Puppet Enterprise 3.8

Once you have PE installed, we recommend that you keep regular backups of your PE infrastructure. Regular backups allow you to recover from failed upgrades between versions, to troubleshoot those upgrades, and to quickly recover in the case of system failures. The instructions in this doc can also help you migrate your PE infrastructure from one set of nodes to another.

To perform a full backup and restore, you will:

  1. Back Up Your Database and Puppet Enterprise Files
  2. Purge the Puppet Enterprise Installation (Optional)
  3. Restore Your Database and Puppet Enterprise Files

Back Up Your Database and Puppet Enterprise Files

To properly back up your PE installation, the following databases and PE files should be backed up.

  • /etc/puppetlabs/
  • /opt/puppet/share/puppet-dashboard/certs
  • The modulepath—if you’ve configured it to be outside the PE default of modulepath = /etc/puppetlabs/puppet/module:/opt/puppet/share/puppet/modules in puppet.conf
  • /opt/puppet/share/console-services/certs/—if you use a custom console cert
  • /opt/puppet/var/lib/pgsql/9.2/data/certs

Backup and Restore Procedures for the PE Database provides instructions for backing up your PE PostrgreSQL database.

Note: If you have any custom Simple RPC agents, you will want to back these up. These are located in the libdir configured in /etc/puppetlabs/mcollective/server.cfg.

On a monolithic (all-in-one) install, the databases and PE files will all be located on the same node as the Puppet master.

On a split install (master, console, PuppetDB/PostgreSQL each on a separate node), they will be located across the various servers assigned to these PE components.

  • /etc/puppetlabs/: different versions of this directory can be found on the server assigned to the Puppet master component, the server assigned to the console component, and the server assigned to the PuppetDB/PostgreSQL component. You should back up each version.
  • /opt/puppet/share/puppet-dashboard/certs: located on the server assigned to the console component.
  • /opt/puppet/share/console-services/certs/: if you use a custom console cert; located on the server assigned to the console component.
  • /opt/puppet/var/lib/pgsql/9.2/data/certs: located on the server assigned the PuppetDB/PostgreSQL component.
  • The console, pe-classifier, pe-rbac, and pe-activity databases: located on the server assigned to the PuppetDB/PostgreSQL component.
  • The PuppetDB database: located on the server assigned to the PuppetDB/PostgreSQL component.

Purge the Puppet Enterprise Installation (Optional)

If you’re planning on restoring your databases and PE files to the same server(s), you’ll want to first fully purge your existing Puppet Enterprise installation.

PE contains an uninstaller script located at /opt/puppet/bin/puppet-enterprise-uninstaller.

You can also run it from the same directory as the installer script in the PE tarball you originally downloaded. To do so, run sudo ./puppet-enterprise-uninstaller -p -d. The -p and -d flags are to purge all configuration data and local databases.

Important: If you have a split install, you will need to run the uninstaller on each server that has been assigned a component.

After running the uninstaller, ensure that /opt/puppet/ and /etc/puppetlabs/ are no longer present on the system.

For more information about using the PE uninstaller, refer to Uninstalling Puppet Enterprise.

Restore Your Database and Puppet Enterprise Files

  1. Using the standard install process (run the puppet-enterprise-installer script.), reinstall the same version of Puppet Enterprise that was installed for the files you backed up.

    If you have your original answer file, use it during the installation process; otherwise, be sure to set the same database passwords you used during initial installation.

    If you need to review the PE installation process, check out Installing Puppet Enterpise.

  2. Restore your PE PostgreSQL databases. Backup and Restore Procedures for the PE Database provides instructions for restoring your PE PostrgreSQL database.

  3. Restore from your /etc/puppetlabs/ backup the following directories and files:

    For a monolithic install, these files should all be replaced on the Puppet master:

    • /etc/puppetlabs/puppet/puppet.conf
    • /etc/puppetlabs/puppet/ssl (fully replace with backup, do not leave existing ssl data)
    • /opt/puppet/share/puppet-dashboard/certs
    • /opt/puppet/share/console-services/certs/: if you use a custom console cert
    • The modulepath—if you’ve configured it to be something other than the PE default.

    For a split install, these files and databases should be replaced on the various servers assigned to these PE components.

    • /etc/puppetlabs/: as noted earlier, there is a different version of this directory for the Puppet master component, the console component, and the database support component (i.e., PuppetDB and PostgreSQL). You should replace each version.
    • /opt/puppet/share/puppet-dashboard/certs: located on the server assigned to the console component.
    • /opt/puppet/share/console-services/certs/: if you use a custom console cert; located on the server assigned to the console component.
    • /opt/puppet/var/lib/pgsql/9.2/data/certs: located on the server assigned the PuppetDB/PostgreSQL component.
    • The console, pe-classifier, pe-rbac, and pe-activity databases: located on the server assigned to the database support component.
    • The PuppetDB database: located on the server assigned to the database support component.
    • The modulepath: located on the server assigned to assigned to the Puppet master component.

    Note: If you backed up any Simple RPC agents, you will need to restore these on the same server assigned to the Puppet master component.

  4. Run the following commands:

    chown -R pe-puppet:pe-puppet /etc/puppetlabs/puppet/ssl/
    chown -R puppet-dashboard /opt/puppet/share/puppet-dashboard/certs/
    chown -R pe-console-services /opt/puppet/share/console-services/certs
    chown -R pe-postgres:pe-postgres /opt/puppet/var/lib/pgsql/9.2/data/certs
    
  5. Run the following commands:

    For a monolithic install, run these on the Puppet master; for a split install, run them on the node assigned the PuppetDB/PostgreSQL component.

    puppet resource service pe-postgresql ensure=stopped
    puppet resource service pe-postgresql ensure=running
    puppet resource service pe-puppetdb ensure=stopped
    puppet resource service pe-puppetdb ensure=running
    
  6. Run the following commands:

    For a monolitic install, run these on the Puppet master; for a split install, run them on the node assigned the PE console component.

    puppet resource service pe-console-services ensure=stopped
    puppet resource service pe-console-services ensure=running
    
  7. Restore modules, manifests, hieradata, etc, if necessary. These are typically located in the /etc/puppetlabs/ directory, but you may have configured them in another location.
  8. Run /opt/puppet/sbin/puppetdb-ssl-setup -f. This script generates SSL certificates and configuration based on the agent cert on your PuppetDB node.
Back to top