Learning Puppet with Raspberry Pi (Part One)

Puppet is, in my humble opinion, the best configuration management tool available. Written in Ruby and released under the Apache 2.0 license. It allows you to manage configurations on as little a single node to an entire network of nodes, from *nix or Windows servers and desktops to Juniper firewalls, routers, and switches.

Here I want to show the basics of getting Puppet up and running using two Raspberry Pi’s. They [Raspberry Pi’s] make great lab nodes with their inexpensive cost, small size, and Linux distribution support. I am running Raspbian Wheezy, built for the Raspberry Pi, Ruby 1.8, Ruby Interactive 1.8, and Puppet 2.7.

In this scenario there are two nodes, alpha ( and bravo ( Alpha is going to be the Puppet Master, compiling a Catalog, or detailed data about how the node should be configured, and sends this to the Puppet agent. Bravo is going to be the Puppet agent node, which sends facts about its current state to the Puppet Master which is used to generate the catalog.

Before anything else make sure your system is up-to-date system:
ry[email protected] ~ $ sudo apt-get update && sudo apt-get upgrade

Install Ruby 1.8 (ruby1.8) as well as Ruby Interactive 1.8 (ri1.8). Ruby Interface isn’t required but is helpful for debugging on-the-fly Ruby scripts.
[email protected] ~ $ sudo apt-get install ruby1.8 ri1.8

You can verify the Ruby installation and version:
[email protected] ~ $ ruby -v
ruby 1.8.7 (2012-02-08 patchlevel 358) [arm-linux-eabihf]

Next comes the Puppet installation, starting with the PuppetMaster (alpha) node:
[email protected] ~ $ sudo apt-get install puppetmaster
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
augeas-lenses bind9-host facter geoip-database libaugeas-ruby1.8 libaugeas0
libbind9-80 libdns88 libgeoip1 libisc84 libisccc80 libisccfg82 liblwres80
lsb-release puppet-common puppetmaster puppetmaster-common ruby-json
0 upgraded, 19 newly installed, 0 to remove and 0 not upgraded.
Need to get 4,825 kB of archives.
After this operation, 13.0 MB of additional disk space will be used.
Do you want to continue [Y/n]?

Once the Puppet Master is installed there are some commands we need to run in order to generate the users on the system.

On each Puppet node we will need to install Ruby and Puppet:
[email protected] ~ $ sudo apt-get install ruby1.8 puppet

You can find more information on Puppet on YouTube.

Route-Based Site-to-Site VPN on Juniper SRX Security Gateways

My inaugural post! I wanted to start with something that has become fundamental to network connectivity and security; Virtual Private Networks (VPN). In this scenario Site-to-Site VPNs on Juniper SRX security gateways, a.k.a. firewalls.

We have two networks, an office and a lab, in two cities, Milwaukee (office) and Chicago (lab).