Linux technical support - support@alexlinux.com


Puppet 3.7 install tutorial on CentOS 7

There are 2 servers:

– puppetserver

– puppetclient

1) Log in to puppetserver

[root@puppetserver]# systemctl disable firewalld

[root@puppetserver]# vim /etc/selinux/config

SELINUX=disabled

[root@puppetserver]# reboot

[root@puppetserver]# rpm -ivh http://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-11.noarch.rpm

[root@puppetserver]# yum install -y puppet-server

[root@puppetserver]# systemctl start puppetmaster

[root@puppetserver]# puppet resource service puppetmaster ensure=running enable=true

[root@puppetserver]# yum install -y httpd httpd-devel mod_ssl ruby-devel rubygems gcc-c++ curl-devel zlib-devel make automake openssl-devel

[root@puppetserver]# gem install rack passenger

[root@puppetserver]# passenger-install-apache2-module

[root@puppetserver]# mkdir -p /usr/share/puppet/rack/puppetmasterd

[root@puppetserver]# mkdir /usr/share/puppet/rack/puppetmasterd/public /usr/share/puppet/rack/puppetmasterd/tmp

[root@puppetserver]# cp /usr/share/puppet/ext/rack/config.ru /usr/share/puppet/rack/puppetmasterd/

[root@puppetserver]# chown puppet /usr/share/puppet/rack/puppetmasterd/config.ru

[root@puppetserver]# vim /etc/httpd/conf.d/puppetmaster.conf

LoadModule passenger_module /usr/local/share/gems/gems/passenger-4.0.50/buildout/apache2/mod_passenger.so
PassengerRoot /usr/local/share/gems/gems/passenger-4.0.50
PassengerRuby /usr/bin/ruby

PassengerHighPerformance On
PassengerMaxPoolSize 6
PassengerMaxRequests 1000
PassengerPoolIdleTime 600

Listen 8140
<VirtualHost *:8140>
    SSLEngine On

    SSLProtocol             All -SSLv2
    SSLCipherSuite          HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
    SSLCertificateFile      /var/lib/puppet/ssl/certs/puppetserver.pem
    SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/puppetserver.pem
    SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
    SSLCACertificateFile    /var/lib/puppet/ssl/ca/ca_crt.pem
    SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
    SSLVerifyClient         optional
    SSLVerifyDepth          1
    SSLOptions              +StdEnvVars +ExportCertData

    RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

    DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
    <Directory /usr/share/puppet/rack/puppetmasterd/>
        Options None
        AllowOverride None
        Order Allow,Deny
        Allow from All
    </Directory>
</VirtualHost>
</syntaxhighlight>

check this parameters according to you module path and versions and server name:

LoadModule passenger_module /usr/local/share/gems/gems/passenger-4.0.50/buildout/apache2/mod_passenger.so

PassengerRoot /usr/local/share/gems/gems/passenger-4.0.50

SSLCertificateFile      /var/lib/puppet/ssl/certs/puppetserver.pem

SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/puppetserver.pem

[root@puppetserver]# systemctl stop puppetmaster

[root@puppetserver]# systemctl start httpd

[root@puppetserver]# vim /etc/puppet/manifests/nodes.pp

node 'puppetclient'  {
    include ntp
}

[root@puppetserver]# vim /etc/puppet/manifests/site.pp

if versioncmp($::puppetversion,'3.6.1') >= 0 {

  $allow_virtual_packages = hiera('allow_virtual_packages',false)

  Package {
    allow_virtual => $allow_virtual_packages,
  }
}

import 'nodes'

class general {
    include ntp
}

[root@puppetserver]# mkdir -p /etc/puppet/modules/ntp/files/ /etc/puppet/modules/ntp/manifests/

[root@puppetserver]# vim /etc/puppet/modules/ntp/files/ntp.conf

driftfile /var/lib/ntp/drift
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
server at.pool.ntp.org
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys

[root@puppetserver]# vim /etc/puppet/modules/ntp/manifests/init.pp

class ntp {

    case $::zone {
        'production',default: { $files_path = "modules/${module_name}" }
        'testing': {$files_path = "testing/${module_name}/files" }
    }

    package { 'ntp':
        ensure => installed,
        before => File['/etc/ntp.conf']
    }

    package { 'ntpdate':
        ensure => installed
    }

    file { '/etc/ntp.conf':
        source => "puppet:///${files_path}/ntp.conf",
        owner => 'root',
        group => 'root',
        mode => '0644',
        require => Package['ntp'];
    }

    service{ 'ntpd':
        ensure => running,
        enable => true,
        pattern => ntpd,
        subscribe => [ File['/etc/ntp.conf'] ],
    }
}

2) Login to puppetclient

[root@puppetclient]# systemctl disable firewalld

[root@puppetclient]# vim /etc/selinux/config

SELINUX=disabled

[root@puppetclient]# reboot

[root@puppetclient]# rpm -ivh http://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-11.noarch.rpm

[root@puppetclient]# yum -y install puppet

[root@puppetclient ~]# vim /etc/puppet/puppet.conf

add lines to /etc/puppet/puppet.conf in [main] section

server = puppetserver
report = true
pluginsync = true 

[root@puppetclient]# ping puppetserver

[root@puppetclient]# puppet agent –test –noop

Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppetclient
Info: Certificate Request fingerprint (SHA256): 4C:13:D4:F1:18:E3:65:AB:51:5D:16:4A:20:03:31:EB:3B:C0:F0:C4:28:6F:AF:31:82:EF:0D:01:0B:94:11:8B
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled

—-

On puppetserver

[root@puppetserver]# puppet cert list

“puppetclient” (SHA256) 4C:13:D4:F1:18:E3:65:AB:51:5D:16:4A:20:03:31:EB:3B:C0:F0:C4:28:6F:AF:31:82:EF:0D:01:0B:94:11:8B

[root@puppetserver]# puppet cert sign puppetclient

—-

[root@puppetclient]# puppet agent –test –noop

Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppetclient
Info: Applying configuration version '1410023681'
Notice: /Stage[main]/Ntp/Package[ntp]/ensure: current_value absent, should be present (noop)
Notice: /Stage[main]/Ntp/File[/etc/ntp.conf]/ensure: current_value absent, should be file (noop)
Info: /Stage[main]/Ntp/File[/etc/ntp.conf]: Scheduling refresh of Service[ntpd]
Notice: /Stage[main]/Ntp/Package[ntpdate]/ensure: current_value absent, should be present (noop)
Notice: /Stage[main]/Ntp/Service[ntpd]/ensure: current_value stopped, should be running (noop)
Info: /Stage[main]/Ntp/Service[ntpd]: Unscheduling refresh on Service[ntpd]
Notice: Class[Ntp]: Would have triggered 'refresh' from 4 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.15 seconds

[root@puppetclient]# systemctl start puppet

[root@puppetclient]# systemctl enable puppet

[root@puppetclient# tail -F /var/log/yum.log

Sep 06 13:15:15 Installed: ntpdate-4.2.6p5-18.el7.centos.x86_64
Sep 06 13:15:15 Installed: ntp-4.2.6p5-18.el7.centos.x86_64

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>