Powered By Blogger

2016/06/29

Let us play with some puppet Modules - Part II: Puppetizing DNS/bind Installation and Configuration with camptocamp/bind

In the series of "Let us play with some puppet Modules" posts, I'm willing to share my experience related to the usage of some Forge Puppet Modules. To make it more understandable, I'm trying to make use of a set of well-known Puppet's best practice, with a great emphasis on the following (Check the reference section for Websites where you can learn more about Puppet's best practice):
  • Roles and Profiles Pattern
  • Hiera for Configuration Data
The posts in this series are all following the below structure:

  1. Module Installation and others prerequisites
  2. Profile Module creation
  3. Hiera Configuration
  4. Roles Configuration
  5. Puppet Agent Single run

This post is the second within that "Let us play with some puppet Modules" series and it aims to describe bind (named) Installation and configuration using  camptocamp/bind Module. 
It's true that there's more than one Module on Forge that can help achieve DNS Server Installation and Configuration and the reasons behind choosing one instead of another depends on many factors. In this case, my requirement was to use the same Module for named Installation, zone configuration and addition/modification of DNS Records.  

   I. Module Installation and others prerequisites:

The installation of the module from Puppet Forge,

[root@pe-master ~] # puppet module install camptocamp-bind

   II. Profile Module Creation:

Let us create a specific Profile for DNS Servers , note that I'm using a parameterized class for that profile, with some default values for each parameters. These default values are set as an example and without any other modifications, Applying this Profile Class will install bind (non-chroot), create an example.com zone and insert NameServer (NS) record, some A records and an MX record (last dns_records in the parameters is for any other records type -like TXT, SRV...-)


class profiles::dnsservers (
  $named_chroot         = false,
  $named_default_view   = {},
  $named_config         = {
                           'allow-query'            => ['localhost'],
                           'auth-nxdomain'          => 'no',
                           'bindkeys-file'          => '"/etc/named.iscdlv.key"',
                           'directory'              => '"/var/named"',
                           'dnssec-enable'          => 'no',
                           'dnssec-validation'      => 'no',
                           'dump-file'              => '"/var/named/data/cache_dump.db"',
                           'managed-keys-directory' => '"/var/named/dynamic"',
                           'memstatistics-file'     => '"/var/named/data/named_mem_stats.txt"',
                           'pid-file'               => '"/run/named/named.pid"',
                           'listen-on'              => ['127.0.0.1'],
                           'listen-on-v6'           => ['::1'],
                           'session-keyfile'        => '"/run/named/session.key"',
                           'statistics-file'        => '"/var/named/data/named_stats.txt"',
                          },
  $logging              = {},
  $dns_zones            = [ { 
                           zonename                 => 'example.com',
                           ensure                   => 'present',
                           zone_contact             => 'SystemAdministration@mtncameroon.net',
                           zone_ns                  => ['ns0.example.com'],
                           zone_serial              => '2016061401',
                           zone_ttl                 => '604800',
                           zone_origin              => 'example.com',
                           is_dynamic               => false,
                           allow_update             => [],
                           view                     => 'default',
                           zone_type                => 'master',
                           zone_refresh             => '3h',
                           zone_retry               => '1h',
                           zone_expiracy            => '1w',
                           zone_xfers               => undef,
                           zone_forwarders          => undef,
                           zone_notify              => undef,
                           zone_masters             => undef,
                           transfer_source          => undef,
                           hash_a_entries           => { 
                                            'ns0'   => { owner => '192.168.0.2', }, 
                                            'ns1'   => { owner => '192.168.0.3', }, 
                                            },
                          } ],
  $dns_mxs              = [ {
                           mxnamevar                => 'mx1',
                           zone                     => 'example.com',
                           owner                    => '@',
                           priority                 => '1',
                           host                     => 'mail.example.com',
                          } ],
  $dns_acls             = [ {
                           aclnamevar               => 'test acl',
                           ensure                   => 'present',
                           acls                     => ['192.168.0.2'],
                          } ],
  $dns_records          = [], 
)
{

  # Add the bind packages and services
  class { bind:
    chroot         => $named_chroot,
    default_view   => $named_default_view,
    config         => $named_config,
    logging        => $logging,
  }
  
  # Configure zones
  $dns_zones.each |$dns_zone| {
    bind::zone { $dns_zone[zonename]:
      ensure           => $dns_zone[ensure],
      zone_contact     => $dns_zone[zone_contact],
      zone_ns          => $dns_zone[zone_ns],
      zone_serial      => $dns_zone[zone_serial],
      zone_ttl         => $dns_zone[zone_ttl],
      zone_origin      => $dns_zone[zone_origin],
      is_dynamic       => $dns_zone[is_dynamic],
      allow_update     => $dns_zone[allow_update],
      view             => $dns_zone[view],
      zone_type        => $dns_zone[zone_type],
      zone_refresh     => $dns_zone[zone_refresh],
      zone_retry       => $dns_zone[zone_retry],
      zone_expiracy    => $dns_zone[zone_expiracy],
      zone_xfers       => $dns_zone[zone_xfers],
      zone_forwarders  => $dns_zone[zone_forwarders],
      zone_notify      => $dns_zone[zone_notify],
      zone_masters     => $dns_zone[zone_masters],
      transfer_source  => $dns_zone[transfer_source],
    }
    # Configure Inital A entries in zone
    bind::a { "Hosts in ${dns_zone[zonename]}":
      ensure    => 'present',
      zone      => "${dns_zone[zone_origin]}",
      ptr       => false,
      hash_data => $dns_zone[hash_a_entries],
    }
  }
  # Configure MX entries in zone
  $dns_mxs.each |$dns_mx| {
    bind::mx { $dns_mx[mxnamevar]:
      zone     => $dns_mx[zone],
      owner    => $dns_mx[owner],
      priority => $dns_mx[priority],
      host     => $dns_mx[host],
    }
  }

  $dns_acls.each |$dns_acl| {
    bind::acl {$dns_acl[aclnamevar]:
      ensure      => $dns_acl[ensure],
      acls        => $dns_acl[acls],
    }
  }

  $dns_records.each |$dns_record| {
    bind::record {$dns_record[namevar]:
      zone        => $dns_record[zone],
      record_type => $dns_record[record_type],
      hash_data   => $dns_record[hash_data],
    }
  }

  
}


   III. Hiera Configuration:

As said during the brief introduction above, I'm exclusively using Hiera to store Nodes' configuration data. Below, a sample of Hiera Configuration to create stivesso.local zones with few NS entries, some A entries, but also MX and CNAMEs entries. Note that you can add much more parameters
Because creating such a yaml file for an existing DNS with thousands entries might seem a bit daunting as task, I've written a script available on github that generates a YAML output ready to use for Hiera Configuration based on an existing zone file.


---
profiles::dnsservers::named_chroot:      false
profiles::dnsservers::named_config:
  'allow-query'            :
    - 'any'
  'auth-nxdomain'          : 'no'
  'bindkeys-file'          : '"/etc/named.iscdlv.key"'
  'directory'              : '"/var/named"'
  'dnssec-enable'          : 'yes'
  'dnssec-validation'      : 'yes'
  'dump-file'              : '"/var/named/data/cache_dump.db"'
  'managed-keys-directory' : '"/var/named/dynamic"'
  'memstatistics-file'     : '"/var/named/data/named_mem_stats.txt"'
  'pid-file'               : '"/run/named/named.pid"'
  'listen-on'              : 
    - 'any'
  'listen-on-v6'           : 
    - 'any'
  'session-keyfile'        : '"/run/named/session.key"'
  'statistics-file'        : '"/var/named/data/named_stats.txt"'
profiles::dnsservers::dns_zones:
  -
    zonename                 : 'stivesso.local'
    ensure                   : 'present'
    zone_contact             : 'stivesso@gmail.com'
    zone_ns                  : 
      - 'ns0.stivesso.local'
    zone_serial              : '2016061401'
    zone_ttl                 : '604800'
    zone_origin              : 'stivesso.local'
    hash_a_entries           :
      'ns0'                  :
        owner                :
          '192.168.0.2'
      'ns1'                  :
        owner                :
          '192.168.0.3'
      'sip'                  :
        owner                :
          '192.168.0.10'
profiles::dnsservers::dns_mxs:
  -
    mxnamevar                : 'Mail Server 1 for stivesso.local'
    zone                     : 'stivesso.local'
    owner                    : '@'
    priority                 : '1'
    host                     : 'mail.stivesso.local'
  -
    mxnamevar                : 'Mail Server 2 for stivesso.local'
    zone                     : 'stivesso.local'
    owner                    : '@'
    priority                 : '2'
    host                     : 'mail2.stivesso.local'
profiles::dnsservers::dns_records:
  -
    namevar                  : 'CNAMES for stivesso.local'
    zone                     : 'stivesso.local'
    record_type              : 'CNAME'
    hash_data                :
      'ns3'                  :
        owner                :
          'ns1.stivesso.local'
      'ns4'                  :
        owner                :
          'ns2.stivesso.local'
  -
    namevar                  : 'SRV for stivesso.local'
    zone                     : 'stivesso.local'
    record_type              : 'SRV'
    hash_data                :
      '_sip._tls'            :
        owner                :
          '1 100 443 sip.stivesso.local'


   IV. Roles Configuration:

Using the dnsservers profile described in Section II, with the right Hiera Data, we can move forward with the roles modules configuration,

class roles::dns  {
 
    # Install Oracle Server
    include profiles::dnsservers

}


   IV. Puppet Agent Single run:

And finally, let us trigger a puppet convergence and enjoy the output...


[root@dns-server01 ~]# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for dns-server01.mtncameroon.net
Info: Applying configuration version '1467114345'
Notice: /Stage[main]/Profiles::Dnsservers/Bind::Zone[stivesso.local]/Concat::Fragment[default.zone.stivesso.local]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_views_default.zones/fragments/10_default.zone.stivesso.local]/ensure: defined content as '{md5}2bbf22e9890bad139489e2f951766b52'
Info: /Stage[main]/Profiles::Dnsservers/Bind::Zone[stivesso.local]/Concat::Fragment[default.zone.stivesso.local]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_views_default.zones/fragments/10_default.zone.stivesso.local]: Scheduling refresh of Exec[concat_/etc/named/views/default.zones]
Info: Concat::Fragment[default.zone.stivesso.local]: Scheduling refresh of Exec[reload bind9]
Notice: /Stage[main]/Bind::Config/Bind::View[default]/Concat[/etc/named/views/default.zones]/Exec[concat_/etc/named/views/default.zones]/returns: executed successfully
Notice: /Stage[main]/Bind::Config/Bind::View[default]/Concat[/etc/named/views/default.zones]/Exec[concat_/etc/named/views/default.zones]: Triggered 'refresh' from 1 events
Notice: /Stage[main]/Bind::Config/Bind::View[default]/Concat[/etc/named/views/default.zones]/File[/etc/named/views/default.zones]/content: 
--- /etc/named/views/default.zones      2016-06-23 14:07:11.451145673 +0100
+++ /tmp/puppet-file20160628-63755-1sm2sa0      2016-06-28 12:45:53.089162457 +0100
@@ -1,2 +1,3 @@

+include "/etc/named/zones/stivesso.local.conf";

Info: Computing checksum on file /etc/named/views/default.zones
Info: /Stage[main]/Bind::Config/Bind::View[default]/Concat[/etc/named/views/default.zones]/File[/etc/named/views/default.zones]: Filebucketed /etc/named/views/default.zones to puppet with sum 105b1a46d7a92b49f09f8432ce31b929
Notice: /Stage[main]/Bind::Config/Bind::View[default]/Concat[/etc/named/views/default.zones]/File[/etc/named/views/default.zones]/content: content changed '{md5}105b1a46d7a92b49f09f8432ce31b929' to '{md5}ee24b18125334f0d2d1bee701c51cf5d'
Info: Class[Bind::Config]: Scheduling refresh of Class[Bind::Service]
Info: Class[Bind::Service]: Scheduling refresh of Service[bind9]
Notice: /Stage[main]/Profiles::Dnsservers/Bind::Zone[stivesso.local]/Concat[/etc/named/zones/stivesso.local.conf]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_zones_stivesso.local.conf]/ensure: created
Info: /Stage[main]/Profiles::Dnsservers/Bind::Zone[stivesso.local]/Concat[/etc/named/zones/stivesso.local.conf]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_zones_stivesso.local.conf]: Scheduling refresh of Exec[concat_/etc/named/zones/stivesso.local.conf]
Notice: /Stage[main]/Profiles::Dnsservers/Bind::Zone[stivesso.local]/Concat[/etc/named/zones/stivesso.local.conf]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_zones_stivesso.local.conf/fragments]/ensure: created
Info: /Stage[main]/Profiles::Dnsservers/Bind::Zone[stivesso.local]/Concat[/etc/named/zones/stivesso.local.conf]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_zones_stivesso.local.conf/fragments]: Scheduling refresh of Exec[concat_/etc/named/zones/stivesso.local.conf]
Notice: /Stage[main]/Profiles::Dnsservers/Bind::Zone[stivesso.local]/Concat[/etc/named/zones/stivesso.local.conf]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_zones_stivesso.local.conf/fragments.concat]/ensure: created
Notice: /Stage[main]/Profiles::Dnsservers/Bind::Zone[stivesso.local]/Concat[/etc/named/zones/stivesso.local.conf]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_zones_stivesso.local.conf/fragments.concat.out]/ensure: created
Notice: /Stage[main]/Profiles::Dnsservers/Bind::Zone[stivesso.local]/Concat::Fragment[bind.zones.stivesso.local]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_zones_stivesso.local.conf/fragments/10_bind.zones.stivesso.local]/ensure: defined content as '{md5}a517b1bba36bd1097e7903d9c93146b6'
Info: /Stage[main]/Profiles::Dnsservers/Bind::Zone[stivesso.local]/Concat::Fragment[bind.zones.stivesso.local]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_zones_stivesso.local.conf/fragments/10_bind.zones.stivesso.local]: Scheduling refresh of Exec[concat_/etc/named/zones/stivesso.local.conf]
Info: Concat::Fragment[bind.zones.stivesso.local]: Scheduling refresh of Exec[reload bind9]
Notice: /Stage[main]/Profiles::Dnsservers/Bind::Zone[stivesso.local]/Concat[/etc/named/zones/stivesso.local.conf]/Exec[concat_/etc/named/zones/stivesso.local.conf]/returns: executed successfully
Notice: /Stage[main]/Profiles::Dnsservers/Bind::Zone[stivesso.local]/Concat[/etc/named/zones/stivesso.local.conf]/Exec[concat_/etc/named/zones/stivesso.local.conf]: Triggered 'refresh' from 3 events
Notice: /Stage[main]/Profiles::Dnsservers/Bind::Zone[stivesso.local]/Concat[/etc/named/zones/stivesso.local.conf]/File[/etc/named/zones/stivesso.local.conf]/ensure: defined content as '{md5}a517b1bba36bd1097e7903d9c93146b6'
Info: Concat[/etc/named/zones/stivesso.local.conf]: Scheduling refresh of Exec[reload bind9]
Notice: /Stage[main]/Profiles::Dnsservers/Bind::Zone[stivesso.local]/Concat[/etc/named/pri/stivesso.local.conf]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_pri_stivesso.local.conf]/ensure: created
Info: /Stage[main]/Profiles::Dnsservers/Bind::Zone[stivesso.local]/Concat[/etc/named/pri/stivesso.local.conf]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_pri_stivesso.local.conf]: Scheduling refresh of Exec[concat_/etc/named/pri/stivesso.local.conf]
Notice: /Stage[main]/Profiles::Dnsservers/Bind::Zone[stivesso.local]/Concat[/etc/named/pri/stivesso.local.conf]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_pri_stivesso.local.conf/fragments]/ensure: created
Info: /Stage[main]/Profiles::Dnsservers/Bind::Zone[stivesso.local]/Concat[/etc/named/pri/stivesso.local.conf]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_pri_stivesso.local.conf/fragments]: Scheduling refresh of Exec[concat_/etc/named/pri/stivesso.local.conf]
Notice: /Stage[main]/Profiles::Dnsservers/Bind::Zone[stivesso.local]/Concat[/etc/named/pri/stivesso.local.conf]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_pri_stivesso.local.conf/fragments.concat]/ensure: created
Notice: /Stage[main]/Profiles::Dnsservers/Bind::Zone[stivesso.local]/Concat[/etc/named/pri/stivesso.local.conf]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_pri_stivesso.local.conf/fragments.concat.out]/ensure: created
Notice: /Stage[main]/Profiles::Dnsservers/Bind::Zone[stivesso.local]/Concat::Fragment[00.bind.stivesso.local]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_pri_stivesso.local.conf/fragments/01_00.bind.stivesso.local]/ensure: defined content as '{md5}29645f8c7d75136d38f864f00a73539b'
Info: /Stage[main]/Profiles::Dnsservers/Bind::Zone[stivesso.local]/Concat::Fragment[00.bind.stivesso.local]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_pri_stivesso.local.conf/fragments/01_00.bind.stivesso.local]: Scheduling refresh of Exec[concat_/etc/named/pri/stivesso.local.conf]
Notice: /Stage[main]/Profiles::Dnsservers/Bind::Mx[Mail Server 1 for stivesso.local]/Concat::Fragment[bind.Mail Server 1 for stivesso.local]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_pri_stivesso.local.conf/fragments/10_bind.Mail Server 1 for stivesso.local]/ensure: defined content as '{md5}84250fe317e5527e18e5f15b1fc5f42e'
Info: /Stage[main]/Profiles::Dnsservers/Bind::Mx[Mail Server 1 for stivesso.local]/Concat::Fragment[bind.Mail Server 1 for stivesso.local]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_pri_stivesso.local.conf/fragments/10_bind.Mail Server 1 for stivesso.local]: Scheduling refresh of Exec[concat_/etc/named/pri/stivesso.local.conf]
Info: Concat::Fragment[bind.Mail Server 1 for stivesso.local]: Scheduling refresh of Service[bind9]
Notice: /Stage[main]/Profiles::Dnsservers/Bind::Mx[Mail Server 2 for stivesso.local]/Concat::Fragment[bind.Mail Server 2 for stivesso.local]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_pri_stivesso.local.conf/fragments/10_bind.Mail Server 2 for stivesso.local]/ensure: defined content as '{md5}030ee262b314c0f140c8a51df92c2f96'
Info: /Stage[main]/Profiles::Dnsservers/Bind::Mx[Mail Server 2 for stivesso.local]/Concat::Fragment[bind.Mail Server 2 for stivesso.local]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_pri_stivesso.local.conf/fragments/10_bind.Mail Server 2 for stivesso.local]: Scheduling refresh of Exec[concat_/etc/named/pri/stivesso.local.conf]
Info: Concat::Fragment[bind.Mail Server 2 for stivesso.local]: Scheduling refresh of Service[bind9]
Notice: /Stage[main]/Profiles::Dnsservers/Bind::Record[CNAMES for stivesso.local]/Concat::Fragment[stivesso.local.CNAME.CNAMES for stivesso.local]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_pri_stivesso.local.conf/fragments/10_stivesso.local.CNAME.CNAMES for stivesso.local]/ensure: defined content as '{md5}0889d0534fbd925a16bcb7fc73967e46'
Info: /Stage[main]/Profiles::Dnsservers/Bind::Record[CNAMES for stivesso.local]/Concat::Fragment[stivesso.local.CNAME.CNAMES for stivesso.local]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_pri_stivesso.local.conf/fragments/10_stivesso.local.CNAME.CNAMES for stivesso.local]: Scheduling refresh of Exec[concat_/etc/named/pri/stivesso.local.conf]
Info: Concat::Fragment[stivesso.local.CNAME.CNAMES for stivesso.local]: Scheduling refresh of Service[bind9]
Notice: /Stage[main]/Profiles::Dnsservers/Bind::Record[SRV for stivesso.local]/Concat::Fragment[stivesso.local.SRV.SRV for stivesso.local]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_pri_stivesso.local.conf/fragments/10_stivesso.local.SRV.SRV for stivesso.local]/ensure: defined content as '{md5}f79273ae3d3e002d12857256fef43d4c'
Info: /Stage[main]/Profiles::Dnsservers/Bind::Record[SRV for stivesso.local]/Concat::Fragment[stivesso.local.SRV.SRV for stivesso.local]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_pri_stivesso.local.conf/fragments/10_stivesso.local.SRV.SRV for stivesso.local]: Scheduling refresh of Exec[concat_/etc/named/pri/stivesso.local.conf]
Info: Concat::Fragment[stivesso.local.SRV.SRV for stivesso.local]: Scheduling refresh of Service[bind9]
Notice: /Stage[main]/Profiles::Dnsservers/Bind::A[Hosts in stivesso.local]/Bind::Record[Hosts in stivesso.local]/Concat::Fragment[stivesso.local.A.Hosts in stivesso.local]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_pri_stivesso.local.conf/fragments/10_stivesso.local.A.Hosts in stivesso.local]/ensure: defined content as '{md5}7800b26988a663f0efcef7d0d9e32c68'
Info: /Stage[main]/Profiles::Dnsservers/Bind::A[Hosts in stivesso.local]/Bind::Record[Hosts in stivesso.local]/Concat::Fragment[stivesso.local.A.Hosts in stivesso.local]/File[/opt/puppetlabs/puppet/cache/concat/_etc_named_pri_stivesso.local.conf/fragments/10_stivesso.local.A.Hosts in stivesso.local]: Scheduling refresh of Exec[concat_/etc/named/pri/stivesso.local.conf]
Notice: /Stage[main]/Profiles::Dnsservers/Bind::Zone[stivesso.local]/Concat[/etc/named/pri/stivesso.local.conf]/Exec[concat_/etc/named/pri/stivesso.local.conf]/returns: executed successfully
Notice: /Stage[main]/Profiles::Dnsservers/Bind::Zone[stivesso.local]/Concat[/etc/named/pri/stivesso.local.conf]/Exec[concat_/etc/named/pri/stivesso.local.conf]: Triggered 'refresh' from 8 events
Notice: /Stage[main]/Profiles::Dnsservers/Bind::Zone[stivesso.local]/Concat[/etc/named/pri/stivesso.local.conf]/File[/etc/named/pri/stivesso.local.conf]/ensure: defined content as '{md5}868143982d89632bb6b9273bf43b879b'
Info: Concat[/etc/named/pri/stivesso.local.conf]: Scheduling refresh of Exec[reload bind9]
Info: Concat::Fragment[stivesso.local.A.Hosts in stivesso.local]: Scheduling refresh of Service[bind9]
Notice: /Stage[main]/Bind::Service/Service[bind9]: Triggered 'refresh' from 6 events
Notice: /Stage[main]/Bind/Exec[reload bind9]: Triggered 'refresh' from 4 events
Notice: Applied catalog in 3.42 seconds

Done, DNS Installation and Configuration Puppetised!

References:
http://www.cakesolutions.net/teamblogs/puppet-and-friends 


2016/06/28

Let us play with some puppet Modules - Part I: Puppetizing Oracle Database Server Installation with biemond/oradb

In the series of "Let us play with some puppet Modules" posts, I'm willing to share my experience related to the usage of some Forge Puppet Modules. To make it more understandable, I'm trying to make use of a set of well-known Puppet's best practice, with a great emphasis on the following (Check the reference section for Websites where you can learn more about Puppet's best practice):
  • Roles and Profiles Pattern
  • Hiera for Configuration Data
The posts in this series are all following the below structure:

  1. Module Installation and others prerequisites
  2. Profile Module creation
  3. Hiera Configuration
  4. Roles Configuration
  5. Puppet Agent Single run

This post is the first within that "Let us play with some puppet Modules" series and it aims to describe a simple Oracle Database Software Installation using biemond/oracle Module.

   I. Module Installation and others prerequisites:

The installation of the module is quite easy,

[root@pe-master ~] # puppet module install biemond-oradb


As for the prerequisites, there's a need to make Installation files available either as a zipped Installation files or providing a mountpoint. For this post, I downloaded the Oracle Database Server Installation files and unzipped everything under an  NFS Share which is auto-mounted when needed (note that you can also have files with partx_of_y.zip).


[root@pe-master ~]# ls /net/nfs-server/Archives/INFRASTRUCTURE/dba_softs/11.2.0.3/
linux_86_64  solaris  windows

   II. Profile Module Creation:

Let us create a specific Profile for Oracle Server Technology, note that I'm using a parameterized class for that profile, with no default value for the parameters. Meaning that, these parameters must absolutely be set to use this profile.


class profiles::oracle_server (
 $version,
 $zip_extract                             = false,
 $remote_file                             = false,
 $database_type,
 $oracle_base,
 $oracle_home,
 $user,
 $group,
 $group_install,
 $group_oper,
 $download_dir,
 $bash_profile,
 $oracle_rdbms_server_preinstall_package,
)
{

  package { $oracle_rdbms_server_preinstall_package:
    ensure => present,
  }

  oradb::installdb{ "${version}_${::kernel}-${::architecture}":
    version                   => $version,
    zip_extract               => $zip_extract,
    remote_file               => $remote_file,
    database_type             => $database_type,
    oracle_base               => $oracle_base,
    oracle_home               => $oracle_home,
    user                      => $user,
    group                     => $group,
    group_install             => $group_install,
    group_oper                => $group_oper,
    download_dir              => $download_dir,
    bash_profile              => $bash_profile,
    require                   => Package[$oracle_rdbms_server_preinstall_package],
  }

}


Few words about the parameters I used (there are obviously more available parameters):


  • version:  String to give The database version to install ('12.1.0.2','11.2.0.3','11.2.0.4')
  • zip_extract: Boolean to determine Whether to use ZIP files or to use a pre-extracted directory structure for Database Installation File
  • remote_file: Boolean to determine whether or not to use Installation file remotely
  • database_type: Should be EE (Enterprise Edition), SE (Standard Edition) or SEONE (Standard Edition One)
  • oracle_base:  Oracle Base Directory
  • oracle_home:  Oracle Home Directory
  • user: Oracle User
  • group: Oracle User Group
  • group_install: Group Install
  • group_oper: Group Oper
  • download_dir: Local Folder where the Installation files are located (zipped or unzipped, depending on zip_extract)
  • bash_profile: Boolean to determine whether or not to populate the bash_profile based on a template
  • oracle_rdbms_server_preinstall_package: The Oracle Preinstallation RPM package installs software packages and sets system parameters required for Oracle Database single instance and Oracle  Real Application Clusters installations for Oracle Linux



   III. Hiera Configuration:

As said during the brief introduction above, I'm exclusively using Hiera to store Nodes' configuration data. Below, the Hiera configuration for the set of nodes where I'm installing the Database Software.

---
profiles::oracle_server::version:                                '11.2.0.1'
profiles::oracle_server::file:                                   'linux.x64_11gR2_database'
profiles::oracle_server::database_type:                          'EE'
profiles::oracle_server::oracle_base:                            '/opt/OBIEE/oracle'
profiles::oracle_server::oracle_home:                            '/opt/OBIEE/oracle/product/11.2/db'
profiles::oracle_server::user:                                   'oracle'
profiles::oracle_server::group:                                  'oinstall'
profiles::oracle_server::group_install:                          'oinstall'
profiles::oracle_server::group_oper:                             'oinstall'
profiles::oracle_server::download_dir:                           '/opt/OBIEE/oracle/install'
profiles::oracle_server::bash_profile:                           true
profiles::oracle_server::remote_file:                            false
profiles::oracle_server::puppet_download_mnt_point:              "/net/nfs-server/Archives/INFRASTRUCTURE/dba_softs/zip"
profiles::oracle_server::logoutput:                              true
profiles::oracle_server::oracle_rdbms_server_preinstall_package: 'oracle-rdbms-server-11gR2-preinstall'



   IV. Roles Configuration:

Using the Oracle profile described in Section II, with the right Hiera Data, we can move forward with the roles modules configuration,

class roles::dbserver  {
 
    # Install Oracle Server
    include profiles::oracle_server

}


   IV. Puppet Agent Single run:


And finally, let us trigger a puppet convergence and enjoy the output...


[root@oracle-srv OBIEE]# puppet agent -t
Warning: Local environment: "production" doesn't match server specified node environment "dev", switching agent to "dev".
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Warning: Creating db_directory_structure via Puppet.newtype is deprecated and will be removed in a future release. Use Puppet::Type.newtype instead.
   (at /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:145:in `newtype')
Info: Caching catalog for oracle-srv.mtncameroon.net
Info: Applying configuration version '1463725878'
Notice: oradb::installdb /opt/OBIEE/oracle/product/11.2/db does not exists
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/Notify[oradb::installdb /opt/OBIEE/oracle/product/11.2/db does not exists]/message: defined 'message' as 'oradb::installdb /opt/OBIEE/oracle/product/11.2/db does not exists'
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/Exec[extract /opt/OBIEE/oracle/install/linux.x64_11gR2_database_1of2.zip]/returns: executed successfully
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/Exec[extract /opt/OBIEE/oracle/install/linux.x64_11gR2_database_2of2.zip]/returns: executed successfully
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/File[/opt/OBIEE/oracle/install/db_install_11.2.0.1.rsp]/content: 
--- /opt/OBIEE/oracle/install/db_install_11.2.0.1.rsp   2016-05-20 07:21:20.045331674 +0100
+++ /tmp/puppet-file20160520-25536-bwmflf       2016-05-20 07:31:52.099071875 +0100
@@ -146,7 +146,7 @@
 #------------------------------------------------------------------------------
 # The OPER_GROUP is the OS group which is to be granted OSOPER privileges.
 #------------------------------------------------------------------------------
-oracle.install.db.OPER_GROUP=oper
+oracle.install.db.OPER_GROUP=oinstall
 
 #------------------------------------------------------------------------------
 # Specify the cluster node names selected during the installation.

Info: Computing checksum on file /opt/OBIEE/oracle/install/db_install_11.2.0.1.rsp
Info: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/File[/opt/OBIEE/oracle/install/db_install_11.2.0.1.rsp]: Filebucketed /opt/OBIEE/oracle/install/db_install_11.2.0.1.rsp to main with sum 931ae2da0edc3524ba958c5ce5ae574b
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/File[/opt/OBIEE/oracle/install/db_install_11.2.0.1.rsp]/content: content changed '{md5}931ae2da0edc3524ba958c5ce5ae574b' to '{md5}664e0813045707a7cb86c9eb02df2f96'
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/Exec[install oracle database 11.2.0.1_Linux-x86_64]/returns: Starting Oracle Universal Installer...
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/Exec[install oracle database 11.2.0.1_Linux-x86_64]/returns: 
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/Exec[install oracle database 11.2.0.1_Linux-x86_64]/returns: Checking Temp space: must be greater than 120 MB.   Actual 16795 MB    Passed
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/Exec[install oracle database 11.2.0.1_Linux-x86_64]/returns: Checking swap space: must be greater than 150 MB.   Actual 9999 MB    Passed
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/Exec[install oracle database 11.2.0.1_Linux-x86_64]/returns: Preparing to launch Oracle Universal Installer from /tmp/OraInstall2016-05-20_07-31-58AM. Please wait ...You can find the log of this install session at:
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/Exec[install oracle database 11.2.0.1_Linux-x86_64]/returns:  /opt/OBIEE/oraInventory/logs/installActions2016-05-20_07-31-58AM.log
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/Exec[install oracle database 11.2.0.1_Linux-x86_64]/returns: The following configuration scripts need to be executed as the "root" user. 
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/Exec[install oracle database 11.2.0.1_Linux-x86_64]/returns:  #!/bin/sh 
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/Exec[install oracle database 11.2.0.1_Linux-x86_64]/returns:  #Root scripts to run
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/Exec[install oracle database 11.2.0.1_Linux-x86_64]/returns: 
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/Exec[install oracle database 11.2.0.1_Linux-x86_64]/returns: /opt/OBIEE/oracle/product/11.2/db/root.sh
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/Exec[install oracle database 11.2.0.1_Linux-x86_64]/returns: To execute the configuration scripts:
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/Exec[install oracle database 11.2.0.1_Linux-x86_64]/returns:    1. Open a terminal window 
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/Exec[install oracle database 11.2.0.1_Linux-x86_64]/returns:    2. Log in as "root" 
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/Exec[install oracle database 11.2.0.1_Linux-x86_64]/returns:    3. Run the scripts 
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/Exec[install oracle database 11.2.0.1_Linux-x86_64]/returns:    4. Return to this window and hit "Enter" key to continue 
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/Exec[install oracle database 11.2.0.1_Linux-x86_64]/returns: 
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/Exec[install oracle database 11.2.0.1_Linux-x86_64]/returns: Successfully Setup Software.
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/Exec[install oracle database 11.2.0.1_Linux-x86_64]/returns: executed successfully
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/Exec[run root.sh script 11.2.0.1_Linux-x86_64]/returns: Check /opt/OBIEE/oracle/product/11.2/db/install/root_oracle-srv.mtncameroon.net_2016-05-20_07-34-46.log for the output of root script
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/Exec[run root.sh script 11.2.0.1_Linux-x86_64]/returns: executed successfully
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/File[/opt/OBIEE/oracle/product/11.2/db]/mode: mode changed '0755' to '0775'
Notice: /Stage[main]/Profiles::Oracle_server/Oradb::Installdb[11.2.0.1_Linux-x86_64]/Exec[remove oracle db extract folder 11.2.0.1_Linux-x86_64]/returns: executed successfully
Notice: Applied catalog in 233.53 seconds


Done, Oracle Database Installation Puppetised!

References:
http://www.cakesolutions.net/teamblogs/puppet-and-friends