Hello,
I'm running puppet 3.8.6
I need help to establish some kind of tunnel between our intranet and the extranet that we have in our environment.
Basic idea is this:
Puppet Master (inside our intranet) ------> Puppet Client (in the azure cloud)
Notes: The puppet master can ping and ssh into the Puppet Client but the Puppet Client can not ssh nor ping the Puppet Master.
I had the idea to create some kind of ssh tunnel from my Puppet Master back to the client and forward the necessary ports back to the master. So far my attempts have failed. Has anyone been able to create a successful connection from a Intranet to a Extranet using some kind of ssh tunneling?
Here is a basic bash file that I cooked to install puppet client and point it the master.
cat Node_Deployment.sh
#!/bin/sh
# Puppet-Client.sh
#
#
# Created by Natas on 12/7/16.
#
CENTOS_VER=`rpm -qi --whatprovides /etc/redhat-release | awk '/Version/ {print $3}'`
MASTER=`cat /etc/hosts |grep 'puppet-master'`
# Install Epel according to CentOS Version
epelInstall () {
echo -e "\nChecking CentOS version...\n...CentOS $CENTOS_VER found\n" ;
echo -e "\nStarting...\n...Preparing ingredients\n";
sleep 1 | echo -e "\nSearching for EPEL Repository...";
rpm -qa | grep epel-release
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
sleep 1 | echo -e "No need to install EPEL repository!";
else
sleep 1 | echo -e "\nIs necessary to install the EPEL repositories\nInstalling...";
yum install epel-release.noarch -y
sleep 1 | echo -e "Updating packages";
yum update -y
fi
}
puppetInstall () {
# Install puppet
sleep 1 | echo -e "\nInstalling the Puppet Client\nInstalling...";
if [ "`grep /etc/redhat-release -ie 'centos linux release 7'`" != "" ]; then
echo "LOTS 7";
yum -y install https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
elif [ "`grep /etc/redhat-release -ie 'centos release 6'`" != "" ]; then
echo "LOTS 6";
yum install https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
elif [ "`grep /etc/redhat-release -ie 'centos release 5'`" != "" ]; then
echo "LOTS 5";
wget -O /root/puppetlabs-release-el-5.noarch.rpm https://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm
yum --nogpgcheck localinstall /root/puppetlabs-release-el-5.noarch.rpm
else echo "NO OS Found";
fi;
sleep 1 | yum install puppet -y
if [ -e "/etc/puppet/puppet.conf" ]; then
echo " server = george-dev.helium.test" >> /etc/puppet/puppet.conf
echo " 127.0.0.1 puppet.master.com">> /etc/hosts;
sleep 1 | puppet agent --test
fi;
}
firewallD () {
systemctl start firewalld
systemctl enable firewalld
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --permanent --zone=public --add-port=8443/tcp
firewall-cmd --reload
}
adduserAutossh(){
USER=autossh
getent passwd $USER > /dev/null 2&>1
results=$?;
if [ $results -eq 0 ]; then
echo "Yes, the user autossh already exits..."
else
echo "Adding autossh user..."
useradd autossh
mkdir -pv /home/autossh/.ssh
chown -R autossh:autossh /home/autossh
echo "ssh-rsa Secret_keys_Goes_Here= autossh@puppet_master" > /home/autossh/.ssh/authorized_keys
chmod 0600 /home/autossh/.ssh/authorized_keys
chown autossh:autossh /home/autossh/.ssh/authorized_keys
fi;
}
#START THE CODE FROM HERE
epelInstall;
adduserAutossh;
puppetInstall;
firewallD;