  • /etc/puppetlabs/code/environments/production – Default production environment available to write the codes.

10. In Puppet, whatever instructions you give the Puppet agent is called a ‘resource’. This is the fundamentals to write the manifest where instructions are given to manage Puppet. To know the resources available you need to launch the following command:

puppet resource --type

11. To understand the syntax of the resource, for example, the resource ‘file’, use the following command:

puppet describe file

In the next article, I will describe how to use the Puppet configuration management tool to administer or to instruct the puppet agent to perform specific tasks. Remember, Puppet file extension ends with ‘.pp’ and I will focus a lot more on that. At the same time, this is a good way to refresh my memory when using Puppet. I hope you liked this article when it comes to the basic installation and configuration when using Puppet.

Getting started with Terraform

Terraform is an open-source tool created by HashiCorp and it is written in Go programming language. Using Terraform allows us to define our infrastructure as a Code by using declarative language. It’s important to understand that Terraform language is declarative, which describes an intended goal rather than the steps to reach the goal. Once you define your infrastructure, Terraform will figure out how to create it. Terraform also supports a variety of cloud providers and virtualization platforms such as AWS, Azure, VMware, OpenStack, etc.. This is pretty cool as it eliminates several tasks, for example, to create several AWS instances.

Photo credits: terraform.io
Photo credits: terraform.io

Installation of Terraform

1. This is pretty simple. You just have to go on the official website and download the package. In my case, I am on a Linux machine, and I am choosing a Linux 64 bit package.

To download and unzip it, use the following command:

wget https://releases.hashicorp.com/terraform/0.12.10/terraform_0.12.10_linux_amd64.zip && unzip terraform*.zip

2. I moved the binary to /usr/local/bin. Make sure it is in the path environment variable.

mv terraform /usr/local/bin

3. By this time, you should get your binary and be able to check the version.

terraform version

Setting up API call for Terraform on AWS

4. We also need to allow terraform to make an API call on our behalf. I will be calling the API on AWS. For that, you will need to create a user on the AWS IAM and assign the rights and policies. Assuming that you have already created the user and you have the credentials to move ahead. Use the following commands:

export AWS_ACCESS_KEY_ID="AKIA***************"
export AWS_SECRET_ACCESS_KEY="mVTwU6JtC***************"
export AWS_DEFAULT_REGION="us-east-1"

Writing the codes

5. Once you are done exporting the credentials, you can start building your Terraform code. The whole code is in my Github and you can download it for free.

The first thing is to configure the provider and the region.

provider "aws" {

 region = "us-east-1"

}

6. Each provider supports different kinds of resources such as load balancers, servers, databases, etc.. In this example, we are trying to create a single EC2 instance. I have chosen the AWS Linux OS and the smallest nano server. The tags are just the identifier in AWS.

resource "aws_instance" "web" {

  ami           = "ami-0b69ea66ff7391e80"

  instance_type = "t2.nano"

} 

7. Then launch a terraform init to initialized the Terraform working directory.  By that, I mean that it will download the AWS plugin. You should found a similar type of output from your screen.

8. Before performing the actual change, you can use the terraform plan to understand what change has been established. The plus sign means what is going to be added and the minus sign means those that are going to be removed.

9. To create the instance use the terraform apply to create the instance. It will prompt you to type ‘yes’ to continue on with the creation.

10. If you go on the AWS EC2 console, you will notice that the resource has been created successfully.

11. Hey, it’s not over yet! There are more things that need to be added for example the name of the instance. Let’s called it Nginx-Server. Let’s add the tags. Also, launch a terraform apply.

tags = {

    Name = "Nginx-Web"

 }

Adding User Data and Security groups

12. At this stage, I believed you must understand what is Terraform and how it works? To make the installation of Nginx add the following block of lines:

user_data = <<-EOF

  #!/bin/bash

  yum install nginx -y

  systemctl start nginx

  systemctl enable nginx

  EOF

13. To add the security groups, enter these codes:

resource "aws_security_group" "allow_http" {

  name        = "allow_http"

  description = "Allow HTTP inbound traffic"

  ingress {

    from_port   = 80

    to_port     = 80

    protocol    = "tcp"

    cidr_blocks = ["0.0.0.0/0"]

  }

14. In part 6 under instance_type, I have added this line. What it means? “aws_security_group” is a resource, “allow_http” is a variable that has been called from the security group in part 13, and lastly “id” is the attribute.

  vpc_security_group_ids = ["${aws_security_group.allow_http.id}"]

15. Note that when launching terraform apply, you will notice that Terraform will destroy the old machine and build a new one which implies that there will be a downtime.

16. You can also view your code through a graph. Launch the command terraform graph. The output can also be viewed as more human-readable through Graphviz which you have to install. You can also go to webgraphviz.com to view it online.

It is very interesting to understand the dependency when using declarative language in Terraform. The full code can be viewed here on my Github Repository.


cyberstorm.mu member relocated to the United States of America

I admit that I was keeping that a secret since long. Well, many already know now that I moved to the state of Connecticut in the United States of America. I finally got my permanent residency authorization and I am considering different job opportunities. However, I am open to voluntary works here in the states.

When someone first arrives here, there are many things to start with such as a Driving license. It is also important to ensure that the green card is being shipped although the permanent residency is already proven on through the passport visa, Social Security card, Conversion of certificates, prospective jobs, getting used to traveling, communication tools such as SIM cards, Internet access, housing, etc.

Today is the fifth day that I am in the states and I have been visiting several places in Connecticut and been to New York City. As we are in summer here, I have been to BlueBerry picking at a farm and other nature recreational places. Of course, when it comes to food, I make sure that I did not miss the burger. There are also several health caravans which were providing free health checkup which I did. I made some shopping in huge hardware shops such as Lowes which were pretty fascinating. Also had some administrative tasks to complete at the John Kennedy International Airport.

firstweekusa

IMG_4159
IMG_4159
IMG_4159
IMG_4161
IMG_4160
IMG_4160
IMG_0030
IMG_4173
IMG_4173
Loading image... Loading image... Loading image... Loading image... Loading image... Loading image... Loading image... Loading image... Loading image... Loading image...

When reaching the United States, I made a landing video from the plane. You can check it out below.

[yotuwp type=”videos” id=”6zLfD0TQS5k” ]

Now, the adventure begins and my checklist is becoming so complicated. But, I’m sure everything will get sorted soon. I’m also following events and meetups in Mauritius and I’m glad that cyberstorm.mu is present in the AFPIF – African Peering and Interconnection Forum conference in Mauritius.

IETF 105 Hackathon remotely from Mauritius

For sure, I cannot miss out to share this blog post which is about the IETF 105 hackathon which took place in Montreal, Canada. It was carried out at The Kiosk, Coromandel at the quarters of cyberstorm.mu. If you have been following cyberstorm.mu team during the IETF hackathon, you would have noticed that we had a pool and several amenities. This time, due to some constraints, we have decided to shift to our brand new office at The Kiosk, Coromandel.

It was two days hackathon. Some decided to work remotely whilst others came at the office to discuss and proceed ahead with robust analysis and more codes. We also had new participants who agreed to attend the hackathon. Some visited us for a while whilst others came to visit us just out of curiosity.

The team also came to know that it could be my last days in Mauritius as I decided to move to the United States and also resigned from my current position as DevOps Engineer at Orange Business Services. Thanks to Nathan Sunil Mangar who provided us with several goodies. Some days back the SANS Internet Storm Center sent me some stickers which I shared with the team.

The team was working on TLS 1.3, SSH, SCE, DSCP-LE PHB, and the IETF Mobile App. On the next day, Loganaden Velvindron presented the work remotely from Mauritius. I was glad to be able to work on the Check-SMTP software by ZeroSpam which is a company in Canada. More and more applications are now TLS 1.3 compatible. The SSH RC4 deprecation is now becoming a reality. You can view the presentation here:

[yotuwp type=”videos” id=”SoHsM4SlYZ0″ ]

Thanks to the TheKiosk who sponsored us the location and a brand new office. The team is looking forward to work further in the next IETF hackathon. Also, cyberstorm.mu is now giving support to several IETF hubs in Africa and bringing more free security patches to the world. More picture here:

ietf105

IMG_3896
IMG_3895
IMG_3893
IMG_3891
94c29555-97ae-4849-b513-9c06595f2125
1b4f9006-6431-4efd-9b0d-993e5d47d285
a52aa390-7fc5-4591-899d-4de2f7d0ed4e
a52aa390-7fc5-4591-899d-4de2f7d0ed4e
a439405a-0328-4f52-a2aa-911d2a4592aa
786f0b5e-c1d0-4109-af26-776d5c6b1911
786f0b5e-c1d0-4109-af26-776d5c6b1911
b80e555e-f3f9-4552-880d-906f7199917f
a439405a-0328-4f52-a2aa-911d2a4592aa
9289052a-c257-4f8b-b249-14a783e5735e
IMG_3928
27a58db3-116a-43d7-bd9b-6cba4cdc25f9
IMG_3900
5fc1ba14-744c-4bd0-aa68-c69333d6c2e0
0b359027-5955-40fd-b5ec-377615fd6164
0b359027-5955-40fd-b5ec-377615fd6164
Loading image... Loading image... Loading image... Loading image... Loading image... Loading image... Loading image... Loading image... Loading image... Loading image... Loading image... Loading image... Loading image... Loading image... Loading image... Loading image... Loading image... Loading image... Loading image... Loading image...

Attending Africa Internet Summit 2019 remotely from South Africa

This year the Africa Internet Summit was held in Kampala, Uganda. I could not be physically present as I had to fly urgently to Johannesburg for both personal and business reasons. For those, who are not aware of the Africa Internet Summit AIS’19, it is an event initiated by the ISOC and Afrinic organizations to discuss policy and tech happening in the big Africa continent. There were also few presentations about networking and tech by ISOC, ICANN, Dot Africa TLD, etc. Jeremy Daniel (Cyberstorm.mu) and Loganaden Velvindron (AfriNIC) were present there to lead the hackathon on NTP, and well as a presentation by Loganaden Velvindron who spoken on, QUIC (Quick UDP Internet Connections) which is a new encrypted-by-default Internet transport protocol, that provides a number of improvements designed to accelerate HTTP traffic as well as make it more secure, with the intended goal of eventually replacing TCP and TLS on the web.

As I could not be physically present, I registered myself to attend remotely. The streaming was amazing and worked pretty fine for me with really little major networking issues. The hackathon was lead by the cyberstorm.mu team. I remember last year during the Africa Internet Summit 2018, I was there leading for the NTP hackathon.

Champions: Loganaden Velvindron (AFRINIC) & Jeremie Daniel (University of Mauritius and cyberstorm.mu)

There were also one of the most interesting parts that are policy discussion in the Africa region. The online streaming was very good with little connectivity problems noted. I’m glad about the NTP hackathon which was led by the cyberstorm.mu team. There were also other tracks such as IPwave, IPv6, DNS, etc. More information is also available on the official AIS wiki page. There is also another French article on ict.io as well as an English article from the Internet Society which covers the AIS hackathon.