Puppet is an open source IT automation software and configuration management tool for systems administrators that helping them to manage and operate infrastructure of Unix-like and Microsoft Windows systems. It will improve the efficiency because with puppet, we can easily automate repetitive tasks, quickly deploy critical applications, and proactively manage the changes. This post will show how to setup Open Source Puppet Server and Puppet Agent on Centos 6.5.<\/p>\n
Puppet Server : puppet-server.ehowstuff.local (192.168.0.5)
\nPuppet Agent : puppet-agent.ehowstuff.local (192.168.0.6)<\/p>\n
1. Set up Puppet Labs Repository :<\/p>\n
\n[root@puppet-server ~]# rpm -ivh https:\/\/yum.puppetlabs.com\/el\/6\/products\/x86_64\/puppetlabs-release-6-10.noarch.rpm\nRetrieving https:\/\/yum.puppetlabs.com\/el\/6\/products\/x86_64\/puppetlabs-release-6-10.noarch.rpm\nwarning: \/var\/tmp\/rpm-tmp.sPYqlZ: Header V4 RSA\/SHA1 Signature, key ID 4bd6ec30: NOKEY\nPreparing... ########################################### [100%]\n 1:puppetlabs-release ########################################### [100%]\n<\/pre>\n2. Install Puppet Master :<\/p>\n
\n[root@puppet-server ~]# yum install puppet-server -y\n<\/pre>\n3. Start the Puppet-Server :<\/p>\n
\n[root@puppet-server ~]# \/etc\/init.d\/puppetmaster start\nStarting puppetmaster: [ OK ]\n<\/pre>\n4. Make Puppet-Server star at boot :<\/p>\n
\n[root@puppet-server ~]# puppet resource service puppetmaster ensure=running enable=true\n<\/pre>\n5. Install Apache and necessary dependencies :<\/p>\n
\n[root@puppet-server ~]# yum install httpd httpd-devel mod_ssl openssl-devel gcc-c++ curl-devel zlib-devel make automake ruby-devel rubygems -y\n<\/pre>\n6.Install Rack Passenger :<\/p>\n
\n[root@puppet-server ~]# gem install rack passenger\nSuccessfully installed rack-1.5.2\nBuilding native extensions. This could take a while...\nSuccessfully installed rake-10.3.1\nSuccessfully installed daemon_controller-1.2.0\nSuccessfully installed passenger-4.0.41\n4 gems installed\nInstalling ri documentation for rack-1.5.2...\nInstalling ri documentation for rake-10.3.1...\nInstalling ri documentation for daemon_controller-1.2.0...\nInstalling ri documentation for passenger-4.0.41...\nInstalling RDoc documentation for rack-1.5.2...\nInstalling RDoc documentation for rake-10.3.1...\nInstalling RDoc documentation for daemon_controller-1.2.0...\nInstalling RDoc documentation for passenger-4.0.41...\n<\/pre>\n\n[root@puppet-server ~]# passenger-install-apache2-module\n<\/pre>\nAt the end of the installation you will get this message. So change your puppetmaster config file path correctly :<\/p>\n
\n..\n..\n..\nAlmost there!\n\nPlease edit your Apache configuration file, and add these lines:\n\n LoadModule passenger_module \/usr\/lib\/ruby\/gems\/1.8\/gems\/passenger-4.0.41\/buildout\/apache2\/mod_passenger.so\n <ifmodule mod_passenger.c>\n PassengerRoot \/usr\/lib\/ruby\/gems\/1.8\/gems\/passenger-4.0.41\n PassengerDefaultRuby \/usr\/bin\/ruby\n <\/ifmodule>\n\nAfter you restart Apache, you are ready to deploy any number of web\napplications on Apache, with a minimum amount of configuration!\n\nPress ENTER to continue.\n\n\n--------------------------------------------\n\nDeploying a web application: an example\n\nSuppose you have a web application in \/somewhere. Add a virtual host to your\nApache configuration file and set its DocumentRoot to \/somewhere\/public:\n\n <virtualhost *:80>\n ServerName www.yourhost.com\n # !!! Be sure to point DocumentRoot to 'public'!\n DocumentRoot \/somewhere\/public\n <directory \/somewhere\/public>\n # This relaxes Apache security settings.\n AllowOverride all\n # MultiViews must be turned off.\n Options -MultiViews\n <\/directory>\n <\/virtualhost>\n\nAnd that's it! You may also want to check the Users Guide for security and\noptimization tips, troubleshooting and other useful information:\n\n \/usr\/lib\/ruby\/gems\/1.8\/gems\/passenger-4.0.41\/doc\/Users guide Apache.html\n http:\/\/www.modrails.com\/documentation\/Users%20guide%20Apache.html\n\nEnjoy Phusion Passenger, a product of Phusion (www.phusion.nl) :-)\nhttps:\/\/www.phusionpassenger.com\n\nPhusion Passenger is a trademark of Hongli Lai & Ninh Bui.\n<\/pre>\n7. Create the directory structure for Puppet Master Rack Application<\/p>\n
\n[root@puppet-server ~]# mkdir -p \/usr\/share\/puppet\/rack\/puppetmasterd\n[root@puppet-server ~]# mkdir \/usr\/share\/puppet\/rack\/puppetmasterd\/public\n[root@puppet-server ~]# mkdir \/usr\/share\/puppet\/rack\/puppetmasterd\/tmp\n[root@puppet-server ~]# cp \/usr\/share\/puppet\/ext\/rack\/config.ru \/usr\/share\/puppet\/rack\/puppetmasterd\/\n[root@puppet-server ~]# chown puppet \/usr\/share\/puppet\/rack\/puppetmasterd\/config.ru\n<\/pre>\n8. Create a virtual host file for puppet and configure Apache server. Please not that some of the parameter on previous version in not required anymore such as “PassengerUseGlobalQueue” and “RackAutoDetect”
\n :<\/p>\n\n[root@puppet-server ~]# vim \/etc\/httpd\/conf.d\/puppetmaster.conf\n<\/pre>\nAdd below config file :<\/p>\n
\nLoadModule passenger_module \/usr\/lib\/ruby\/gems\/1.8\/gems\/passenger-4.0.41\/buildout\/apache2\/mod_passenger.so\nPassengerRoot \/usr\/lib\/ruby\/gems\/1.8\/gems\/passenger-4.0.41\/\nPassengerRuby \/usr\/bin\/ruby\n\n# And the passenger performance tuning settings:\nPassengerHighPerformance On\n# Set this to about 1.5 times the number of CPU cores in your master:\nPassengerMaxPoolSize 6\n# Recycle master processes after they service 1000 requests\nPassengerMaxRequests 1000\n# Stop processes if they sit idle for 10 minutes\nPassengerPoolIdleTime 600\n\nListen 8140\n<virtualhost *:8140>\n SSLEngine On\n\n # Only allow high security cryptography. Alter if needed for compatibility.\n SSLProtocol All -SSLv2\n SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP\n SSLCertificateFile \/var\/lib\/puppet\/ssl\/certs\/puppet-server.ehowstuff.local.pem\n SSLCertificateKeyFile \/var\/lib\/puppet\/ssl\/private_keys\/puppet-server.ehowstuff.local.pem\n SSLCertificateChainFile \/var\/lib\/puppet\/ssl\/ca\/ca_crt.pem\n SSLCACertificateFile \/var\/lib\/puppet\/ssl\/ca\/ca_crt.pem\n SSLCARevocationFile \/var\/lib\/puppet\/ssl\/ca\/ca_crl.pem\n SSLVerifyClient optional\n SSLVerifyDepth 1\n SSLOptions +StdEnvVars +ExportCertData\n\n # These request headers are used to pass the client certificate\n # authentication information on to the puppet master process\n RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e\n RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e\n RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e\n\n DocumentRoot \/usr\/share\/puppet\/rack\/puppetmasterd\/public\/\n <directory \/usr\/share\/puppet\/rack\/puppetmasterd><\/directory>\n Options None\n AllowOverride None\n Order Allow,Deny\n Allow from All\n \n<\/virtualhost>\n<\/pre>\n9. Start the Apache :<\/p>\n
\n[root@puppet-server ~]# \/etc\/init.d\/puppetmaster stop\n[root@puppet-server ~]# \/etc\/init.d\/httpd start\n<\/pre>\n10. Disable WEBrick and enable Apache on boot. Ensure that any WEBrick puppet master process is stopped before starting the Apache service; only one can be bound to TCP port 8140.:<\/p>\n
\n[root@puppet-server ~]# chkconfig puppetmaster off\n[root@puppet-server ~]# chkconfig httpd on\n<\/pre>\n11. Make sure the port is open and it\u2019s listening:<\/p>\n
\n[root@puppet-server ~]# netstat -ln | grep 8140\n<\/pre>\n\ntcp 0 0 :::8140 :::* LISTEN\n<\/pre>\n12. Set the server to auto-sign certs :<\/p>\n
\n[root@puppet-server ~]# vim \/etc\/puppet\/puppet.conf\n<\/pre>\nAdd the following line under [main]<\/p>\n
\n[main]\n server = centos6.5.ehowstuff.local\n<\/pre>\nAdd the following at the bottom :<\/p>\n
\n[master]\n certname = puppet-server.ehowstuff.local\n autosign = true\n<\/pre>\n13. List outstanding certificate requests :<\/p>\n
\n[root@puppet-server ~]# puppet cert list --all\n+ \"puppet-server.ehowstuff.local\" (SHA256) 14:2C:1F:98:EF:23:8E:A0:0E:A3:81:65:97:FE:15:5D:E0:28:36:74:3D:3B:EC:F5:1B:35:B2:C5:E3:CD:79:36 (alt names: \"DNS:puppet-server.ehowstuff.local\")\n<\/pre>\nB : Setting Up Puppet Agent : <\/h3>\n
14. Login to puppet client. Set up Puppet Labs Repository :<\/p>\n
\n[root@puppet-agent ~]# rpm -ivh https:\/\/yum.puppetlabs.com\/el\/6\/products\/x86_64\/puppetlabs-release-6-10.noarch.rpm\nRetrieving https:\/\/yum.puppetlabs.com\/el\/6\/products\/x86_64\/puppetlabs-release-6-10.noarch.rpm\nwarning: \/var\/tmp\/rpm-tmp.i5Nzgn: Header V4 RSA\/SHA1 Signature, key ID 4bd6ec30: NOKEY\nPreparing... ########################################### [100%]\n 1:puppetlabs-release ########################################### [100%]\n<\/pre>\n15. Install the Puppet Client\/Agent on Client node :<\/p>\n
\n[root@puppet-agent ~]# yum install puppet -y\n<\/pre>\n16. Edit your hosts on puppet agent :<\/p>\n
\n127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4\n::1 localhost localhost.localdomain localhost6 localhost6.localdomain6\n\n192.168.0.6 puppet-agent.ehowstuff.local\n192.168.0.5 puppet-server.ehowstuff.local\n<\/pre>\n17. Edit \/etc\/puppet\/puppet.conf and add the agent variables under [agent]:<\/p>\n
\n[root@puppet-agent ~]# vim \/etc\/puppet\/puppet.conf\n<\/pre>\n\n server = puppet-server.ehowstuff.local\n report = true\n pluginsync = true\n<\/pre>\n18. Set puppet to run on boot :<\/p>\n
\n[root@puppet-agent ~]# chkconfig puppet on\n[root@puppet-agent ~]# puppet agent --daemonize\n<\/pre>\n19. Test the client :<\/p>\n
\n[root@puppet-agent ~]# puppet agent -t\n<\/pre>\n20. Connect you to the server which will automatically sign the cert :<\/p>\n
\n[root@puppet-agent ~]# puppet cert --sign puppet-server.ehowstuff.local\n<\/pre>\nDone..<\/p>\n","protected":false},"excerpt":{"rendered":"
Puppet is an open source IT automation software and configuration management tool for systems administrators that helping them to manage and operate infrastructure of Unix-like and Microsoft Windows systems. It…<\/p>\n","protected":false},"author":6,"featured_media":5049,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wds_primary_category":0,"footnotes":""},"categories":[1032],"tags":[2089,1681],"class_list":["post-4987","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-puppet-server","tag-configuration","tag-puppet-server"],"_links":{"self":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts\/4987","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/comments?post=4987"}],"version-history":[{"count":0,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts\/4987\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/media\/5049"}],"wp:attachment":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/media?parent=4987"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/categories?post=4987"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/tags?post=4987"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}