Install Puppet Server CentOS 6.5/6.4

Puppet is a tool designed to manage the configuration of Unix-like and Microsoft Windows systems declaratively. The user describes system resources and their state, either using Puppet’s declarative language or a Ruby DSL (domain specific language). This information is stored in files called “Puppet manifests”. Puppet discovers the system information via a utility called Facter, and compiles the Puppet manifests into a system-specific catalog containing resources and resource dependency, which are applied against the target systems. Any actions taken by Puppet are then reported.

Add Puppet repository to your Centos Machine

rpm -ivh http://yum.puppetlabs.com/el/6.4/products/x86_64/puppetlabs-release-6-7.noarch.rpm

 

Install the Puppet Master:

# Download puppet-server from Puppet Labs

yum install -y puppet-server

# Start Puppet-Server

 

 /etc/init.d/puppetmaster start

 

# Set Puppet Master to run on startup

 puppet resource service puppetmaster ensure=running enable=true

-------------------------------------------------------------------------------
 /Service[puppetmaster]/ensure: ensure changed 'stopped' to 'running'
service { 'puppetmaster':
  ensure => 'stopped',
  enable => 'true',
}

Puppet needs a scalable web server in a non testing environment, so lets install apache (Official Docs):

# Download apache and necessary dependencies

 yum install -y httpd httpd-devel mod_ssl ruby-devel rubygems gcc-c++ curl-devel zlib-devel make automake  openssl-devel

# Install Rack/Passenger

 gem install rack passenger
-----------------------------------------------------
gem install rack passenger
Successfully installed rack-1.5.2
Building native extensions.  This could take a while...
Successfully installed passenger-4.0.35
2 gems installed
Installing ri documentation for rack-1.5.2...

Then

passenger-install-apache2-module

[root@Unixmen-centos65 yum.repos.d]#  passenger-install-apache2-module
---------------------------------------------------------------------------------------
Welcome to the Phusion Passenger Apache 2 module installer, v4.0.35.
This installer will guide you through the entire installation process. It
shouldn't take more than 3 minutes in total.
Here's what you can expect from the installation process:
 1. The Apache 2 module will be installed for you.
 2. You'll learn how to configure Apache.
 3. You'll learn how to deploy a Ruby on Rails application.
Don't worry if anything goes wrong. This installer will advise you on how to
solve any problems.
Press Enter to continue, or Ctrl-C to abort.




 Create a virtual host file for puppet:

vi /etc/httpd/conf.d/puppetmaster.conf

and  add

# RHEL/CentOS:
LoadModule passenger_module  /usr/lib/ruby/gems/1.8/gems/passenger-4.0.35/buildout/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.35/
PassengerRuby /usr/bin/ruby
# And the passenger performance tuning settings:
PassengerHighPerformance On
PassengerUseGlobalQueue On
# Set this to about 1.5 times the number of CPU cores in your master:
PassengerMaxPoolSize 6
# Recycle master processes after they service 1000 requests
PassengerMaxRequests 1000
# Stop processes if they sit idle for 10 minutes
PassengerPoolIdleTime 600
Listen 8140
<VirtualHost *:8140>
    SSLEngine On
    # Only allow high security cryptography. Alter if needed for compatibility.
    SSLProtocol             All -SSLv2
    SSLCipherSuite          HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
    SSLCertificateFile      /var/lib/puppet/ssl/certs/unixmen-centos6.arnhem.chello.nl.pem
    SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/unixmen-centos6.arnhem.chello.nl.pem
    SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
    SSLCACertificateFile    /var/lib/puppet/ssl/ca/ca_crt.pem
    SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
    SSLVerifyClient         optional
    SSLVerifyDepth          1
    SSLOptions              +StdEnvVars +ExportCertData
    # These request headers are used to pass the client certificate
    # authentication information on to the puppet master process
    RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
    #RackAutoDetect On
    DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
    <Directory /usr/share/puppet/rack/puppetmasterd/>
        Options None
        AllowOverride None
        Order Allow,Deny
        Allow from All
    </Directory>
</VirtualHost>

Start up Apache:

/etc/init.d/puppetmaster stop
/etc/init.d/httpd start

Disable WEBrick and enable Apache on boot:

chkconfig puppetmaster off
chkconfig httpd on

Make sure the port is open and it’s listening:

lsof  -i tcp:8140
COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
httpd   8743   root    6u  IPv6  74005      0t0  TCP *:8140 (LISTEN)
httpd   8747 apache    6u  IPv6  74005      0t0  TCP *:8140 (LISTEN)
httpd   8748 apache    6u  IPv6  74005      0t0  TCP *:8140 (LISTEN)
httpd   8749 apache    6u  IPv6  74005      0t0  TCP *:8140 (LISTEN)
httpd   8750 apache    6u  IPv6  74005      0t0  TCP *:8140 (LISTEN)
httpd   8751 apache    6u  IPv6  74005      0t0  TCP *:8140 (LISTEN)
httpd   8752 apache    6u  IPv6  74005      0t0  TCP *:8140 (LISTEN)
httpd   8753 apache    6u  IPv6  74005      0t0  TCP *:8140 (LISTEN)
httpd   8754 apache    6u  IPv6  74005      0t0  TCP *:8140 (LISTEN)
httpd   8755 apache    6u  IPv6  74005      0t0  TCP *:8140 (LISTEN)ZZ

*Append this to the end of the file

vim /etc/puppet/puppet.conf
[master]
certname = puppet-server #Use the FQDN here
autosign = true

Client Node install

Add the puppet labs repo

rpm  -ivh http://yum.puppetlabs.com/el/6.4/products/x86_64/puppetlabs-release-6-7.noarch.rpm

Install the Puppet Client

yum install -y puppet

If you are not using DNS in your envrionment, you will need to manually edit your hosts file.

vim /etc/hosts
192.168.x.x                node
192.168.x.y                puppet-server

Edit /etc/puppet/puppet.conf and add the agent variables:

vim /etc/puppet/puppet.conf
# In the [agent] section

    server = puppet-server #Should be the FQDN!
    report = true
    pluginsync = true

Set the puppet agent to run on boot:

chkconfig puppet on
puppet agent --daemonize

Now test the client:

puppet agent --t

That should connect you to the server which will automatically sign the cert. If you have opted to manually sign, you now need to go back to the server and run.

puppet cert --sign FQDN

All done!