How to Setup Open Source Puppet Server and Puppet Agent on Centos 6.5

Puppet is an open source IT automation software and configuration management tool for systems administrators that helping them to manage and operate infrastructure of Unix-like and Microsoft Windows systems. It will improve the efficiency because with puppet, we can easily automate repetitive tasks, quickly deploy critical applications, and proactively manage the changes. This post will show how to setup Open Source Puppet Server and Puppet Agent on Centos 6.5.

Puppet Server : puppet-server.ehowstuff.local (192.168.0.5)
Puppet Agent : puppet-agent.ehowstuff.local (192.168.0.6)

A : Setting Up Puppet Server :

1. Set up Puppet Labs Repository :

[root@puppet-server ~]# rpm -ivh https://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-10.noarch.rpm
Retrieving https://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-10.noarch.rpm
warning: /var/tmp/rpm-tmp.sPYqlZ: Header V4 RSA/SHA1 Signature, key ID 4bd6ec30: NOKEY
Preparing...                ########################################### [100%]
   1:puppetlabs-release     ########################################### [100%]

2. Install Puppet Master :

[root@puppet-server ~]# yum install puppet-server -y

3. Start the Puppet-Server :

[root@puppet-server ~]# /etc/init.d/puppetmaster start
Starting puppetmaster:                                     [  OK  ]

4. Make Puppet-Server star at boot :

[root@puppet-server ~]# puppet resource service puppetmaster ensure=running enable=true

5. Install Apache and necessary dependencies :

[root@puppet-server ~]# yum install httpd httpd-devel mod_ssl openssl-devel gcc-c++ curl-devel zlib-devel make automake ruby-devel rubygems -y

6.Install Rack Passenger :

[root@puppet-server ~]# gem install rack passenger
Successfully installed rack-1.5.2
Building native extensions.  This could take a while...
Successfully installed rake-10.3.1
Successfully installed daemon_controller-1.2.0
Successfully installed passenger-4.0.41
4 gems installed
Installing ri documentation for rack-1.5.2...
Installing ri documentation for rake-10.3.1...
Installing ri documentation for daemon_controller-1.2.0...
Installing ri documentation for passenger-4.0.41...
Installing RDoc documentation for rack-1.5.2...
Installing RDoc documentation for rake-10.3.1...
Installing RDoc documentation for daemon_controller-1.2.0...
Installing RDoc documentation for passenger-4.0.41...
[root@puppet-server ~]# passenger-install-apache2-module

At the end of the installation you will get this message. So change your puppetmaster config file path correctly :

..
..
..
Almost there!

Please edit your Apache configuration file, and add these lines:

   LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.41/buildout/apache2/mod_passenger.so
   <ifmodule mod_passenger.c>
     PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.41
     PassengerDefaultRuby /usr/bin/ruby
   </ifmodule>

After you restart Apache, you are ready to deploy any number of web
applications on Apache, with a minimum amount of configuration!

Press ENTER to continue.


--------------------------------------------

Deploying a web application: an example

Suppose you have a web application in /somewhere. Add a virtual host to your
Apache configuration file and set its DocumentRoot to /somewhere/public:

   <virtualhost *:80>
      ServerName www.yourhost.com
      # !!! Be sure to point DocumentRoot to 'public'!
      DocumentRoot /somewhere/public
      <directory /somewhere/public>
         # This relaxes Apache security settings.
         AllowOverride all
         # MultiViews must be turned off.
         Options -MultiViews
      </directory>
   </virtualhost>

And that's it! You may also want to check the Users Guide for security and
optimization tips, troubleshooting and other useful information:

  /usr/lib/ruby/gems/1.8/gems/passenger-4.0.41/doc/Users guide Apache.html
  http://www.modrails.com/documentation/Users%20guide%20Apache.html

Enjoy Phusion Passenger, a product of Phusion (www.phusion.nl) :-)
https://www.phusionpassenger.com

Phusion Passenger is a trademark of Hongli Lai & Ninh Bui.

7. Create the directory structure for Puppet Master Rack Application

[root@puppet-server ~]# mkdir -p /usr/share/puppet/rack/puppetmasterd
[root@puppet-server ~]# mkdir /usr/share/puppet/rack/puppetmasterd/public
[root@puppet-server ~]# mkdir /usr/share/puppet/rack/puppetmasterd/tmp
[root@puppet-server ~]# cp /usr/share/puppet/ext/rack/config.ru /usr/share/puppet/rack/puppetmasterd/
[root@puppet-server ~]# chown puppet /usr/share/puppet/rack/puppetmasterd/config.ru

8. Create a virtual host file for puppet and configure Apache server. Please not that some of the parameter on previous version in not required anymore such as “PassengerUseGlobalQueue” and “RackAutoDetect”
:

[root@puppet-server ~]# vim /etc/httpd/conf.d/puppetmaster.conf

Add below config file :

LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.41/buildout/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.41/
PassengerRuby /usr/bin/ruby

# And the passenger performance tuning settings:
PassengerHighPerformance On
# Set this to about 1.5 times the number of CPU cores in your master:
PassengerMaxPoolSize 6
# Recycle master processes after they service 1000 requests
PassengerMaxRequests 1000
# Stop processes if they sit idle for 10 minutes
PassengerPoolIdleTime 600

Listen 8140
<virtualhost *:8140>
    SSLEngine On

    # Only allow high security cryptography. Alter if needed for compatibility.
    SSLProtocol             All -SSLv2
    SSLCipherSuite          HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
    SSLCertificateFile      /var/lib/puppet/ssl/certs/puppet-server.ehowstuff.local.pem
    SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/puppet-server.ehowstuff.local.pem
    SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
    SSLCACertificateFile    /var/lib/puppet/ssl/ca/ca_crt.pem
    SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
    SSLVerifyClient         optional
    SSLVerifyDepth          1
    SSLOptions              +StdEnvVars +ExportCertData

    # These request headers are used to pass the client certificate
    # authentication information on to the puppet master process
    RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

    DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
    <directory /usr/share/puppet/rack/puppetmasterd></directory>
        Options None
        AllowOverride None
        Order Allow,Deny
        Allow from All
    
</virtualhost>

9. Start the Apache :

[root@puppet-server ~]# /etc/init.d/puppetmaster stop
[root@puppet-server ~]# /etc/init.d/httpd start

10. Disable WEBrick and enable Apache on boot. Ensure that any WEBrick puppet master process is stopped before starting the Apache service; only one can be bound to TCP port 8140.:

[root@puppet-server ~]# chkconfig puppetmaster off
[root@puppet-server ~]# chkconfig httpd on

11. Make sure the port is open and it’s listening:

[root@puppet-server ~]# netstat -ln | grep 8140
tcp        0      0 :::8140                     :::*                        LISTEN

12. Set the server to auto-sign certs :

[root@puppet-server ~]# vim /etc/puppet/puppet.conf

Add the following line under [main]

[main]
   server = centos6.5.ehowstuff.local

Add the following at the bottom :

[master]
   certname = puppet-server.ehowstuff.local
   autosign = true

13. List outstanding certificate requests :

[root@puppet-server ~]# puppet cert list --all
+ "puppet-server.ehowstuff.local" (SHA256) 14:2C:1F:98:EF:23:8E:A0:0E:A3:81:65:97:FE:15:5D:E0:28:36:74:3D:3B:EC:F5:1B:35:B2:C5:E3:CD:79:36 (alt names: "DNS:puppet-server.ehowstuff.local")

B : Setting Up Puppet Agent :

14. Login to puppet client. Set up Puppet Labs Repository :

[root@puppet-agent ~]# rpm -ivh https://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-10.noarch.rpm
Retrieving https://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-10.noarch.rpm
warning: /var/tmp/rpm-tmp.i5Nzgn: Header V4 RSA/SHA1 Signature, key ID 4bd6ec30: NOKEY
Preparing...                ########################################### [100%]
   1:puppetlabs-release     ########################################### [100%]

15. Install the Puppet Client/Agent on Client node :

[root@puppet-agent ~]# yum install puppet -y

16. Edit your hosts on puppet agent :

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.0.6     puppet-agent.ehowstuff.local
192.168.0.5     puppet-server.ehowstuff.local

17. Edit /etc/puppet/puppet.conf and add the agent variables under [agent]:

[root@puppet-agent ~]# vim /etc/puppet/puppet.conf
    server = puppet-server.ehowstuff.local
    report = true
    pluginsync = true

18. Set puppet to run on boot :

[root@puppet-agent ~]# chkconfig puppet on
[root@puppet-agent ~]# puppet agent --daemonize

19. Test the client :

[root@puppet-agent ~]# puppet agent -t

20. Connect you to the server which will automatically sign the cert :

[root@puppet-agent ~]# puppet cert --sign puppet-server.ehowstuff.local

Done..

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *