Beruflich Dokumente
Kultur Dokumente
1.
on the puppetmaster server edit the /etc/hosts and add puppet in the localhost entry. that means your
puppetmaster server is this one.
2.
3.
then stop it and remove it, and the facter and puppet packages :D it will be old.
4.
(check the version with puppetmaster -V) 2.6.4 will be the newset version.
5.
6.
7.
then you want to add in your symlinks so that debian(ubuntu ) will think you are using its version
1. ln -s /usr/bin/puppetmasterd /usr/sbin/puppetmasterd
2. ln -s /usr/bin/puppetd /usr/sbin/puppetd
3. ln -s /usr/bin/puppetca /usr/sbin/puppetca
8.
9.
Now, important, comment out these lines #genconfig = true otherwise your programs will just generate new
configurations when run.
10.
If you dont have dns, add the certname in [master] section to be puppet like this : certname = puppet
11.
12.
13.
14.
15.
16.
On the server you should get the requests and then you can sign the clients certs :
1. puppetca l
2. puppetca -s clientname
I will be reading more here :
http://miao5.blogspot.com/2010/01/setup-puppetmaster-foreman.html
Assumptions:
1. svn server: 192.168.0.1
2. new puppetmaster hostname: puppet.domain.ltd
1. ip address: 192.168.0.2
3. puppetmaster manifests svn url: http://192.168.0.1/svn/puppetmaster/trunk
Steps:
|*| install required packages and group
1. # yum groupinstall "Development Tools"
2. # yum install puppet puppet-server mysql mysql-devel mysql-server ruby-mysql httpd httpddevel apr-devel rubygems readline-devel
|*| install ruby enterprise
1. # cd ~/incoming
2. # wget http://rubyenterpriseedition.googlecode.com/files/ruby-enterprise-1.8.7-2011.03.tar.gz
3. # tar zxf ruby-enterprise-1.8.7-2011.03.tar.gz
4. # ./ruby-enterprise-1.8.7-2011.03/installer
The installer will install not just ruby-enterprise, but also rails and passenger
The ruby-enterprise will be installed in: /opt/ruby-enterprise-1.8.7-2011.03/
Add the ruby-enterprise bin to PATH
1. # vim /etc/profile.d/ruby-enterprise.sh
1. PATH=/opt/ruby-enterprise-1.8.7-2011.03/bin:$PATH
Links puppet and facter to the ruby-enterprise installation
1. # cd /opt/ruby-enterprise-1.8.7-2011.03/lib/ruby/site_ruby/1.8
2. # ln -s /usr/lib/ruby/site_ruby/1.8/facter
3. # ln -s /usr/lib/ruby/site_ruby/1.8/facter.rb
4. # ln -s /usr/lib/ruby/site_ruby/1.8/puppet
5. # ln -s /usr/lib/ruby/site_ruby/1.8/puppet.rb
Reboot
1. # init 6
|*| configure passenger
1. # /opt/ruby-enterprise-1.8.7-2011.03/bin/passenger-install-apache2-module
2. # vi /etc/httpd/conf.d/passenger.conf
1. LoadModule passenger_module /opt/ruby-enterprise-1.8.72011.03/lib/ruby/gems/1.8/gems/passenger-3.0.7/ext/apache2/mod_passenger.so
2. PassengerRoot /opt/ruby-enterprise-1.8.7-2011.03/lib/ruby/gems/1.8/gems/passenger-3.0.7
3. PassengerRuby /opt/ruby-enterprise-1.8.7-2011.03/bin/ruby
Info: the content of the passenger.conf above also appears on screen while cmd passengerinstall-apache2-module
is executing. It might vary from version to version, so stick with the one the cmd provides.
|*| retrieve puppet configuration from svn
1. # svn export http://192.168.0.1/svn/puppetmaster/trunk /etc/puppet
|*| replace the existing puppet.conf with the puppetmasters one
1. # cp /etc/puppet/modules/puppet/files/default/puppetmaster.conf /etc/puppet/puppet.conf
2. # vim /etc/puppet/puppet.conf
1. [main]
# Where Puppet stores dynamic and growing data.
# The default value is '/var/puppet'.
1. vardir = /var/lib/puppet
# The Puppet log directory.
7. dbserver = localhost
8. dbsocket = /var/lib/mysql/mysql.sock
9. dbconnections = 20
|*| setup mysql database (assuming mysql root user's password is empty)
1. # mysql -u root
1. mysql> create database puppet;
2. mysql> grant all privileges on puppet.* to puppet@localhost identified by 'puppet';
|*| create mysql root password
1. # mysqladmin -u root password _password_
|*| create keys for puppet.domain.tld, for it to control itself via puppet
1. # /etc/puppet/modules/puppet/files/default/puppet_ssh_keygen.sh --host puppet
|*| start puppetmaster
1. # service puppetmaster start
|*| add the node definition to site.pp
1.
2.
3.
4.
5.
6.
7.
#
#
#
#
#
cd /usr/share/puppet/rack
mkdir -p puppetmasterd/{tmp,public}
cd puppetmasterd/
cp /usr/share/puppet/ext/rack/files/config.ru .
chown puppet:root config.ru
SSLCARevocationFile
/var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
# The following client headers allow the same configuration to work with Pound.
1.
2.
3.
1.
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
a. <directory /usr/share/puppet/rack/puppetmasterd/>
b. Options None
c. AllowOverride None
d. Order allow,deny
e. allow from all
2. </directory>
3. </virtualhost>
|*| install and configure foreman
1. # yum install foreman
disable foreman services, since we will run it under passenger
2. # chkconfig foreman of
3. # service foreman stop
configure database. foreman uses and same database as puppet
1. # vim /etc/foreman/database.yml
a. production:
b. adapter: mysql
c. database: puppet
d. username: puppet
e. password: puppet
f. pool: 15
g. timeout: 5000
1. # cd /usr/share/foreman
2. # RAILS_ENV=production rake db:migrate
Configure others accordingly
1. # vim /etc/foreman/email.yaml
a. production:
b. delivery_method: :sendmail
c. smtp_settings: address: smtp.domain.tld
d. port: 25
e. domain: domain.tld
f. authentication: :none
2. # vim /etc/foreman/settings.yaml
a. :modulepath: /etc/puppet/modules/
b. :tftppath: tftp/
c. :rrd_report_url: report/
d. :ldap: true
#your default puppet server - can be overridden in the host level. If none specified, plain
"puppet" will be used.
1. #:puppet_server: puppet
2. #:unattended: false
#use the following setting to override the default 30 minutes puppet run interval - value must be
in minutes
1. #:puppet_interval: 60
2. #:document_root: /var/www
#Foreman host, required for http links inside emails
1. :foreman_url: puppet.domain.tld:8000
# where do send out daily report emails, comment out if you want to send to registered Foreman
users instead.
1. #:administrator: admin@domain.tld
2. :failed_report_email_notification: true
copy the report updater to where puppet knows
1. # cp extras/puppet/foreman/files/foreman-report.rb
/usr/lib/ruby/site_ruby/1.8/puppet/reports/foreman.rb
2. # chmod 644 /usr/lib/ruby/site_ruby/1.8/puppet/reports/foreman.rb
# vim /usr/lib/ruby/site_ruby/1.8/puppet/reports/foreman.rb
edit the URL (unless you have a DNS alias for foreman already) to point to foreman.
# URL of your Foreman installation
1. $foreman_url="http://" + `hostname`.strip + ":8000"
configure foreman vhost
1. # vim /usr/local/etc/httpd/conf.d/vhosts/vhost-foreman.conf
2. Listen 8000
3. NameVirtualHost *:8000
4. <virtualhost *:8000>
5. ServerName puppet.domain.ltd
6. ServerAlias foreman
7. DocumentRoot /usr/share/foreman/public
8. AddDefaultCharset UTF-8
9. RailsEnv production
10.<Location "/">
11.Order
deny,allow
12.Deny from
all
13.Allow from
your_network
14.</Location>
15.</virtualhost>
setup cron job
1. # crontab e
# expires all non interesting reports
2. 0 22 * * * cd /usr/share/foreman && rake reports:expire days=7 status=0
RAILS_ENV="production"
# sends out a summary email for the last 24 hours
3. 0 23 * * * cd /usr/share/foreman/ && rake reports:summarize hours=24
RAILS_ENV="production"
restart httpd
1. # service httpd restart
go to http://puppet.domain.ltd:8000
login as admin, default password changeme
= My Directory
= ad.domain.ltd
Port
TLS
= no
= domain\$login
Password
= _leave blank_
Base DN
= CN=users,DC=host,DC=domain,DC=org
attr login
= sAMAccountName
attr firstname
= givenName
attr lastname
= sN
for OpenLDAP
Name
= My Directory
Host
= ldap.domain.ltd
Port
= 389
TLS
= no
Password
= _leave blank_
Base DN
= ou=Users,dc=domain,dc=co,dc=il
attr login
= uid
attr firstname
= givenName
attr lastname
= sn
Listen 9000
NameVirtualHost *:9000
<virtualhost *:9000>
ServerName puppet.domain.ltd
ServerAlias puppet-dashboard
DocumentRoot /data/vhosts/puppet-dashboard/public
AddDefaultCharset UTF-8
RailsEnv production
Order deny,allow
Allow from your_network
</virtualhost>
|*| restart services
# service httpd restart