Scribd
Upload
82 views8 pages

Install Puppet Server On CentOS 7 - Unixmen

This document provides instructions for installing Puppet server on CentOS 7. It describes setting up a Puppet master server with IP 10.1.1.200 and a Puppet client with IP 10.1.1.154. It details adding the Puppet yum repository, installing Puppet server and dependencies like Apache and Passenger, configuring Apache as the web server, enabling HTTPS on port 8140, and verifying the Puppet server is running.

Uploaded by

Aymen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
82 views8 pages

Install Puppet Server On CentOS 7 - Unixmen

This document provides instructions for installing Puppet server on CentOS 7. It describes setting up a Puppet master server with IP 10.1.1.200 and a Puppet client with IP 10.1.1.154. It details adding the Puppet yum repository, installing Puppet server and dependencies like Apache and Passenger, configuring Apache as the web server, enabling HTTPS on port 8140, and verifying the Puppet server is running.

Uploaded by

Aymen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

9/1/2014 Install Puppet Server On CentOS 7 | Unixmen

Install Puppet Server On CentOS 7


by M.el Khamlichi

Share this Article: 0 0 10 0 1 1

Puppet is a tool designed to manage the configuration of Unix-like and Microsoft Windows systems
declaratively. The user describes system resources and their state, either using Puppet’s declarative
language or a Ruby DSL (domain specific language). This information is stored in files called “Puppet
manifests”. Puppet discovers the system information via a utility called Facter, and compiles the
Puppet manifests into a system-specific catalog containing resources and resource dependency,
which are applied against the target systems. Any actions taken by Puppet are then reported.

Scenario
In this tutorial i am going to use two systems as mentioned below.

Puppet Master:

Operating system : CentOS 7 minimal installation


IP Address : 10.1.1.200/24

Puppet client:

Operating System :CentOS 7 minimal installation


IP Address : 10.1.1.154/24

Add Puppet repository to your Centos Machine:

For Centos 7:

rpm -ivh https://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-11.noarch.rpm

Install the Puppet Master:

# Download puppet-server from Puppet Labs

yum install -y puppet-server

# Start Puppet-Server

http://www.unixmen.com/install-puppet-server-centos-7/ 1/8
9/1/2014 Install Puppet Server On CentOS 7 | Unixmen

Centos 7:

systemctl start puppetmaster.service

# Set Puppet Master to run on startup

puppet resource service puppetmaster ensure=running enable=true

-------------------------------------------------------------------------------
/Service[puppetmaster]/ensure: ensure changed 'stopped' to 'running'
service { 'puppetmaster':
ensure => 'stopped',
enable => 'true',
}

Puppet needs a scalable web server in a non testing environment, so lets install apache (Official
Docs):

# Download apache and necessary dependencies

yum install -y httpd httpd-devel mod_ssl ruby-devel rubygems gcc-c++ curl-devel zlib-devel m
ake automake openssl-devel

# Install Rack/Passenger

gem install rack passenger


-----------------------------------------------------
gem install rack passenger
Successfully installed rack-1.5.2
Building native extensions. This could take a while...
Successfully installed passenger-4.0.35
2 gems installed
Installing ri documentation for rack-1.5.2...

Then

passenger-install-apache2-module

[root@Unixmen-centos7 yum.repos.d]# passenger-install-apache2-module


---------------------------------------------------------------------------------------
Welcome to the Phusion Passenger Apache 2 module installer, v4.0.35.
This installer will guide you through the entire installation process. It

http://www.unixmen.com/install-puppet-server-centos-7/ 2/8
9/1/2014 Install Puppet Server On CentOS 7 | Unixmen

shouldn't take more than 3 minutes in total.


Here's what you can expect from the installation process:
1. The Apache 2 module will be installed for you.
2. You'll learn how to configure Apache.
3. You'll learn how to deploy a Ruby on Rails application.
Don't worry if anything goes wrong. This installer will advise you on how to
solve any problems.
Press Enter to continue, or Ctrl-C to abort.

Use <space> to select.


If the menu doesn't display correctly, press '!'

‣ Ruby
Python
Node.js
Meteor

--------------------------------------------

Checking for required software...

* Checking for C compiler...


Found: yes
Location: /usr/bin/cc
* Checking for C++ compiler...
Found: yes
Location: /usr/bin/c++
* Checking for Curl development headers with SSL support...
Found: yes
curl-config location: /usr/bin/curl-config
Header location: /usr/include/curl/curl.h
Version: libcurl 7.29.0
Usable: yes
Supports SSL: yes
* Checking for OpenSSL development headers...
Found: yes
Location: /usr/include/openssl/ssl.h
* Checking for Zlib development headers...
Found: yes
Location: /usr/include/zlib.h
* Checking for Apache 2...
Found: yes
Location of httpd: /usr/sbin/httpd
Apache version: 2.4.6
* Checking for Apache 2 development headers...

http://www.unixmen.com/install-puppet-server-centos-7/ 3/8
9/1/2014 Install Puppet Server On CentOS 7 | Unixmen

Found: yes
Location of apxs2: /usr/bin/apxs
* Checking for Rake (associated with /usr/bin/ruby)...
Found: yes
Location: /usr/bin/ruby /usr/local/bin/rake
* Checking for OpenSSL support for Ruby...
Found: yes
* Checking for RubyGems...
Found: yes
* Checking for Ruby development headers...
Found: yes
Location: /usr/include/ruby.h
* Checking for rack...
Found: yes
* Checking for Apache Portable Runtime (APR) development headers...
Found: yes
Location: /usr/bin/apr-1-config
Version: 1.4.8
* Checking for Apache Portable Runtime Utility (APU) development headers...
Found: yes
Location: /usr/bin/apu-1-config
Version: 1.5.2

Create a virtual host file for puppet:

vi /etc/httpd/conf.d/puppetmaster.conf

and add:

# RHEL/CentOS:
LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.35/buildout/apache2/mo
d_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.35/
PassengerRuby /usr/bin/ruby
# And the passenger performance tuning settings:
PassengerHighPerformance On
PassengerUseGlobalQueue On
# Set this to about 1.5 times the number of CPU cores in your master:
PassengerMaxPoolSize 6
# Recycle master processes after they service 1000 requests
PassengerMaxRequests 1000
# Stop processes if they sit idle for 10 minutes
PassengerPoolIdleTime 600
Listen 8140

http://www.unixmen.com/install-puppet-server-centos-7/ 4/8
9/1/2014 Install Puppet Server On CentOS 7 | Unixmen

<VirtualHost *:8140>
SSLEngine On
# Only allow high security cryptography. Alter if needed for compatibility.
SSLProtocol All -SSLv2
SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
SSLCertificateFile /var/lib/puppet/ssl/certs/unixmen-centos7.arnhem.chello.nl.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/unixmen-centos7.arnhem.chello.nl
.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
# These request headers are used to pass the client certificate
# authentication information on to the puppet master process
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
#RackAutoDetect On
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
<Directory /usr/share/puppet/rack/puppetmasterd/>
Options None
AllowOverride None
Order Allow,Deny
Allow from All
</Directory>
</VirtualHost>

Add the puppet https Port to the firewall:

firewall-cmd --zone=public --add-port=8140/tcp --permanent


firewall-cmd --reload

Start up Apache:

/etc/init.d/puppetmaster stop
/etc/init.d/httpd start

Disable WEBrick and enable Apache on boot:

chkconfig puppetmaster off


chkconfig httpd on

http://www.unixmen.com/install-puppet-server-centos-7/ 5/8
9/1/2014 Install Puppet Server On CentOS 7 | Unixmen

Make sure the port is open and it’s listening:

lsof -i tcp:8140
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 8743 root 6u IPv6 74005 0t0 TCP *:8140 (LISTEN)
httpd 8747 apache 6u IPv6 74005 0t0 TCP *:8140 (LISTEN)
httpd 8748 apache 6u IPv6 74005 0t0 TCP *:8140 (LISTEN)
httpd 8749 apache 6u IPv6 74005 0t0 TCP *:8140 (LISTEN)
httpd 8750 apache 6u IPv6 74005 0t0 TCP *:8140 (LISTEN)
httpd 8751 apache 6u IPv6 74005 0t0 TCP *:8140 (LISTEN)
httpd 8752 apache 6u IPv6 74005 0t0 TCP *:8140 (LISTEN)
httpd 8753 apache 6u IPv6 74005 0t0 TCP *:8140 (LISTEN)
httpd 8754 apache 6u IPv6 74005 0t0 TCP *:8140 (LISTEN)
httpd 8755 apache 6u IPv6 74005 0t0 TCP *:8140 (LISTEN)ZZ

Append this to the end of the file:

vim /etc/puppet/puppet.conf
[master]
certname = puppet-server #Use the FQDN here
autosign = true

Check the Apache configuration with an apachectl configtest and again fix any errors you encounter.

Now, copy the Rack config:

cp /usr/share/puppet/ext/rack/config.ru /usr/share/puppet/rack/puppetmasterd/

Give Puppet correct permission to access the Rack config:

chown puppet:puppet /usr/share/puppet/rack/puppetmasterd/config.ru

Client Node install


Add the puppet labs repo:

rpm -ivh https://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-11.noarch.rpm

Install the Puppet Client:

http://www.unixmen.com/install-puppet-server-centos-7/ 6/8
9/1/2014 Install Puppet Server On CentOS 7 | Unixmen

yum install -y puppet

If you are not using DNS in your envrionment, you will need to manually edit your hosts file on both
machines .

vim /etc/hosts
10.1.x.x node
10.1.x.y puppet-server

Edit /etc/puppet/puppet.conf and add the agent variables:

vim /etc/puppet/puppet.conf
# In the [agent] section

server = puppet-server #Should be the FQDN!


report = true
pluginsync = true

Set the puppet agent to run on boot:

chkconfig puppet on
puppet agent --daemonize

Now test the client:

puppet agent -t
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for localhost.unixmen.com
Info: Certificate Request fingerprint (SHA256): 51:E3:75:7D:EC:BA:1F:68:B1:94:5E:4D:1F:84:53:
07:F6:67:18:AB:12:6A:B6:89:05:D9:19:9F:30:DB:7A:F8
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled

Check and apply from The Puppet-master:

[root@unixmen-centos7 certs]# puppet cert list


"localhost.triennium.com" (SHA256) 51:E3:75:7D:EC:BA:1F:68:B1:94:5E:4D:1F:84:53:07:F6:67:18
:AB:12:6A:B6:89:05:D9:19:9F:30:DB:7A:F8

[root@unixmen-centos7 certs]# puppet cert sign --all


Notice: Signed certificate request for localhost.unixmen.com

http://www.unixmen.com/install-puppet-server-centos-7/ 7/8
9/1/2014 Install Puppet Server On CentOS 7 | Unixmen

Notice: Removing file Puppet::SSL::CertificateRequest localhost.unixmen.com at '/var/lib/pupp


et/ssl/ca/requests/localhost.unixmen.com.pem'

Enjoy!

http://www.unixmen.com/install-puppet-server-centos-7/ 8/8

You might also like