Install puppet on centos/rhel (puppetmasterd / puppetd / puppet-dashboard)
From wiki.perl.lt
#######################################
###### general info (2010.10.28) ######
#######################################
for certificates to function correct need to have AAA and PTR (puppetmasterd tries to resolve ip and puppetd works with hostnames)
DNS configured for puppet server and node servers.
epel repository:
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
#####################################################
###### puppetmasterd on srvpupp01 (centos 5.5) ######
#####################################################
# install epel repository
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
# install puppet-server,rubby,basic libs,rdoc,facter
yum -y install puppet-server ruby-rdoc
# upgrade puppet (2.6.2 - stable http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet#Tarball)
wget http://puppetlabs.com/downloads/puppet/puppet-2.6.2.tar.gz
tar xfz puppet-2.6.2.tar.gz
cd puppet-2.6.2
ruby install.rb
cd ..
rm -rf puppet-*
# check if everything is ok
puppet --version
facter --version
facter --help
# install puppet-dashboard
yum install -y mysql mysql-devel mysql-server ruby ruby-devel ruby-irb ruby-mysql ruby-rdoc ruby-ri git
chkconfig mysqld on
service mysqld start
/usr/bin/mysql_secure_installation
set root password (f.e.: 1JMVZDab), all other questions default "Y"
mysql -p
CREATE DATABASE dashboard CHARACTER SET utf8;
CREATE USER 'dashboard'@'localhost' IDENTIFIED BY 'P5JwLT81';
GRANT ALL PRIVILEGES ON dashboard.* TO 'dashboard'@'localhost';
create a.sh and run it:
.-----------------------------------------------------------------------.
| a.sh |
.-----------------------------------------------------------------------.
(
URL="http://production.cf.rubygems.org/rubygems/rubygems-1.3.5.tgz"
PACKAGE=$(echo $URL | sed "s/\.[^\.]*$//; s/^.*\///")
cd $(mktemp -d /tmp/install_rubygems.XXXXXXXXXX) && \
wget -c -t10 -T20 -q $URL && \
tar xfz $PACKAGE.tgz && \
cd $PACKAGE && \
sudo ruby setup.rb
)
.-----------------------------------------------------------------------.
| a.sh |
.-----------------------------------------------------------------------.
cd /opt/
git clone http://github.com/reductivelabs/puppet-dashboard.git
vi /opt/puppet-dashboard/config/database.yml
.-----------------------------------------------------------------------.
| database.yml |
.-----------------------------------------------------------------------.
development:
username: dashboard
password: P5JwLT81
database: dashboard
encoding: utf8
adapter: mysql
production:
username: dashboard
password: P5JwLT81
database: dashboard
encoding: utf8
adapter: mysql
staging:
username: dashboard
password: P5JwLT81
database: dashboard
encoding: utf8
adapter: mysql
testing:
username: dashboard
password: P5JwLT81
database: dashboard
encoding: utf8
adapter: mysql
.-----------------------------------------------------------------------.
| database.yml |
.-----------------------------------------------------------------------.
gem install rake
cd /opt/puppet-dashboard
rake db:migrate
change in /opt/puppet-dashboard/config/environment.rb :
config.time_zone = 'UTC' ->to-> config.time_zone = 'Pacific Time (US & Canada)'
can test with:
/opt/puppet-dashboard/script/server
# generate default puppet configuration
puppetmasterd --genconfig > /etc/puppet/puppet.conf
# configure /etc/puppet/puppet.conf with multiple environments (http://projects.puppetlabs.com/projects/puppet/wiki/Using_Multiple_Environments)
# [main] is for default and others for other environments. in order to use them, they _must_ be described on every node side. f.e.:
#
# [puppetd]
# environment = development
add:
[main]
manifest = /etc/puppet/manifests/site.pp
modulepath = /etc/puppet/modules
[development]
manifest = /etc/puppet/development/site.pp
modulepath = /etc/puppet/development/modules
[production]
manifest = /etc/puppet/production/site.pp
modulepath = /etc/puppet/production/modules
[staging]
manifest = /etc/puppet/staging/site.pp
modulepath = /etc/puppet/staging/modules
[testing]
manifest = /etc/puppet/testing/site.pp
modulepath = /etc/puppet/testing/modules
[unassigned]
manifest = /etc/puppet/unassigned/site.pp
modulepath = /etc/puppet/unassigned/modules
change:
genconfig = true ->to-> genconfig = false
certname = srvpupp01.company.com ->to-> certname = srvpupp01
# environment = production ->to-> environment = unassigned
edit /etc/puppet/auth.conf change:
path /
auth any
allow * <-add this
and add:
path /run
method save
allow *
edit /etc/puppet/namespaceauth.conf:
.-----------------------------------------------------------------------.
| /etc/puppet/namespaceauth.conf |
.-----------------------------------------------------------------------.
[fileserver]
allow srvpupp01
[puppetmaster]
allow srvpupp01
[puppetrunner]
allow srvpupp01
[puppetbucket]
allow srvpupp01
[puppetreports]
allow srvpupp01
[resource]
allow srvpupp01
.-----------------------------------------------------------------------.
| /etc/puppet/namespaceauth.conf |
.-----------------------------------------------------------------------.
# edit /etc/sysconfig/puppetmaster and /etc/sysconfig/puppet and change:
#PUPPETMASTER_EXTRA_OPTS=ñnoca ->to-> PUPPETMASTER_EXTRA_OPTS="ññreports puppet_dashboard"
cp /opt/puppet-dashboard/ext/puppet/puppet_dashboard.rb /usr/lib/ruby/site_ruby/1.8/puppet/reports/
# to update data automatically add crontab job in /etc/crontab:
*/5 * * * * root cd /opt/puppet-dashboard;rake reports:import
edit /etc/init.d/puppet-dashboard
.-----------------------------------------------------------------------.
| /etc/init.d/puppet-dashboard |
.-----------------------------------------------------------------------.
#!/bin/bash
#
# chkconfig: 2345 80 05
# Description: Puppet Dashboard init.d script
# Get function from functions library
. /etc/init.d/functions
# Start the service Puppet Dashboard
start() {
echo -n "Starting Puppet Dashboard: "
/usr/bin/ruby /opt/puppet-dashboard/script/server >/dev/null 2>&1 &
### Create the lock file ###
touch /var/lock/subsys/puppetdb
success $"Puppet Dashboard startup"
echo
}
# Restart the service Puppet Dashboard
stop() {
echo -n "Stopping Puppet Dashboard: "
kill -9 `ps ax | grep "/usr/bin/ruby /opt/puppet-dashboard/script/server" | grep -v grep | awk '{ print $1 }'` >/dev/null 2>&1
### Now, delete the lock file ###
rm -f /var/lock/subsys/puppetdb
success $"Puppet Dashboard shutdown"
echo
}
### main logic ###
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status Puppet DB
;;
restart|reload|condrestart)
stop
start
;;
*)
echo $"Usage: $0 {start|stop|restart|reload|status}"
exit 1
esac
exit 0
.-----------------------------------------------------------------------.
| /etc/init.d/puppet-dashboard |
.-----------------------------------------------------------------------.
chmod 755 /etc/init.d/puppet-dashboard
chkconfig ñadd puppet-dashboard
chkconfig puppet-dashboard on
service puppet-dashboard start
# test http://x.x.x.x:3000/
# create missing folders
mkdir -p /etc/puppet/development/modules
mkdir -p /etc/puppet/production/modules
mkdir -p /etc/puppet/staging/modules
mkdir -p /etc/puppet/testing/modules
mkdir -p /etc/puppet/unassigned/modules
# add iptables rule for default puppetmasterd tcp port 8140 f.e.:
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 8140 -j ACCEPT
# add iptables rule for default puppet-dashboard tcp port 3000 f.e.:
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 3000 -j ACCEPT
# !!!configure!!!
# [auto]start
edit /etc/init.d/puppetmaster and change (if add aditional ports or change default, will probably need to do more changes):
pidfile=/var/run/puppet/puppetmasterd.pid ->to-> pidfile=/var/lib/puppet/run/master.pid
chkconfig puppetmaster on
service puppetmaster start
##########################################
###### puppetd on puppet-cent55-x64 ######
##########################################
# install epel repository
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
# install puppet,rubby,basic libs,rdoc,facter
yum -y install puppet ruby-rdoc
# upgrade puppet (2.6.2 - stable http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet#Tarball)
wget http://puppetlabs.com/downloads/puppet/puppet-2.6.2.tar.gz
tar xfz puppet-2.6.2.tar.gz
cd puppet-2.6.2
ruby install.rb
cd ..
rm -rf puppet-*
# check if everything is ok
puppet --version
facter --version
facter --help
# configure /etc/puppet/puppet.conf with multiple environments (http://projects.puppetlabs.com/projects/puppet/wiki/Using_Multiple_Environments)
change:
rundir = /var/run/puppet ->to-> rundir = /var/lib/puppet/run
add:
[puppetd]
server = srvpupp01
environment = testing
report = true
listen = true
#run every 4 hours, default is 1800 (30 minutes, 30*60=1800)
#runinterval=14400
# [auto]start
edit /etc/init.d/puppet and change:
pidfile=${PIDFILE-/var/run/puppet/puppetd.pid} ->to-> pidfile=${PIDFILE-/var/lib/puppet/run/agent.pid}
edit /etc/puppet/namespaceauth.conf:
.-----------------------------------------------------------------------.
| /etc/puppet/namespaceauth.conf |
.-----------------------------------------------------------------------.
[fileserver]
allow srvpupp01
[puppetmaster]
allow srvpupp01
[puppetrunner]
allow srvpupp01
[puppetbucket]
allow srvpupp01
[puppetreports]
allow srvpupp01
[resource]
allow srvpupp01
.-----------------------------------------------------------------------.
| /etc/puppet/namespaceauth.conf |
.-----------------------------------------------------------------------.
chkconfig puppet on
service puppet start
after first start, need to sign node on puppetmasterd with puppetca:
[root@srvpupp01 ~]# puppetca --list
[root@srvpupp01 ~]# puppetca --sign puppet-cent55-x64.company.com
(or `puppetca --sign --all` to sign all requested)
and to see updates you can quick run:
[root@srvpupp01 ~]# cd /opt/puppet-dashboard
[root@srvpupp01 puppet-dashboard]# rake reports:import
##########################################
###### puppetd on puppet-rhel55-x86 ######
##########################################
# install epel repository
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
all other instructions similar to "puppetd on puppet-cent55-x64"
############################
###### manual testing ######
############################
# start puppetmasterd in debug mode
[root@srvpupp01 ~]# puppetmasterd --verbose --no-daemonize --debug
# start puppetd on node
[root@puppet-cent55-x64 ~# puppetd --server srvpupp01 --verbose --waitforcert 60 --debug --trace --no-daemonize --environment testing
# as example i use /etc/puppet/testing/site.pp:
.-----------------------------------------------------------------------.
| /etc/puppet/testing/site.pp |
.-----------------------------------------------------------------------.
file { "/etc/passwd":
owner => "root",
group => "bin",
mode => 644,
}
.-----------------------------------------------------------------------.
| /etc/puppet/testing/site.pp |
.-----------------------------------------------------------------------.
to test forced push:
[root@srvpupp01 ~]# puppetrun puppet-cent55-x64
