Puppet is a tool designed to manage the configuration of Unix-like and Microsoft Windows systems declaratively. The user describes system resources and their state, either using Puppet’s declarative language or a Ruby DSL (domain specific language). This information is stored in files called “Puppet manifests”. Puppet discovers the system information via a utility called Facter, and compiles the Puppet manifests into a system-specific catalog containing resources and resource dependency, which are applied against the target systems. Any actions taken by Puppet are then reported.
Add Puppet repository to your Centos Machine
rpm -ivh http://yum.puppetlabs.com/el/6.4/products/x86_64/puppetlabs-release-6-7.noarch.rpm
Install the Puppet Master:
# Download puppet-server from Puppet Labs
yum install -y puppet-server
# Start Puppet-Server
Â
/etc/init.d/puppetmaster start
# Set Puppet Master to run on startup
puppet resource service puppetmaster ensure=running enable=true ------------------------------------------------------------------------------- Â /Service[puppetmaster]/ensure: ensure changed 'stopped' to 'running' service { 'puppetmaster': Â ensure => 'stopped', Â enable => 'true', }
Puppet needs a scalable web server in a non testing environment, so lets install apache (Official Docs):
# Download apache and necessary dependencies
yum install -y httpd httpd-devel mod_ssl ruby-devel rubygems gcc-c++ curl-devel zlib-devel make automake openssl-devel
# Install Rack/Passenger
gem install rack passenger ----------------------------------------------------- gem install rack passenger Successfully installed rack-1.5.2 Building native extensions. This could take a while... Successfully installed passenger-4.0.35 2 gems installed Installing ri documentation for rack-1.5.2...
Then
passenger-install-apache2-module
[[email protected] yum.repos.d]#Â passenger-install-apache2-module --------------------------------------------------------------------------------------- Welcome to the Phusion Passenger Apache 2 module installer, v4.0.35. This installer will guide you through the entire installation process. It shouldn't take more than 3 minutes in total. Here's what you can expect from the installation process: Â 1. The Apache 2 module will be installed for you. Â 2. You'll learn how to configure Apache. Â 3. You'll learn how to deploy a Ruby on Rails application. Don't worry if anything goes wrong. This installer will advise you on how to solve any problems. Press Enter to continue, or Ctrl-C to abort.
 Create a virtual host file for puppet:
vi /etc/httpd/conf.d/puppetmaster.conf
and add
# RHEL/CentOS: LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.35/buildout/apache2/mod_passenger.so PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.35/ PassengerRuby /usr/bin/ruby # And the passenger performance tuning settings: PassengerHighPerformance On PassengerUseGlobalQueue On # Set this to about 1.5 times the number of CPU cores in your master: PassengerMaxPoolSize 6 # Recycle master processes after they service 1000 requests PassengerMaxRequests 1000 # Stop processes if they sit idle for 10 minutes PassengerPoolIdleTime 600 Listen 8140 <VirtualHost *:8140>    SSLEngine On    # Only allow high security cryptography. Alter if needed for compatibility.    SSLProtocol            All -SSLv2    SSLCipherSuite         HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP    SSLCertificateFile     /var/lib/puppet/ssl/certs/unixmen-centos6.arnhem.chello.nl.pem    SSLCertificateKeyFile  /var/lib/puppet/ssl/private_keys/unixmen-centos6.arnhem.chello.nl.pem    SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem    SSLCACertificateFile   /var/lib/puppet/ssl/ca/ca_crt.pem    SSLCARevocationFile    /var/lib/puppet/ssl/ca/ca_crl.pem    SSLVerifyClient        optional    SSLVerifyDepth         1    SSLOptions             +StdEnvVars +ExportCertData    # These request headers are used to pass the client certificate    # authentication information on to the puppet master process    RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e    RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e    RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e    #RackAutoDetect On    DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/    <Directory /usr/share/puppet/rack/puppetmasterd/>        Options None        AllowOverride None        Order Allow,Deny        Allow from All    </Directory> </VirtualHost>
Start up Apache:
/etc/init.d/puppetmaster stop /etc/init.d/httpd start
Disable WEBrick and enable Apache on boot:
chkconfig puppetmaster off chkconfig httpd on
Make sure the port is open and it’s listening:
lsof -i tcp:8140 COMMAND PID  USER  FD  TYPE DEVICE SIZE/OFF NODE NAME httpd  8743  root   6u IPv6 74005     0t0 TCP *:8140 (LISTEN) httpd  8747 apache   6u IPv6 74005     0t0 TCP *:8140 (LISTEN) httpd  8748 apache   6u IPv6 74005     0t0 TCP *:8140 (LISTEN) httpd  8749 apache   6u IPv6 74005     0t0 TCP *:8140 (LISTEN) httpd  8750 apache   6u IPv6 74005     0t0 TCP *:8140 (LISTEN) httpd  8751 apache   6u IPv6 74005     0t0 TCP *:8140 (LISTEN) httpd  8752 apache   6u IPv6 74005     0t0 TCP *:8140 (LISTEN) httpd  8753 apache   6u IPv6 74005     0t0 TCP *:8140 (LISTEN) httpd  8754 apache   6u IPv6 74005     0t0 TCP *:8140 (LISTEN) httpd  8755 apache   6u IPv6 74005     0t0 TCP *:8140 (LISTEN)ZZ
*Append this to the end of the file
vim /etc/puppet/puppet.conf [master] certname = puppet-server #Use the FQDN here autosign = true
Client Node install
Add the puppet labs repo
rpm -ivh http://yum.puppetlabs.com/el/6.4/products/x86_64/puppetlabs-release-6-7.noarch.rpm
Install the Puppet Client
yum install -y puppet
If you are not using DNS in your envrionment, you will need to manually edit your hosts file.
vim /etc/hosts 192.168.x.x node 192.168.x.y puppet-server
Edit /etc/puppet/puppet.conf and add the agent variables:
vim /etc/puppet/puppet.conf # In the [agent] section server = puppet-server #Should be the FQDN! report = true pluginsync = true
Set the puppet agent to run on boot:
chkconfig puppet on puppet agent --daemonize
Now test the client:
puppet agent --t
That should connect you to the server which will automatically sign the cert. If you have opted to manually sign, you now need to go back to the server and run.
puppet cert --sign FQDN
All done!