Skip to content
Fully automated provisioner for servers using MCollective
Latest commit 600b636 Jan 31, 2013 @ripienaar Merge pull request #7 from diablomedia/master
Fix for cert signing on mix-cased hostnames, Rakefile fix, new daemonize_puppet action
Failed to load latest commit information.


What is it?

A tool that will take machines running mcollective and a small provisioning agent and bootstrap them through the process of running puppet.

Logic Flow

Each node more or less go through the following steps given the config file:

logfile: /var/log/mcprovision.log
loglevel: debug
daemonize: true
sleeptime: 10
  lock: true
  set_puppet_hostname: true
  clean_node_certname: true
  send_node_csr: true
  sign_node_csr: true
  puppet_bootstrap_stage: true
  puppet_final_run: true
  notify: true
  - ec2_placement_region
  - country
  filter: ""
  agent: puppetca
  ipaddress_fact: ipaddress
  filter: ""
  agent: provision
  ipaddress_fact: ipaddress
  filter: ""
  agent: angelianotify
  - boxcar://
  1. Discover all nodes running the 'provision' agent
  2. Pick the first discovered node and start provisioning
  3. Find a list of all masters running 'puppetca' agent
  4. Pick a master based on facts ec2_placement_region and then the country facts. If nothing match, take the first
  5. Attempts to create a lock on the node to prevent other threads or provisioners from finding this node
  6. Check if the node already has a cert and skips certificate steps if it does
    1. Calls the 'set_puppet_host' actions giving it the ip of the chosen master
    2. Cleans the certificate from all masters matching the identity of the machine being provisioned
    3. Gets the node to request a new certificate using the 'request_certificate' action
    4. Signs the certificate on all masters
  7. Does an initial puppet run with the 'bootstrap_puppet' action
  8. Does a 2nd puppet run via 'run_puppet' action. This should remove the provision agent from the node
  9. Disable the agent preventing it from being discovered in future
  10. Notifies my iPhone via boxcar

To do this we re-use a lot of existing agents:

  1. Your masters all need the puppetca agent
  2. Your nodes being provisioned need the provision agent, see agents subdir
  3. You need to have angelia deployed and the node should run the angelia agent
  4. You need some angelia plugins the boxcar and gcal ones are opensource


The basic flow is probably generic enough for most bootstrapping scenarios, cloud or non cloud, the specifics of the process should be captured in your agent. There's a sample agent in the agent subdir. You will need to customise the agent for your specific scenario.

You can enable and disable individual steps that doesn't fit your needs in the steps section of the config file


  • 2012/11/09 - Add a data plugin that reports locking and disabled status
  • 2012/11/09 - Add a disable lock file
  • 2011/02/04 - Improved error handling
  • 2011/02/04 - Make the facts used to determine ip address connfigurable
  • 2011/02/04 - Log backtraces when run in debug mode
  • 2011/02/04 - Make the agent names for all the components configurable
  • 2011/02/06 - Check if a machine already has a cert and skip cert related steps if it does
  • 2011/02/06 - Optimise performance of obtaining the node inventory
  • 2011/02/06 - Add lock and unlock stepts
  • 2011/02/06 - Make the node code more DRY
  • 2011/02/06 - When notifying communicate with only 1 of the discovered nodes providing a notification service


Apache 2.0


Contact R.I.Pienaar / @ripienaar / with questions

Something went wrong with that request. Please try again.