In our organization, we created a chocolatey package for the puppet client
hosted on our internal nuget server. We then created a powershell module that
includes several tools for our environment, one of which remotely invokes the
installation of chocolatey on windows systems in parallel, and another to
invoke the installation of the chocolatey puppet package from our internal
nuget server, also in parallel. The chocolatey package contains the majority
of the MSI properties for configuration, and we leverage the installargs option
to pass in the puppet environment we need to point to. The “meat” for this is
just looping through a bunch of invoke-commands and running them as jobs after
passing in one or more servers with a simple text file manifest. This avoids
the “patch party” scenario.
Of course the above depends on having WinRM configured as Rob mentioned. If
you do have WinRM enabled, you can take out the chocolatey package
pre-requisite as in our case (e.g. if you don’t have a nuget server setup), and
then still build a simple PowerShell script to use invoke-command kick off the
installation of the msi with parameters on multiple servers, as jobs, so they
occur in parallel. You could have the msi hosted on a share to access during
the installation.
Do you have any tools such as Microsoft System Center to package and deploy?
That would be another way to do this, or a myriad of other tools that can be
used to deploy. For example, I’ve not used psexec for puppet, but you could
try to use psexec from www.sysinternals.com to execute as well. It has an
option (-c) to copy the the program to the remote system before it executes, so
that can serve to ensure the MSI is available on the remote node. Note that
psexec does create a windows service on the remote server – so there’s a trace
left behind you may need to clean up (yuck).
Hope this helps.
-Jim
From: Brian Morris
Sent: Thursday, October 02, 2014 6:24 PM
To: puppet-users@googlegroups.com
Subject: Re: [Puppet Users] Best way to deploy the Puppet client to a large set
of Windows servers?
Thank you, Rob. I have a lot of reading to do. :)
On Thu, Oct 2, 2014 at 3:12 PM, Rob Reynolds <r...@puppetlabs.com> wrote:
On Wed, Oct 1, 2014 at 3:30 PM, Brian Morris <nomadicextre...@gmail.com>
wrote:
Hello all,
There may come a need for me to perform a wide deployment of the Puppet
client to Windows servers. I am curious to know how others have accomplished
this.
Concerns I have:
- No other tools are in place that readily come to mind for pushing the
client out. VCM is in play, but is difficult at best to deploy other
applications with. The client could certainly be placed on a central file
share, but pulling rather than pushing sounds like it will require direct
Sysadmin involvement.
- To ease the pain I could set the Puppet Master to auto-sign certificates
for a small window of time, but am unsure if this would be worthwhile.
- I can imagine a "patch party" where a bunch of Sysadmins each get a list
of servers to go hand perform the installation on, but I am hoping for
something much cleaner than this.
I'm not sure yet if we have an official/recommended way of getting the agent
installed. I believe we are working on making this process easier though.
So now an alternative recommendation of going about it -
Is WinRm configured on these servers? I'm guessing no b/c they are stock. If
so you have a much easier time moving forward, but it is not configured by
default. So the next option is Wmi calls.
There is a really low level Wmi call you can make to Win32_Process.Create[1]
that you can use to create a process to install the puppet agent if you have
administrative privileges. You can do this remotely. This works with Windows
OOTB.
If one could connect, you could pass a command to msiexec to run the
installer with a url to the agent msi. You would want to put it on a file share
that all of these servers can access (or use the official download). Take a
look at automated installation[2] and msi properties[3].
So you could set your call as "msiexec" and args "/qn /i
\\file\share\location\of\puppet.msi PUPPET_MASTER_SERVER=puppet.example.com"
You could run that command as fire and forget and wait for them to all finish
up as they check in with the master. I did a little searching and found a
couple of gems out there that are related to WMI[4][5].
Note: I once worked on a tool where we did something very similar to this.
[1] http://msdn.microsoft.com/en-us/library/aa389388.aspx
[2]
https://docs.puppetlabs.com/guides/install_puppet/install_windows.html#automated-installation
[3]
https://docs.puppetlabs.com/guides/install_puppet/install_windows.html#msi-properties
[4] https://rubygems.org/gems/ruby-wmi
[5] https://rubygems.org/gems/wmi-lite
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/0cb53cf7-6e6e-41c3-8855-8217cfaae923%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Rob Reynolds
Developer, Puppet Labs
Join us at PuppetConf 2014, September 20-24 in San Francisco
--
You received this message because you are subscribed to a topic in the Google
Groups "Puppet Users" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/puppet-users/pSo5jKyezmU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAMJiBK7BaHkWypqZsQA2Y6f%3D1cj9FZ4E1KTfJntXw7F_9xRAWA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAH8X0%2BFs7j-yepqMj5Xg4Xqh5pSZ_THKAwQj4PhcxadnUREAXA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/BD2F4C1A3B534835B1B21883B4F882EA%40JimHPPavilionG6.
For more options, visit https://groups.google.com/d/optout.
