![\"puppet01\"](\"http:\/\/rmohan.com\/wp-content\/uploads\/2014\/11\/puppet01.png\")
<\/a><\/p>\n3.1 click add class button and add andymysql<\/p>\n
<\/p>\n
Puppet 3.7.1 on CentOS 6.5 quick start – I<\/p>\n
All below doc is from or based on https:\/\/docs.puppetlabs.com\/<\/p>\n
1. Basic Install<\/p>\n
1.1 install OS and prepare the node<\/p>\n
1.1.1 Network Layout and install OS<\/p>\n
Name IP OS Desc
\npuppet01 192.168.1.10 CentOS 6.5 puppet master
\npuppet02 192.168.1.20 CentOS 6.5 puppet client
\npuppet03 192.168.1.30 CentOS 5.10 puppet client<\/p>\n
Install Minimum Packages for the OS.<\/p>\n
Install additional packages on 3 nodes<\/p>\n
# yum install perl openssh-clients telnet tree -y<\/p>\n
1.1.2 Configure OS<\/p>\n
stop iptables and selinux<\/p>\n
( Node: this is to make the quick start easier. If you know how to configure iptables and selinux under puppet,no need to disable them)<\/p>\n
# service iptables stop<\/p>\n
# chkconfig iptables off<\/p>\n
# setenforce 0<\/p>\n
# vi \/etc\/sysconfig\/selinux # change SELINUX=permissive<\/p>\n
install ntp make sure time is in sync for all the nodes<\/p>\n
# yum install ntp -y<\/p>\n
# chkconfig ntpd on<\/p>\n
# service ntpd start<\/p>\n
# date (make sure time is same on all three nodes or you will have issue when configure ssl certificate later)<\/p>\n
configure \/etc\/hosts on three nodes<\/p>\n
# vi \/etc\/hosts<\/p>\n
192.168.1.10 puppet01<\/p>\n
192.168.1.20 puppet02<\/p>\n
192.168.1.30 puppet03<\/p>\n
1.2 Configure puppet repo<\/p>\n
on puppet01 and puppet02<\/p>\n
# rpm -ivh http:\/\/yum.puppetlabs.com\/puppetlabs-release-el-6.noarch.rpm<\/p>\n
on puppet03<\/p>\n
# rpm -ivh http:\/\/yum.puppetlabs.com\/puppetlabs-release-el-5.noarch.rpm<\/p>\n
1.3 Install Puppet<\/p>\n
1.3.1 install server<\/p>\n
on puppet01<\/p>\n
# yum install puppet-server -y<\/p>\n
1.3.2 install client<\/p>\n
on puppet02 and puppet03<\/p>\n
# yum install puppet -y<\/p>\n
1.4 basic configure<\/p>\n
1.4.1 Puppet Master<\/p>\n
on puppet01<\/p>\n
# vi \/etc\/puppet\/puppet.conf<\/p>\n
[main]<\/p>\n
dns_alt_names = puppet01<\/p>\n
# touch \/etc\/puppet\/manifests\/site.pp<\/p>\n
1.4.2 Puppet Client<\/p>\n
on puppet02 puppet03<\/p>\n
# vi \/etc\/puppet\/puppet.conf<\/p>\n
[agent]<\/p>\n
server = puppet01<\/p>\n
1.5 Configure Certificates<\/p>\n
1.5.1 puppet master<\/p>\n
on puppet01<\/p>\n
# puppet master –verbose –no-daemonize<\/p>\n
This will create the CA certificate and the puppet master certificate,<\/p>\n
Once it says Notice: Starting Puppet master version 3.7.1, type ctrl-C to kill the process.<\/p>\n
# puppet cert list –all<\/p>\n
you should see the certificate for the master server.<\/p>\n
startup puppet master.<\/p>\n
# \/etc\/init.d\/puppetmaster start<\/p>\n
1.5.2 puppet client<\/p>\n
on puppet02 puppet03<\/p>\n
# puppet agent –test # you should see puppet agent will create a certificate request to the master.<\/p>\n
on puppet01<\/p>\n
# puppet cert list –all # you should see the certificate request from puppet02 puppet03<\/p>\n
1.5.3 Sign the certificate<\/p>\n
on puppet01<\/p>\n
# puppet cert –sign –all # on this moment, you puppet clients are registered to puppet server<\/p>\n
1.6 Smoke test<\/p>\n
# vi \/etc\/puppet\/manifests\/site.pp<\/p>\n
node default {<\/p>\n
file {<\/p>\n
“\/tmp\/helloworld.txt”: content => “hello, world”;<\/p>\n
}<\/p>\n
}<\/p>\n
on puppet02 puppet03<\/p>\n
# puppet agent –test # you should see a helloworld.txt under \/tmp<\/p>\n
$ cat \/tmp\/helloworld.txt<\/p>\n
hello, world<\/p>\n
2. Run puppet under Apache passenger<\/p>\n
the default puppet server can not handle high load.<\/p>\n
We need to configure puppet master run under Apache Passenger<\/p>\n
on puppet01 (puppet master)<\/p>\n
2.1 install apache2<\/p>\n
# \/etc\/init.d\/puppetmaster stop<\/p>\n
# yum install httpd httpd-devel mod_ssl ruby-devel rubygems gcc<\/p>\n
2.2 Install Rack\/Passenger<\/p>\n
# yum install gcc-c++ libcurl-devel openssl-devel zlib-devel -y<\/p>\n
# gem install rack passenger<\/p>\n
# passenger-install-apache2-module<\/p>\n
2.3 Configure Apache<\/p>\n
# mkdir -p \/usr\/share\/puppet\/rack\/puppetmasterd<\/p>\n
# mkdir \/usr\/share\/puppet\/rack\/puppetmasterd\/public \/usr\/share\/puppet\/rack\/puppetmasterd\/tmp<\/p>\n
# cp \/usr\/share\/puppet\/ext\/rack\/config.ru \/usr\/share\/puppet\/rack\/puppetmasterd\/<\/p>\n
# chown puppet:puppet \/usr\/share\/puppet\/rack\/puppetmasterd\/config.ru<\/p>\n
# vi \/etc\/httpd\/conf.d\/puppetmaster.conf<\/p>\n
LoadModule passenger_module \/usr\/lib\/ruby\/gems\/1.8\/gems\/passenger-4.0.52\/buildout\/apache2\/mod_passenger.so
\nPassengerRoot \/usr\/lib\/ruby\/gems\/1.8\/gems\/passenger-4.0.52
\nPassengerDefaultRuby \/usr\/bin\/ruby
\nPassengerMaxPoolSize 12
\nPassengerMaxRequests 1000
\nPassengerPoolIdleTime 600
\nListen 8140<\/p>\n
PassengerHighPerformance On
\nSSLEngine On
\nSSLProtocol ALL -SSLv2 -SSLv3
\nSSLCipherSuite EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:
\nEECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:
\n!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:
\nCAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
\nSSLHonorCipherOrder on
\nSSLCertificateFile \/var\/lib\/puppet\/ssl\/certs\/puppet01.pem
\nSSLCertificateKeyFile \/var\/lib\/puppet\/ssl\/private_keys\/puppet01.pem
\nSSLCertificateChainFile \/var\/lib\/puppet\/ssl\/ca\/ca_crt.pem
\nSSLCACertificateFile \/var\/lib\/puppet\/ssl\/ca\/ca_crt.pem
\nSSLCARevocationFile \/var\/lib\/puppet\/ssl\/ca\/ca_crl.pem
\nSSLVerifyClient optional
\nSSLVerifyDepth 1
\nSSLOptions +StdEnvVars +ExportCertData
\nRequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
\nRequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
\nRequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
\nDocumentRoot \/usr\/share\/puppet\/rack\/puppetmasterd\/public<\/p>\n
Options None
\nAllowOverride None<\/p>\n
Order allow,deny
\nAllow from all<\/p>\n
= 2.4>
\nRequire all granted<\/p>\n
ErrorLog \/var\/log\/httpd\/puppet01_ssl_error.log
\nCustomLog \/var\/log\/httpd\/puppet01_ssl_access.log combined<\/p>\n
2.4 start apache2<\/p>\n
# \/etc\/init.d\/httpd start<\/p>\n
2.5 smoke test<\/p>\n
on puppet02\/03<\/p>\n
# puppet agent –test<\/p>\n
client should be able to connect to master<\/p>\n
3. Install Puppet Dashboard<\/p>\n
on puppet master puppet01<\/p>\n
3.1 install and configure mysql server<\/p>\n
# yum install -y mysql mysql-devel mysql-server<\/p>\n
# vi \/etc\/my.cnf<\/p>\n
max_allowed_packet = 32M<\/p>\n
# \/etc\/init.d\/mysqld start<\/p>\n
# chkconfig mysqld on<\/p>\n
# mysqladmin -uroot password ‘password’<\/p>\n
mysql -uroot -ppassword <<EOF<\/p>\n
CREATE DATABASE dashboard CHARACTER SET utf8;<\/p>\n
CREATE USER ‘dashboard’@’localhost’ IDENTIFIED BY ‘password’;<\/p>\n
GRANT ALL PRIVILEGES ON dashboard.* TO ‘dashboard’@’localhost’;<\/p>\n
FLUSH PRIVILEGES;<\/p>\n
EOF<\/p>\n
3.2 install dashboard<\/p>\n
# yum install puppet-dashboard<\/p>\n
3.3 configure dashboard<\/p>\n
# vi \/usr\/share\/puppet-dashboard\/config\/database.yml<\/p>\n
============================<\/p>\n
production:<\/p>\n
database: dashboard<\/p>\n
username: dashboard<\/p>\n
password: password<\/p>\n
encoding: utf8<\/p>\n
adapter: mysql<\/p>\n
===========================<\/p>\n
init DB<\/p>\n
# cd \/usr\/share\/puppet-dashboard\/<\/p>\n
# rake RAILS_ENV=production db:migrate<\/p>\n
3.4 configure apache2<\/p>\n
Note: passenger related settings already set in puppetmaster.conf<\/p>\n
# vi \/etc\/httpd\/conf.d\/dashboard.conf<\/p>\n
=============================<\/p>\n
<\/p>\n
ServerName puppet01<\/p>\n
DocumentRoot “\/usr\/share\/puppet-dashboard\/public\/”<\/p>\n
<Directory “\/usr\/share\/puppet-dashboard\/public\/”><\/p>\n
Options None<\/p>\n
AllowOverride AuthConfig<\/p>\n
Order allow,deny<\/p>\n
allow from all<\/p>\n
<\/p>\n
ErrorLog \/var\/log\/httpd\/dashboard_error.log<\/p>\n
LogLevel warn<\/p>\n
CustomLog \/var\/log\/httpd\/dashboard_access.log combined<\/p>\n
ServerSignature On<\/p>\n
<\/p>\n
=============================<\/p>\n
3.5 startup dashboard<\/p>\n
# apachectl -t && \/etc\/init.d\/httpd restart<\/p>\n
3.6 configure puppet master and client<\/p>\n
on puppet01<\/p>\n
# vi \/etc\/puppet\/puppet.conf<\/p>\n
=============================<\/p>\n
[master]<\/p>\n
reports = store, http<\/p>\n
reporturl = http:\/\/puppet01:80\/reports\/upload<\/p>\n
node_terminus = exec<\/p>\n
external_nodes = \/usr\/bin\/env PUPPET_DASHBOARD_URL=http:\/\/puppet01 \/usr\/share\/puppet-dashboard\/bin\/external_node<\/p>\n
=============================<\/p>\n
on puppet02\/03<\/p>\n
# vi \/etc\/puppet\/puppet.conf<\/p>\n
==============================<\/p>\n
[agent]<\/p>\n
server = puppet01<\/p>\n
report = true<\/p>\n
==============================<\/p>\n
on puppet01 start Delayed Job Workers<\/p>\n
# env RAILS_ENV=production \/usr\/share\/puppet-dashboard\/script\/delayed_job -p dashboard -n 4 -m start<\/p>\n
3.7 smoke test<\/p>\n
on puppet02\/03<\/p>\n
# puppet agent –test<\/p>\n
visit http:\/\/puppet01\/ in browser you should see the client nodes status.<\/p>\n
put puppet agent to run under cron<\/p>\n
on puppet02\/03<\/p>\n
# puppet resource cron puppet-agent ensure=present user=root minute=30 command=’\/usr\/bin\/puppet agent –onetime –no-daemonize –splay’<\/p>\n
After install and configured puppet, we can use puppet to deploy customized mysql-server to your clients.<\/p>\n
1. install mysql module<\/p>\n
# puppet module install puppetlabs-mysql<\/p>\n
2. create your cutomized mysql module<\/p>\n
create andymysql module<\/p>\n
[root@puppet01 modules]# pwd<\/p>\n
\/etc\/puppet\/modules<\/p>\n
[root@puppet01 modules]# tree andymysql<\/p>\n
andymysql<\/p>\n
??? manifests<\/p>\n
??? init.pp<\/p>\n
1 directory, 1 file<\/p>\n
[root@puppet01 manifests]# cat init.pp<\/p>\n
class andymysql {<\/p>\n
class {<\/p>\n
‘::mysql::server’:<\/p>\n
root_password => ‘verystrongpassword’,<\/p>\n
}<\/p>\n
mysql::db { ‘andydb’:<\/p>\n
user => ‘myuser’,<\/p>\n
password => ‘mypass’,<\/p>\n
host => ‘localhost’,<\/p>\n
grant => [‘SELECT’, ‘UPDATE’],<\/p>\n
}<\/p>\n
}<\/p>\n
3. classifiy andymysql class in puppet dashboard.<\/p>\n
3.1 click add class button and add andymysql<\/p>\n <\/p>\n<\/a><\/p>\n