twitter

How To's Tutorials

How To Install & configure Puppet Server on Centos 6.X / RHEL 6.X

Overview :

 

Puppet is an open-source & enterprise software for configuration management in UNIX like  operating system.  Puppet is a  IT automation software used to push configuration to its clients (puppet agents) using code. Puppet code can do a variety of tasks from installing new software, to check file permissions, or updating user accounts & lots of other tasks.

 

In this tutorial we will install & Configure Puppet Server on Centos 6.X / RHEL 6.X.

 

Step:1 Set up Puppet Labs Repository

 

# rpm -ivh https://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-6.noarch.rpm

 

Step:2 Install the Puppet Master Packages using yum

 

[root@puppet ~]# yum install -y puppet-server

 

Step:3 Now Start the Puppet-Server & Set puppet Server to run on startup

 

[root@puppet ~]# /etc/init.d/puppetmaster start
[root@puppet ~]# puppet resource service puppetmaster ensure=running enable=true

 

Step:4 As We are Going to control puppet service via apache


So install all the required packages using yum command as shown below :

 

[root@puppet ~]# yum install -y httpd httpd-devel mod_ssl ruby-devel rubygems gcc-c++ curl-devel zlib-devel make automake
[root@puppet ~]# gem install rack passenger
[root@puppet ~]# passenger-install-apache2-module

 

Step:5 Create directory structure for Puppet Master Rack Application

 

# mkdir -p /usr/share/puppet/rack/puppetmasterd
# mkdir /usr/share/puppet/rack/puppetmasterd/public  /usr/share/puppet/rack/puppetmasterd/tmp
# cp /usr/share/puppet/ext/rack/files/config.ru  /usr/share/puppet/rack/puppetmasterd/
# chown puppet /usr/share/puppet/rack/puppetmasterd/config.ru

 

Step:6 Configure Apache & Puppet Server


Create virtual Host file for puppet

 

# vim /etc/httpd/conf.d/puppetmaster.conf

 

LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.26/buildout/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.26
PassengerDefaultRuby /usr/bin/ruby
# And the passenger performance tuning settings:
PassengerHighPerformance On
#PassengerUseGlobalQueue On
# Set this to about 1.5 times the number of CPU cores in your master:
PassengerMaxPoolSize 6
# Recycle master processes after they service 1000 requests
PassengerMaxRequests 1000
# Stop processes if they sit idle for 10 minutes
PassengerPoolIdleTime 600
Listen 8140
<VirtualHost *:8140>
    SSLEngine On
    # Only allow high security cryptography. Alter if needed for compatibility.
    SSLProtocol             All -SSLv2
    SSLCipherSuite          HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
    SSLCertificateFile      /var/lib/puppet/ssl/certs/puppet.nextstep4it.com.pem
    SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/puppet.nextstep4it.com.pem
    SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
    SSLCACertificateFile    /var/lib/puppet/ssl/ca/ca_crt.pem
    SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
    SSLVerifyClient         optional
    SSLVerifyDepth        1
    #SSLOptions            +StdEnvVars +ExportCertData
    SSLOptions              +StdEnvVars

    # These request headers are used to pass the client certificate
    # authentication information on to the puppet master process
    RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

    # RackAutoDetect On
    DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
    <Directory /usr/share/puppet/rack/puppetmasterd/>
    Options None
    AllowOverride None
    Order Allow,Deny
    Allow from All
    </Directory>
</VirtualHost>

 

Step:7 Stop Webrick & start the apache service

 

# /etc/init.d/puppetmaster stop
# /etc/init.d/httpd start
# chkconfig puppetmaster off ; chkconfig httpd on

 

 

Upto Now Server Side installation and configuration Part is Completed , Now add the puppet client and push configuration to it


On the client Side(CentOS / RHEL ) follow the below Steps :

 

Step:8 Add puppet labs repository

 

# rpm -ivh https://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-6.noarch.rpm

 

Step:9 Install the puppet package & edit hosts file

 

# yum install -y puppet –enablerepo=puppetlabs*

 

# vi /etc/hosts

 

192.168.2.154    <puppet-Client-Hostname>
192.168.2.153    <Puppet-Server-HostName>

 

Step:10  Edit /etc/puppet/puppet.conf  file & start the puppet service

 

# In the [agent] section

server = puppet.nextstep4it.com
report = true
pluginsync = true

 

# service puppet start ; chkconfig puppet on

 

Now run the below command on the puppet client , to retrieve local's machine configuration from the remote puppet server & apply it. In order to successfully communicate with the puppet server, the client must have a certificate signed by a ceritifcate authority that Server trust, by default puppet server runs the certificate authority itself.

 

# puppet agent -td

 

Step:11 On the Server side sign the certificate of puppet clients

 

Check to see if  new node attempts to join the puppet master using below command on puppet master

 

# puppet cert list

 

Sign the Certs using below Command from Puppet Master

 

# puppet cert sign --all

 

comments powered by Disqus