Puppet is a tool designed to manage the configuration of Unix-like and Microsoft Windows systems declaratively. The user describes system resources and their state, either using Puppet’s declarative language or a Ruby DSL (domain specific language). This information is stored in files called “Puppet manifests”. Puppet discovers the system information via a utility called Facter, and compiles the Puppet manifests into a system-specific catalog containing resources and resource dependency, which are applied against the target systems. Any actions taken by Puppet are then reported.
Add Puppet repository to your Centos Machine
rpm -ivh http://yum.puppetlabs.com/el/6.4/products/x86_64/puppetlabs-release-6-7.noarch.rpm
Install the Puppet Master:
# Download puppet-server from Puppet Labs
yum install -y puppet-server
# Start Puppet-Server
/etc/init.d/puppetmaster start
# Set Puppet Master to run on startup
puppet resource service puppetmaster ensure=running enable=true
-------------------------------------------------------------------------------
/Service[puppetmaster]/ensure: ensure changed 'stopped' to 'running'
service { 'puppetmaster':
ensure => 'stopped',
enable => 'true',
}
Puppet needs a scalable web server in a non testing environment, so lets install apache (Official Docs):
# Download apache and necessary dependencies
yum install -y httpd httpd-devel mod_ssl ruby-devel rubygems gcc-c++ curl-devel zlib-devel make automake openssl-devel
# Install Rack/Passenger
gem install rack passenger ----------------------------------------------------- gem install rack passenger Successfully installed rack-1.5.2 Building native extensions. This could take a while... Successfully installed passenger-4.0.35 2 gems installed Installing ri documentation for rack-1.5.2...
Then
passenger-install-apache2-module
[root@Unixmen-centos65 yum.repos.d]# passenger-install-apache2-module --------------------------------------------------------------------------------------- Welcome to the Phusion Passenger Apache 2 module installer, v4.0.35. This installer will guide you through the entire installation process. It shouldn't take more than 3 minutes in total. Here's what you can expect from the installation process: 1. The Apache 2 module will be installed for you. 2. You'll learn how to configure Apache. 3. You'll learn how to deploy a Ruby on Rails application. Don't worry if anything goes wrong. This installer will advise you on how to solve any problems. Press Enter to continue, or Ctrl-C to abort.
Create a virtual host file for puppet:
vi /etc/httpd/conf.d/puppetmaster.conf
and add
# RHEL/CentOS: LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.35/buildout/apache2/mod_passenger.so PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.35/ PassengerRuby /usr/bin/ruby # And the passenger performance tuning settings: PassengerHighPerformance On PassengerUseGlobalQueue On # Set this to about 1.5 times the number of CPU cores in your master: PassengerMaxPoolSize 6 # Recycle master processes after they service 1000 requests PassengerMaxRequests 1000 # Stop processes if they sit idle for 10 minutes PassengerPoolIdleTime 600 Listen 8140 <VirtualHost *:8140> SSLEngine On # Only allow high security cryptography. Alter if needed for compatibility. SSLProtocol All -SSLv2 SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/unixmen-centos6.arnhem.chello.nl.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/unixmen-centos6.arnhem.chello.nl.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars +ExportCertData # These request headers are used to pass the client certificate # authentication information on to the puppet master process RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e #RackAutoDetect On DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/ <Directory /usr/share/puppet/rack/puppetmasterd/> Options None AllowOverride None Order Allow,Deny Allow from All </Directory> </VirtualHost>
Start up Apache:
/etc/init.d/puppetmaster stop /etc/init.d/httpd start
Disable WEBrick and enable Apache on boot:
chkconfig puppetmaster off chkconfig httpd on
Make sure the port is open and it’s listening:
lsof -i tcp:8140 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME httpd 8743 root 6u IPv6 74005 0t0 TCP *:8140 (LISTEN) httpd 8747 apache 6u IPv6 74005 0t0 TCP *:8140 (LISTEN) httpd 8748 apache 6u IPv6 74005 0t0 TCP *:8140 (LISTEN) httpd 8749 apache 6u IPv6 74005 0t0 TCP *:8140 (LISTEN) httpd 8750 apache 6u IPv6 74005 0t0 TCP *:8140 (LISTEN) httpd 8751 apache 6u IPv6 74005 0t0 TCP *:8140 (LISTEN) httpd 8752 apache 6u IPv6 74005 0t0 TCP *:8140 (LISTEN) httpd 8753 apache 6u IPv6 74005 0t0 TCP *:8140 (LISTEN) httpd 8754 apache 6u IPv6 74005 0t0 TCP *:8140 (LISTEN) httpd 8755 apache 6u IPv6 74005 0t0 TCP *:8140 (LISTEN)ZZ
*Append this to the end of the file
vim /etc/puppet/puppet.conf [master] certname = puppet-server #Use the FQDN here autosign = true
Client Node install
Add the puppet labs repo
rpm -ivh http://yum.puppetlabs.com/el/6.4/products/x86_64/puppetlabs-release-6-7.noarch.rpm
Install the Puppet Client
yum install -y puppet
If you are not using DNS in your envrionment, you will need to manually edit your hosts file.
vim /etc/hosts 192.168.x.x node 192.168.x.y puppet-server
Edit /etc/puppet/puppet.conf and add the agent variables:
vim /etc/puppet/puppet.conf
# In the [agent] section
server = puppet-server #Should be the FQDN!
report = true
pluginsync = true
Set the puppet agent to run on boot:
chkconfig puppet on puppet agent --daemonize
Now test the client:
puppet agent --t
That should connect you to the server which will automatically sign the cert. If you have opted to manually sign, you now need to go back to the server and run.
puppet cert --sign FQDN
All done!
