Puppet 3.7.1 on CentOS 6.5 quick start – I
All below doc is from or based on https://docs.puppetlabs.com/
1. Basic Install
1.1 install OS and prepare the node
1.1.1 Network Layout and install OS
Name IP OS Desc
puppet01 192.168.1.10 CentOS 6.5 puppet master
puppet02 192.168.1.20 CentOS 6.5 puppet client
puppet03 192.168.1.30 CentOS 5.10 puppet client
Install Minimum Packages for the OS.
Install additional packages on 3 nodes
# yum install perl openssh-clients telnet tree -y
1.1.2 Configure OS
stop iptables and selinux
( Node: this is to make the quick start easier. If you know how to configure iptables and selinux under puppet,no need to disable them)
# service iptables stop
# chkconfig iptables off
# setenforce 0
# vi /etc/sysconfig/selinux # change SELINUX=permissive
install ntp make sure time is in sync for all the nodes
# yum install ntp -y
# chkconfig ntpd on
# service ntpd start
# date (make sure time is same on all three nodes or you will have issue when configure ssl certificate later)
configure /etc/hosts on three nodes
# vi /etc/hosts
192.168.1.10 puppet01
192.168.1.20 puppet02
192.168.1.30 puppet03
1.2 Configure puppet repo
on puppet01 and puppet02
# rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
on puppet03
# rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm
1.3 Install Puppet
1.3.1 install server
on puppet01
# yum install puppet-server -y
1.3.2 install client
on puppet02 and puppet03
# yum install puppet -y
1.4 basic configure
1.4.1 Puppet Master
on puppet01
# vi /etc/puppet/puppet.conf
[main]
dns_alt_names = puppet01
# touch /etc/puppet/manifests/site.pp
1.4.2 Puppet Client
on puppet02 puppet03
# vi /etc/puppet/puppet.conf
[agent]
server = puppet01
1.5 Configure Certificates
1.5.1 puppet master
on puppet01
# puppet master –verbose –no-daemonize
This will create the CA certificate and the puppet master certificate,
Once it says Notice: Starting Puppet master version 3.7.1, type ctrl-C to kill the process.
# puppet cert list –all
you should see the certificate for the master server.
startup puppet master.
# /etc/init.d/puppetmaster start
1.5.2 puppet client
on puppet02 puppet03
# puppet agent –test # you should see puppet agent will create a certificate request to the master.
on puppet01
# puppet cert list –all # you should see the certificate request from puppet02 puppet03
1.5.3 Sign the certificate
on puppet01
# puppet cert –sign –all # on this moment, you puppet clients are registered to puppet server
1.6 Smoke test
# vi /etc/puppet/manifests/site.pp
node default {
file {
“/tmp/helloworld.txt”: content => “hello, world”;
}
}
on puppet02 puppet03
# puppet agent –test # you should see a helloworld.txt under /tmp
$ cat /tmp/helloworld.txt
hello, world
2. Run puppet under Apache passenger
the default puppet server can not handle high load.
We need to configure puppet master run under Apache Passenger
on puppet01 (puppet master)
2.1 install apache2
# /etc/init.d/puppetmaster stop
# yum install httpd httpd-devel mod_ssl ruby-devel rubygems gcc
2.2 Install Rack/Passenger
# yum install gcc-c++ libcurl-devel openssl-devel zlib-devel -y
# gem install rack passenger
# passenger-install-apache2-module
2.3 Configure Apache
# mkdir -p /usr/share/puppet/rack/puppetmasterd
# mkdir /usr/share/puppet/rack/puppetmasterd/public /usr/share/puppet/rack/puppetmasterd/tmp
# cp /usr/share/puppet/ext/rack/config.ru /usr/share/puppet/rack/puppetmasterd/
# chown puppet:puppet /usr/share/puppet/rack/puppetmasterd/config.ru
# vi /etc/httpd/conf.d/puppetmaster.conf
LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.52/buildout/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.52
PassengerDefaultRuby /usr/bin/ruby
PassengerMaxPoolSize 12
PassengerMaxRequests 1000
PassengerPoolIdleTime 600
Listen 8140
PassengerHighPerformance On
SSLEngine On
SSLProtocol ALL -SSLv2 -SSLv3
SSLCipherSuite EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:
EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:
!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:
CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
SSLHonorCipherOrder on
SSLCertificateFile /var/lib/puppet/ssl/certs/puppet01.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet01.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public
Options None
AllowOverride None
Order allow,deny
Allow from all
= 2.4>
Require all granted
ErrorLog /var/log/httpd/puppet01_ssl_error.log
CustomLog /var/log/httpd/puppet01_ssl_access.log combined
2.4 start apache2
# /etc/init.d/httpd start
2.5 smoke test
on puppet02/03
# puppet agent –test
client should be able to connect to master
3. Install Puppet Dashboard
on puppet master puppet01
3.1 install and configure mysql server
# yum install -y mysql mysql-devel mysql-server
# vi /etc/my.cnf
max_allowed_packet = 32M
# /etc/init.d/mysqld start
# chkconfig mysqld on
# mysqladmin -uroot password ‘password’
mysql -uroot -ppassword <<EOF
CREATE DATABASE dashboard CHARACTER SET utf8;
CREATE USER ‘dashboard’@’localhost’ IDENTIFIED BY ‘password’;
GRANT ALL PRIVILEGES ON dashboard.* TO ‘dashboard’@’localhost’;
FLUSH PRIVILEGES;
EOF
3.2 install dashboard
# yum install puppet-dashboard
3.3 configure dashboard
# vi /usr/share/puppet-dashboard/config/database.yml
============================
production:
database: dashboard
username: dashboard
password: password
encoding: utf8
adapter: mysql
===========================
init DB
# cd /usr/share/puppet-dashboard/
# rake RAILS_ENV=production db:migrate
3.4 configure apache2
Note: passenger related settings already set in puppetmaster.conf
# vi /etc/httpd/conf.d/dashboard.conf
=============================
ServerName puppet01
DocumentRoot “/usr/share/puppet-dashboard/public/”
<Directory “/usr/share/puppet-dashboard/public/”>
Options None
AllowOverride AuthConfig
Order allow,deny
allow from all
ErrorLog /var/log/httpd/dashboard_error.log
LogLevel warn
CustomLog /var/log/httpd/dashboard_access.log combined
ServerSignature On
=============================
3.5 startup dashboard
# apachectl -t && /etc/init.d/httpd restart
3.6 configure puppet master and client
on puppet01
# vi /etc/puppet/puppet.conf
=============================
[master]
reports = store, http
reporturl = http://puppet01:80/reports/upload
node_terminus = exec
external_nodes = /usr/bin/env PUPPET_DASHBOARD_URL=http://puppet01 /usr/share/puppet-dashboard/bin/external_node
=============================
on puppet02/03
# vi /etc/puppet/puppet.conf
==============================
[agent]
server = puppet01
report = true
==============================
on puppet01 start Delayed Job Workers
# env RAILS_ENV=production /usr/share/puppet-dashboard/script/delayed_job -p dashboard -n 4 -m start
3.7 smoke test
on puppet02/03
# puppet agent –test
visit http://puppet01/ in browser you should see the client nodes status.
put puppet agent to run under cron
on puppet02/03
# puppet resource cron puppet-agent ensure=present user=root minute=30 command=’/usr/bin/puppet agent –onetime –no-daemonize –splay’
After install and configured puppet, we can use puppet to deploy customized mysql-server to your clients.
1. install mysql module
# puppet module install puppetlabs-mysql
2. create your cutomized mysql module
create andymysql module
[root@puppet01 modules]# pwd
/etc/puppet/modules
[root@puppet01 modules]# tree andymysql
andymysql
??? manifests
??? init.pp
1 directory, 1 file
[root@puppet01 manifests]# cat init.pp
class andymysql {
class {
‘::mysql::server’:
root_password => ‘verystrongpassword’,
}
mysql::db { ‘andydb’:
user => ‘myuser’,
password => ‘mypass’,
host => ‘localhost’,
grant => [‘SELECT’, ‘UPDATE’],
}
}
3. classifiy andymysql class in puppet dashboard.
3.1 click add class button and add andymysql
Recent Comments