Installation Guide

2-4

Cisco Intelligent Automation for Cloud Installation Guide

OL-29971-02

Chapter 2 Installing and Configuring Optional Software

Configuring Puppet Labs for Cisco IAC Integration

Timesaver You can find a list of the recommended ports here:

http://docs.openstack.org/trunk/config-reference/content/firewalls-default-ports.html

Configuring Puppet Labs for Cisco IAC Integration

Puppet Labs software must be licensed and in place for use with Cisco Intelligent Automation for Cloud

4.1.1. Puppet Enterprise 3.0.1 or higher is recommended. The FOSS (Open Source) version is not

supported. For POCs, PE is available for free to manage up to 10 nodes.

For Puppet, the following services are included:

• Register Puppet Role

• Update Puppet Infrastructure Item

• Activate Puppet Resource

Note An active Internet connection to the Puppet clients is required to properly install new applications.

Basic Puppet Considerations

To leverage integration with Puppet with Cisco IAC, Puppet modules need to be designed to expose roles

and profiles. Node classification is accomplished via Hiera, so the site.pp file for each environment must

include the following:

node default {

hiera_include('classes')

}

Your main hiera.yaml file should look something like the following:

---

:backends:

- yaml!

:yaml:

:datadir: /etc/puppetlabs/puppet/environments/%{environment}/hieradata

:hierarchy:

- "nodes/%{fqdn}"

- common

Be advised that when you create a Puppet connection from System Setup, it creates two Process

Orchestrator targets, a main Web Service target (for future use) and a reference to a Terminal target (for

SSH). You should update the terminal target’s default maximum number of concurrent sessions to a

number greater than one (preferably 100) to avoid bottlenecks when running Puppet on multiple nodes.

Self-service ordering of servers includes the option to apply a single Puppet role from an environment.

Although best practice is to assign a single role to a server, this can be extended further to include

multiple roles, or add roles later through an add-on service. This is out of scope for Cisco IAC 4.1.1, but

is available through stack blueprints using the Application Stack Accelerator Pack (ASAP).