Puppet is an open source IT automation software and configuration management tool for systems administrators that helping them to manage and operate infrastructure of Unix-like and Microsoft Windows systems. It will improve the efficiency because with puppet, we can easily automate repetitive tasks, quickly deploy critical applications, and proactively manage the changes. This post will show how to setup Open Source Puppet Server and Puppet Agent on Centos 6.5.
Puppet Server : puppet-server.ehowstuff.local (192.168.0.5)
Puppet Agent : puppet-agent.ehowstuff.local (192.168.0.6)
A : Setting Up Puppet Server :
1. Set up Puppet Labs Repository :
[root@puppet-server ~]# rpm -ivh https://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-10.noarch.rpm Retrieving https://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-10.noarch.rpm warning: /var/tmp/rpm-tmp.sPYqlZ: Header V4 RSA/SHA1 Signature, key ID 4bd6ec30: NOKEY Preparing... ########################################### [100%] 1:puppetlabs-release ########################################### [100%]
2. Install Puppet Master :
[root@puppet-server ~]# yum install puppet-server -y
3. Start the Puppet-Server :
[root@puppet-server ~]# /etc/init.d/puppetmaster start Starting puppetmaster: [ OK ]
4. Make Puppet-Server star at boot :
[root@puppet-server ~]# puppet resource service puppetmaster ensure=running enable=true
5. Install Apache and necessary dependencies :
[root@puppet-server ~]# yum install httpd httpd-devel mod_ssl openssl-devel gcc-c++ curl-devel zlib-devel make automake ruby-devel rubygems -y
6.Install Rack Passenger :
[root@puppet-server ~]# gem install rack passenger Successfully installed rack-1.5.2 Building native extensions. This could take a while... Successfully installed rake-10.3.1 Successfully installed daemon_controller-1.2.0 Successfully installed passenger-4.0.41 4 gems installed Installing ri documentation for rack-1.5.2... Installing ri documentation for rake-10.3.1... Installing ri documentation for daemon_controller-1.2.0... Installing ri documentation for passenger-4.0.41... Installing RDoc documentation for rack-1.5.2... Installing RDoc documentation for rake-10.3.1... Installing RDoc documentation for daemon_controller-1.2.0... Installing RDoc documentation for passenger-4.0.41...
[root@puppet-server ~]# passenger-install-apache2-module
At the end of the installation you will get this message. So change your puppetmaster config file path correctly :
.. .. .. Almost there! Please edit your Apache configuration file, and add these lines: LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.41/buildout/apache2/mod_passenger.so <ifmodule mod_passenger.c> PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.41 PassengerDefaultRuby /usr/bin/ruby </ifmodule> After you restart Apache, you are ready to deploy any number of web applications on Apache, with a minimum amount of configuration! Press ENTER to continue. -------------------------------------------- Deploying a web application: an example Suppose you have a web application in /somewhere. Add a virtual host to your Apache configuration file and set its DocumentRoot to /somewhere/public: <virtualhost *:80> ServerName www.yourhost.com # !!! Be sure to point DocumentRoot to 'public'! DocumentRoot /somewhere/public <directory /somewhere/public> # This relaxes Apache security settings. AllowOverride all # MultiViews must be turned off. Options -MultiViews </directory> </virtualhost> And that's it! You may also want to check the Users Guide for security and optimization tips, troubleshooting and other useful information: /usr/lib/ruby/gems/1.8/gems/passenger-4.0.41/doc/Users guide Apache.html http://www.modrails.com/documentation/Users%20guide%20Apache.html Enjoy Phusion Passenger, a product of Phusion (www.phusion.nl) :-) https://www.phusionpassenger.com Phusion Passenger is a trademark of Hongli Lai & Ninh Bui.
7. Create the directory structure for Puppet Master Rack Application
[root@puppet-server ~]# mkdir -p /usr/share/puppet/rack/puppetmasterd [root@puppet-server ~]# mkdir /usr/share/puppet/rack/puppetmasterd/public [root@puppet-server ~]# mkdir /usr/share/puppet/rack/puppetmasterd/tmp [root@puppet-server ~]# cp /usr/share/puppet/ext/rack/config.ru /usr/share/puppet/rack/puppetmasterd/ [root@puppet-server ~]# chown puppet /usr/share/puppet/rack/puppetmasterd/config.ru
8. Create a virtual host file for puppet and configure Apache server. Please not that some of the parameter on previous version in not required anymore such as “PassengerUseGlobalQueue” and “RackAutoDetect”
:
[root@puppet-server ~]# vim /etc/httpd/conf.d/puppetmaster.conf
Add below config file :
LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.41/buildout/apache2/mod_passenger.so PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.41/ PassengerRuby /usr/bin/ruby # And the passenger performance tuning settings: PassengerHighPerformance On # Set this to about 1.5 times the number of CPU cores in your master: PassengerMaxPoolSize 6 # Recycle master processes after they service 1000 requests PassengerMaxRequests 1000 # Stop processes if they sit idle for 10 minutes PassengerPoolIdleTime 600 Listen 8140 <virtualhost *:8140> SSLEngine On # Only allow high security cryptography. Alter if needed for compatibility. SSLProtocol All -SSLv2 SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/puppet-server.ehowstuff.local.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet-server.ehowstuff.local.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars +ExportCertData # These request headers are used to pass the client certificate # authentication information on to the puppet master process RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/ <directory /usr/share/puppet/rack/puppetmasterd></directory> Options None AllowOverride None Order Allow,Deny Allow from All </virtualhost>
9. Start the Apache :
[root@puppet-server ~]# /etc/init.d/puppetmaster stop [root@puppet-server ~]# /etc/init.d/httpd start
10. Disable WEBrick and enable Apache on boot. Ensure that any WEBrick puppet master process is stopped before starting the Apache service; only one can be bound to TCP port 8140.:
[root@puppet-server ~]# chkconfig puppetmaster off [root@puppet-server ~]# chkconfig httpd on
11. Make sure the port is open and it’s listening:
[root@puppet-server ~]# netstat -ln | grep 8140
tcp 0 0 :::8140 :::* LISTEN
12. Set the server to auto-sign certs :
[root@puppet-server ~]# vim /etc/puppet/puppet.conf
Add the following line under [main]
[main] server = centos6.5.ehowstuff.local
Add the following at the bottom :
[master] certname = puppet-server.ehowstuff.local autosign = true
13. List outstanding certificate requests :
[root@puppet-server ~]# puppet cert list --all + "puppet-server.ehowstuff.local" (SHA256) 14:2C:1F:98:EF:23:8E:A0:0E:A3:81:65:97:FE:15:5D:E0:28:36:74:3D:3B:EC:F5:1B:35:B2:C5:E3:CD:79:36 (alt names: "DNS:puppet-server.ehowstuff.local")
B : Setting Up Puppet Agent :
14. Login to puppet client. Set up Puppet Labs Repository :
[root@puppet-agent ~]# rpm -ivh https://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-10.noarch.rpm Retrieving https://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-10.noarch.rpm warning: /var/tmp/rpm-tmp.i5Nzgn: Header V4 RSA/SHA1 Signature, key ID 4bd6ec30: NOKEY Preparing... ########################################### [100%] 1:puppetlabs-release ########################################### [100%]
15. Install the Puppet Client/Agent on Client node :
[root@puppet-agent ~]# yum install puppet -y
16. Edit your hosts on puppet agent :
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.0.6 puppet-agent.ehowstuff.local 192.168.0.5 puppet-server.ehowstuff.local
17. Edit /etc/puppet/puppet.conf and add the agent variables under [agent]:
[root@puppet-agent ~]# vim /etc/puppet/puppet.conf
server = puppet-server.ehowstuff.local report = true pluginsync = true
18. Set puppet to run on boot :
[root@puppet-agent ~]# chkconfig puppet on [root@puppet-agent ~]# puppet agent --daemonize
19. Test the client :
[root@puppet-agent ~]# puppet agent -t
20. Connect you to the server which will automatically sign the cert :
[root@puppet-agent ~]# puppet cert --sign puppet-server.ehowstuff.local
Done..