There are 2 servers:
– puppetserver
– puppetclient
1) Log in to puppetserver
[root@puppetserver]# systemctl disable firewalld
[root@puppetserver]# vim /etc/selinux/config
SELINUX=disabled
[root@puppetserver]# reboot
[root@puppetserver]# rpm -ivh http://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-11.noarch.rpm
[root@puppetserver]# yum install -y puppet-server
[root@puppetserver]# systemctl start puppetmaster
[root@puppetserver]# puppet resource service puppetmaster ensure=running enable=true
[root@puppetserver]# yum install -y httpd httpd-devel mod_ssl ruby-devel rubygems gcc-c++ curl-devel zlib-devel make automake openssl-devel
[root@puppetserver]# gem install rack passenger
[root@puppetserver]# passenger-install-apache2-module
[root@puppetserver]# mkdir -p /usr/share/puppet/rack/puppetmasterd
[root@puppetserver]# mkdir /usr/share/puppet/rack/puppetmasterd/public /usr/share/puppet/rack/puppetmasterd/tmp
[root@puppetserver]# cp /usr/share/puppet/ext/rack/config.ru /usr/share/puppet/rack/puppetmasterd/
[root@puppetserver]# chown puppet /usr/share/puppet/rack/puppetmasterd/config.ru
[root@puppetserver]# vim /etc/httpd/conf.d/puppetmaster.conf
LoadModule passenger_module /usr/local/share/gems/gems/passenger-4.0.50/buildout/apache2/mod_passenger.so PassengerRoot /usr/local/share/gems/gems/passenger-4.0.50 PassengerRuby /usr/bin/ruby PassengerHighPerformance On PassengerMaxPoolSize 6 PassengerMaxRequests 1000 PassengerPoolIdleTime 600 Listen 8140 <VirtualHost *:8140> SSLEngine On SSLProtocol All -SSLv2 SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/puppetserver.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppetserver.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars +ExportCertData RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/ <Directory /usr/share/puppet/rack/puppetmasterd/> Options None AllowOverride None Order Allow,Deny Allow from All </Directory> </VirtualHost> </syntaxhighlight>
check this parameters according to you module path and versions and server name:
LoadModule passenger_module /usr/local/share/gems/gems/passenger-4.0.50/buildout/apache2/mod_passenger.so PassengerRoot /usr/local/share/gems/gems/passenger-4.0.50 SSLCertificateFile /var/lib/puppet/ssl/certs/puppetserver.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppetserver.pem
[root@puppetserver]# systemctl stop puppetmaster
[root@puppetserver]# systemctl start httpd
[root@puppetserver]# vim /etc/puppet/manifests/nodes.pp
node 'puppetclient' { include ntp }
[root@puppetserver]# vim /etc/puppet/manifests/site.pp
if versioncmp($::puppetversion,'3.6.1') >= 0 { $allow_virtual_packages = hiera('allow_virtual_packages',false) Package { allow_virtual => $allow_virtual_packages, } } import 'nodes' class general { include ntp }
[root@puppetserver]# mkdir -p /etc/puppet/modules/ntp/files/ /etc/puppet/modules/ntp/manifests/
[root@puppetserver]# vim /etc/puppet/modules/ntp/files/ntp.conf
driftfile /var/lib/ntp/drift restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery restrict 127.0.0.1 restrict -6 ::1 server at.pool.ntp.org includefile /etc/ntp/crypto/pw keys /etc/ntp/keys
[root@puppetserver]# vim /etc/puppet/modules/ntp/manifests/init.pp
class ntp { case $::zone { 'production',default: { $files_path = "modules/${module_name}" } 'testing': {$files_path = "testing/${module_name}/files" } } package { 'ntp': ensure => installed, before => File['/etc/ntp.conf'] } package { 'ntpdate': ensure => installed } file { '/etc/ntp.conf': source => "puppet:///${files_path}/ntp.conf", owner => 'root', group => 'root', mode => '0644', require => Package['ntp']; } service{ 'ntpd': ensure => running, enable => true, pattern => ntpd, subscribe => [ File['/etc/ntp.conf'] ], } }
2) Login to puppetclient
[root@puppetclient]# systemctl disable firewalld
[root@puppetclient]# vim /etc/selinux/config
SELINUX=disabled
[root@puppetclient]# reboot
[root@puppetclient]# rpm -ivh http://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-11.noarch.rpm
[root@puppetclient]# yum -y install puppet
[root@puppetclient ~]# vim /etc/puppet/puppet.conf
add lines to /etc/puppet/puppet.conf in [main] section
server = puppetserver report = true pluginsync = true
[root@puppetclient]# ping puppetserver
[root@puppetclient]# puppet agent –test –noop
Info: Caching certificate for ca Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for puppetclient Info: Certificate Request fingerprint (SHA256): 4C:13:D4:F1:18:E3:65:AB:51:5D:16:4A:20:03:31:EB:3B:C0:F0:C4:28:6F:AF:31:82:EF:0D:01:0B:94:11:8B Info: Caching certificate for ca Exiting; no certificate found and waitforcert is disabled
—-
On puppetserver
[root@puppetserver]# puppet cert list
“puppetclient” (SHA256) 4C:13:D4:F1:18:E3:65:AB:51:5D:16:4A:20:03:31:EB:3B:C0:F0:C4:28:6F:AF:31:82:EF:0D:01:0B:94:11:8B
[root@puppetserver]# puppet cert sign puppetclient
—-
[root@puppetclient]# puppet agent –test –noop
Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for puppetclient Info: Applying configuration version '1410023681' Notice: /Stage[main]/Ntp/Package[ntp]/ensure: current_value absent, should be present (noop) Notice: /Stage[main]/Ntp/File[/etc/ntp.conf]/ensure: current_value absent, should be file (noop) Info: /Stage[main]/Ntp/File[/etc/ntp.conf]: Scheduling refresh of Service[ntpd] Notice: /Stage[main]/Ntp/Package[ntpdate]/ensure: current_value absent, should be present (noop) Notice: /Stage[main]/Ntp/Service[ntpd]/ensure: current_value stopped, should be running (noop) Info: /Stage[main]/Ntp/Service[ntpd]: Unscheduling refresh on Service[ntpd] Notice: Class[Ntp]: Would have triggered 'refresh' from 4 events Notice: Stage[main]: Would have triggered 'refresh' from 1 events Notice: Finished catalog run in 0.15 seconds
[root@puppetclient]# systemctl start puppet
[root@puppetclient]# systemctl enable puppet
[root@puppetclient# tail -F /var/log/yum.log
Sep 06 13:15:15 Installed: ntpdate-4.2.6p5-18.el7.centos.x86_64 Sep 06 13:15:15 Installed: ntp-4.2.6p5-18.el7.centos.x86_64