Master:
alps.gai.net
Agent:
gai-1234.gai.net
(192.168.10.22)
Puppet
dashboard : http://alps.gai.net:3000
Username: puppet
Password:
puppet123
Pre-requisites: Configure NTP in Master & Agents
Step
1# Master Install & Configure:
##Install
Puppet Repo
#rpm
-ivh
https://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpm
#yum
install puppet-server
##Configure
Master
#vim
/etc/puppet/puppet.conf
[master]
certname=alps.gai.net
dns_alt_names=gateway.gai.net
Note:
dns_alt_names:
A list of valid hostnames for the master, which will be embedded in
its certificate. Defaults to the puppet master’s certname and
puppet, which is usually fine. If you are using a non-default
setting, set it
before
starting the puppet master for the first time.
Certname:
The name to use when handling certificates. Defaults to the fully
qualified domain name.
Default:
(the system’s fully qualified domain name)
#/etc/init.d/puppetmaster
start
Step
2# Agent Install & Configure
##Install
Puppet Repo
#rpm
-ivh
https://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpm
#yum
install puppet
##Configure
Agent
#vim
/etc/puppet/puppet.conf
[agent]
server=alps.gai.net
report=true
pluginsync=true
certname=gai-1234.gai.net
runinterval=60m
Here:
runinterval
= for applying configuration with master (This will update
configuration every 1hr with master, change based on your
requirement)
#/etc/init.d/puppet
start
Step
3##Creating & Sigining SSL Certificate for Agent in Master##
Note:
The Master and Agent connections running in SSL hence we have to sign
the agent certificate request in Master. Do the below steps for it.
Agent#
puppet agent --test
Master#puppet
cert list (#Once enter this command, you will see the agent FQDN)
##Sign
the Agent certificate:##
Master#puppet
cert sign xxxxx (Here append xxxxx as above command result client
FQDN)
##Checking
Agent###
Agent#
puppet agent --test (This will provide as Applying configuration with
some version number)
Step
4# Testing Master Agent:
In
Master:
vim
/etc/puppet/manifests/site.pp
##Add
the below lines
class
test_class {
file
{ "/tmp/testfile":
ensure
=> present,
mode
=> 644,
owner
=> root,
group
=> root
}
}
#
tell puppet on which client to run the class
node
'
gai-1234.gai.net
'
{
include
test_class
}
In
Agent:
#puppet
agent --test
Now
check /tmp/testfile will be created in Agent node.
Step
5# Installing Puppet Dashboard in Master server
Master#yum
install mysql mysql-server puppet-dashboard
#cp
/usr/share/puppet-dashboard/config/database.yml.example
/usr/share/puppet-dashboard/config/database.yml
#vim
/usr/share/puppet-dashboard/config/database.yml
#Modify
the lines as below
production:
database:
dashboard_production
username:
dashboard
password:
secret_password
(Note:
this password should be same as below mysql user password)
encoding:
utf8
adapter:
mysql
#cp
/usr/share/puppet-dashboard/config/settings.yml.example
/usr/share/puppet-dashboard/config/settings.yml
#vim
/usr/share/puppet-dashboard/config/settings.yml
##Modify
lines as below
ca_server:
'alps.gai.net'
ca_port:
8140
enable_inventory_service:
true
inventory_server:
'alps.gai.net'
inventory_port:
8140
use_file_bucket_diffs:
true
file_bucket_server:
'alps.gai.net'
file_bucket_port:
8140
##Creating
Database & User & Tables
CREATE
DATABASE dashboard CHARACTER SET utf8;
CREATE
USER 'dashboard'@'localhost' IDENTIFIED BY '
secret_password
';
GRANT
ALL PRIVILEGES ON dashboard.* TO 'dashboard'@'localhost';
flush
privileges;
#vim
/etc/mysql/my.cnf
#Add
below line
max_allowed_packet
= 32M
##Once
Dashboard has its database, it can create its tables, but this has to
be done manually with the db:migrate rake task. For typical use with
the production environment:
##Run
the below commands in terminal
#rake
RAILS_ENV=production db:migrate
##Testing
That Dashboard is Working
#sudo
-u puppet-dashboard ./script/server -e production (use the below
service instead of this)
or
/etc/init.d/puppet-dashboard
start
/etc/init.d/puppet-dashboard-workers
start
Using
Dashboard for Reports
For
Dashboard to receive reports, there are two requirements:
Make
sure that all agents have reporting turned on:
#
puppet.conf (on each agent)
[agent]
report
= true
#
puppet.conf (on puppet master)
[master]
reports
= store, http
reporturl
= http://dashboard.example.com:3000/reports/upload
#Restart
services (Master)
#/etc/indi.d/puppetmaster
restart
#/etc/indi.d/puppet-dashboard
restart
#/etc/indi.d/puppet-dashboard-workers
restart
#Restart
services (Agent)
#/etc/indi.d/puppet
restart
##Enabling
Inventory for puppet aent
Master#
vim /etc/puppet/auth.conf
#Go
to end of file#
##Disable
below lines
path
/
auth
any
#Add
below lines
path
/facts
auth
any
method
find, search
allow
*
#Restart
services
#/etc/init.d/puppetmaster
stop
#/etc/init.d/puppetmaster
start
#/etc/init.d/puppetmaster-dashboard
stop
#/etc/init.d/puppetmaster-dashboard
start
#/etc/init.d/puppetmaster-dashboard-workers
stop
#/etc/init.d/puppetmaster-dashboard-workers
start
Step
6# ##Running Puppet Master using apache instead of services
(puppetmaster)
#yum
install httpd httpd-devel mod_ssl ruby-devel rubygems gcc
#sudo
gem install rack passenger
#sudo
passenger-install-apache2-module
#sudo
mkdir -p /usr/share/puppet/rack/puppetmasterd
#sudo
mkdir /usr/share/puppet/rack/puppetmasterd/public
/usr/share/puppet/rack/puppetmasterd/tmp
#sudo
cp /usr/share/puppet/ext/rack/config.ru
/usr/share/puppet/rack/puppetmasterd/
#sudo
chown puppet:puppet /usr/share/puppet/rack/puppetmasterd/config.ru
#chown
puppet:puppet /usr/share/puppet/rack/puppetmasterd/config.ru
#chown
apache:apache /usr/share/puppet/rack/puppetmasterd/public -R
#chown
apache:apache /usr/share/puppet/rack/puppetmasterd/tmp -R
#vim
/etc/httpd/conf.d/puppetmaster.conf
#Add
below lines
#
This Apache 2 virtual host config shows how to use Puppet as a Rack
#
application via Passenger. See
#
http://docs.puppetlabs.com/guides/passenger.html for more
information.
#
You can also use the included config.ru file to run Puppet with other
Rack
#
servers instead of Passenger.
#
#Below modules lines you will get while running above gem install
rack passenger
LoadModule
passenger_module
/usr/lib/ruby/gems/1.8/gems/passenger-4.0.37/buildout/apache2/mod_passenger.so
<IfModule
mod_passenger.c>
PassengerRoot
/usr/lib/ruby/gems/1.8/gems/passenger-4.0.37
PassengerDefaultRuby
/usr/bin/ruby
</IfModule>
#
you probably want to tune these settings
PassengerHighPerformance
on
PassengerMaxPoolSize
12
PassengerPoolIdleTime
1500
#
PassengerMaxRequests 1000
PassengerStatThrottleRate
120
#RackAutoDetect
Off
#RailsAutoDetect
Off
Listen
8140
<VirtualHost
*:8140>
SSLEngine
On
#
Only allow high security cryptography. Alter if needed for
compatibility.
SSLProtocol
All -SSLv2
SSLCipherSuite
HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
SSLCertificateFile
/var/lib/puppet/ssl/certs/alps.gai.net.pem
SSLCertificateKeyFile
/var/lib/puppet/ssl/private_keys/alps.gai.net.pem
SSLCertificateChainFile
/var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile
/var/lib/puppet/ssl/ca/ca_crt.pem
SSLCARevocationFile
/var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient
optional
SSLVerifyDepth
1
SSLOptions
+StdEnvVars +ExportCertData
#
These request headers are used to pass the client certificate
#
authentication information on to the puppet master process
RequestHeader
set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader
set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader
set X-Client-Verify %{SSL_CLIENT_VERIFY}e
DocumentRoot
/usr/share/puppet/rack/puppetmasterd/public
<Directory
/usr/share/puppet/rack/puppetmasterd/>
Options
None
AllowOverride
None
#
Apply the right behavior depending on Apache version.
<IfVersion
< 2.4>
Order
allow,deny
Allow
from all
</IfVersion>
<IfVersion
>= 2.4>
Require
all granted
</IfVersion>
</Directory>
ErrorLog
/var/log/httpd/alps_puppet_master_ssl_error.log
CustomLog
/var/log/httpd/alps_puppet_master_ssl_access.log combined
</VirtualHost>
#
Stop puppetmaster & restart http
#/etc/init.d/puppetmaster
stop
#/etc/init.d/httpd
restart
#Check
listen
#netst
-tupln | grep LISTEN | grep 8140
Step
7# ##Running Puppet Dashboard using apache instead of services
(puppet-dashboard)
#cp
/usr/share/puppet-dashboard/ext/passenger/dashboard-vhost.conf
/etc/init.d/conf.d/
#vim
/etc/httpd/conf.d/dashboard-vhost.conf
#Add
below lines or modify
LoadModule
passenger_module
/usr/lib/ruby/gems/1.8/gems/passenger-4.0.37/buildout/apache2/mod_passenger.so
<IfModule
mod_passenger.c>
PassengerRoot
/usr/lib/ruby/gems/1.8/gems/passenger-4.0.37
PassengerDefaultRuby
/usr/bin/ruby
</IfModule>
PassengerHighPerformance
on
PassengerMaxPoolSize
12
PassengerPoolIdleTime
1500
PassengerStatThrottleRate
120
Listen
3000
<VirtualHost
*:3000>
ServerName
puppet.gai.net
DocumentRoot
/usr/share/puppet-dashboard/public/
<Directory
/usr/share/puppet-dashboard/public/>
Options
None
Order
allow,deny
allow
from all
</Directory>
ErrorLog
/var/log/httpd/puppet.gai.net_error.log
LogLevel
warn
CustomLog
/var/log/httpd/puppet.gai.net_access.log combined
ServerSignature
On
<Location
"/">
Order
allow,deny
Allow
from 192.168.0.125 # your puppet master's IP
Satisfy
any
AuthName
"Puppet Dashboard"
AuthType
Basic
AuthUserFile
/etc/httpd/htpasswd
Require
valid-user
</Location>
</VirtualHost>
##Stop
puppet-dashboard services & restart http
#/etc/init.d/puppet-dashboard
stop
#/etc/init.d/httpd
restart
##Classes
Examples:
#To
Copy configuration file:
vim
/etc/puppet/manifests/site.pp
class
centos_6_repo_class {
file
{ "/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6":
owner
=> root,
group
=> root,
mode
=> 644,
source
=> "puppet:///modules/centos_6_repo/RPM-GPG-KEY-CentOS-6"
}
file
{ "/etc/yum.repos.d/CentOS-Base.repo":
owner
=> root,
group
=> root,
mode
=> 644,
source
=> "puppet:///modules/centos_6_repo/CentOS-Base.repo"
}
}
#
tell puppet on which client to run the class
node
'gai-1234.gai.net' {
include
centos_6_repo_class
}
To
Install a package:
#vim
/etc/puppet/manifests/site.pp
class
ftp-0-17-54_install_class {
package
{ "ftp":
ensure
=> "0.17-54.el6"
}
}
node
'genistra.gai.net' {
include
ftp-0-17-54_install_class
}
Pupper Agent for Windows:
Download from https://downloads.puppetlabs.com/windows/puppet-3.4.3.msi
create file as C:\Program Files\Puppet Labs\Puppet Enterprise\puppet\conf\puppet.conf
add below lines
[agent]
server = alps.gai.net
certname = thinkpad4
report=true
pluginsync=true
runinterval=2m
In server site.pp file add below lines
if $osfamily == 'windows' {
File { source_permissions => ignore }
}
class win-check {
file { "C:/temp/CentOS-Base.repo":
ensure => present,
group => Administrators,
source => "puppet:///modules/centos_6_repo/CentOS-Base.repo"
}
}
node 'thinkpad4' {
include win-check
}
URLS
Referred: