In infrastructures.org terminology, the gold server is the one location that all clients check in with to see if they need to make any configuration changes. No changes needed? No changes made. No gold server available right now? No changes made, check back later. In theory, this should be a pretty simple server to provision. Do a base OS installation, then enable the configuration management daemons, and let everything else grow from there.
Our gold server is a Xen instance with 128 MB memory and 10 GB disk running Debian 4.0. Top-level packages installed include puppet, puppetmaster, cfengine2, subversion, and xemacs21. The subversion repository for the gold server has /etc/cfengine and /etc/puppet as its top-level folders:
Puppet’s getting started docs work pretty well here. One thing to keep in mind with the Debian and Ubuntu puppet packages is that they have the
--waitforcert value set to 0, so they’ll immediately exit after sending their key to the gold server.
Once you sign their key on the gold server, puppet will work fine after a I’ve made a /etc/default/puppet file that contains
/etc/init.d/puppet start, but this gets in the way of unattended installation. I’ll probably end up putting
waitforcert back to its default of 120 seconds when I get back to the bootstrapping procedure.
DAEMON_OPTS="--server REDACTED --factsync" to return waitforcert back to the default, to bring down new facter facts, and to tell puppet where the master server is. That puppet file gets copied during the boostrap procedure, similarly to the cfengine update.conf. Earlier, I had incorrectly assumed that the waitforcert value would cause puppet to hang, but it just backgrounds itself and waits on the certificate to be signed.
As for cfengine setup, I defer to the articles at debian-administration.org, as I don’t have much to add at this time.