Installing and configuring a reference implementation

This guide you walks you through installing and configuring a reference implementation of the Puppet plug-in using Puppet Enterprise 2018.1 or newer and vRA 7.3 or newer. This implementation is designed to create a development environment with vRO, vRA, and Puppet running as quickly as possible in order to help you learn how these tools work together.

The reference implementation isn't designed to be used in a production environment. Once you're familiar with how the plug-in works, you can install it into your production vRO/vRA infrastructure and build compatible workflows and blueprints.

The plug-in works with many implementations of Puppet Enterprise, vRO, and vRA. While you can use these instructions to set up this plugin with other versions of Puppet Enterprise and vRO/vRA, we recommend using this reference implementation the first time through.

Note: If you're already experienced with Puppet, vRO, vRA, and the Puppet plug-in, see Managing and provisioning infrastructure with vRA and Puppet for a quick reference of properties and usage.

Prerequisites

The Puppet plug-in 3.0 is compatible with the following configurations.

You can use the Puppet plug-in 3.0 with vRA 7.3 Enterprise edition, which includes an advanced GUI experience with drag-and-drop Puppetcomponents on blueprints. To do so, you must have:

  • A primary server running Puppet Enterprise 2018.1 or newer
  • vRealize Automation Enterprise 7.3
  • Either internal/external vRO 7.x appliance (vRA includes an internal vRO appliance)

You can also use the plug-in with any vRA version from 6 to 7.3. To do so, you must have:

  • A primary server running Puppet Enterprise 2016.4 or newer
  • vRealize Orchestrator 6.x or 7.x (vRA includes an internal vRO appliance)
  • vRealize Automation 6.x or 7.x
  • vRealize Automation Enterprise 7.3 or newer required for GUI integration

Agent nodes being managed by Puppet must run an operating system supported by the Puppet agent.

Note: The 32-bit version of Microsoft Windows Puppet agent is not compatible with vRO plug-in management. You must use the 64-bit (x64) agent.

Network requirements

In order to use vRealize Automation, you must have the correct port configuration for provisioning the primary server, new Linux VMs, and new Windows VMs.

Origin Destination Port
vRO Primary server SSH (22)
vRO new Linux VM SSH (22)
vRO new Windows VM WinRM (5985, 5986)
new Linux and Windows VMs
  • Primary server
  • Compile masters
  • Load balancers
  • Primary server (8140)
  • Orchestrator (8142)
  • MCollective (61613)
  • RBAC (4433)

Removing previous versions of the Puppet plug-in

The plug-in does not currently support upgrades from the previous vRO Puppet plug-in versions.

If you're using any previous version of the plug-in, you must completely remove it before installing a newer version. For best results, delete all puppet elements from the vRO GUI client first and then copy this script from the vRO starter content to the appliance and execute it.

Install and configure Puppet Enterprise

For this reference implementation of the vRO plug-in, you must use a new, clean installation of Puppet Enterprise with Code Manager disabled. After running the setup script, you can opt to enable Code Manager.

  1. Review the Puppet Enterprise hardware and operating system requirements.
  2. Install Puppet Enterprise on a VM or server. This will be the primary server and must be accessible over the network from the vRO appliance or server. An easy way to install PE is to run the installer in text mode. Then there is only one question to answer: the password for the PE Console GUI.
  3. Add the Puppet plug-in starter pack content by following the instructions in the README.

    The starter content repository provides reference implementations of Puppet roles and profiles for Linux and Windows web server stacks, utility scripts to prepare the primary server for vRO, and a templated autosigning script. Once you understand how Puppet, vRO, and vRA work together, you can use these reference implementations to help build your own Puppetized vRO/vRA implementations.

    If you’re already experienced with Puppet, vRO, and vRA, you can replace this reference implementation with your own code or control repository.

  4. Ensure that the primary server has a valid DNS hostname and NTP configured. If you don’t have or use a DNS server, provide a valid hostname for the server’s IP address in the primary server’s hosts file (typically /etc/hosts).
    Note:

    Make sure that a hostname is properly configured on the machines you’re installing PE on. To prevent PowerShell authentication failures, Windows nodes should have their domain/forests configured or an appropriate PowerShell proxy configured prior to running install PE agent workflows.

  5. Initiate a Puppet run on the primary server by running sudo puppet agent -t

    The vRO starter content creates a PE RBAC user and Linux user account on them primary server (both are named vro-plugin-user, default password puppetlabs) and adds rules to the sudoers file allowing it to run commands with elevated privileges as required by the plug-in.

    It also adds the following settings to the primary server's sshd_config:

    PermitRootLogin yes
    PasswordAuthentication yes
    ChallengeResponseAuthentication no
  6. To display role class descriptions in the vRealize Automation web GUI, the starter content installs puppet-strings, a Puppet documentation extraction command built on YARD. If puppet-strings is not installed, you can install it by running:
    puppet resource package puppet-strings provider=puppet_gem

    Role class descriptions come from the @summary tag in your Puppet code, which puppet-strings can digest. The vRO starter content role and profile classes already have this built-in. To do this with your own role classes, add a @summary line with a 140 characters or less description. For example:

    # This role installs a MySQL databse and sample data
    #
    # @summary MySQL database server on Linux with sample data
    class role::linux_mysql_database {
      include profile::linux_baseline
      include profile::mysql
      include profile::sample_data
    }
  7. If you do not allow a sudo-capable user to run commands for vRO — for instance, if you remove the vro-plugin-user account or revoke its sudoers privileges:
    1. Provide vRO with remote access to a user account on the primary server with those capabilities, or to the primary server's root user, which is insecure.
    2. Make a user with the same username in PE RBAC.

Install and configure the Puppet Plug-in

For the reference implementation, we recommend using the vRO built into the vRA appliance.

If you choose to install your own vRO, refer to the vRO documentation. If you previously installed version 1.0 or 2.0 of the plug-in, you must completely remove it before installing version 3.2. The vRO starter content repository includesa script to assist with removing the plug-in.

Related topics: Puppet knowledge base: Removing the Puppet plugin from VMware vRealize Automation

Install the Puppet plug-in

Download and install the Puppet plug-in.

  1. Download the Puppet plug-in’s .vmoapp package from the VMware Solution Exchange.
  2. Log in to the vRO server’s control center at https://<VRO-SERVER-IP-ADDRESS>:8283/vco-controlcenter
  3. Click the Plugins tab.
  4. Click Install plug-in.
  5. Install the Puppet plug-in’s .vmoapp package downloaded from the VMware Solution Exchange. Read and accept the EULA, then click Install.
  6. After the installation confirmation message appears, click Startup Options in the message reminding you to restart the Orchestrator server. In some versions of vRO this message may not appear, but you still must restart the Orchestrator server.
  7. On the Startup Options page, click Restart under the Current Status heading.