Difference between revisions of "Puppet: Setup and install puppet"
Jump to navigation
Jump to search
| Line 94: | Line 94: | ||
info: Creating state file /var/lib/puppet/state/state.yaml | info: Creating state file /var/lib/puppet/state/state.yaml | ||
notice: Finished catalog run in 0.09 seconds | notice: Finished catalog run in 0.09 seconds | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 143: | Line 130: | ||
include sudo | include sudo | ||
} | } | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | == Removing system certificates == | ||
| + | * On the puppet master: | ||
| + | <syntaxhighlight> | ||
| + | puppet cert clean cx1.pxe.boston.co.uk | ||
| + | </syntaxhighlight> | ||
| + | * On the client: | ||
| + | <syntaxhighlight> | ||
| + | rm -f /var/lib/puppet/ssl/certs/cx1.pxe.boston.co.uk.pem | ||
| + | |||
| + | # Generate new certificate and initiate connection | ||
| + | puppet agent -t | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | == Problems == | ||
| + | === Error starting the puppet master after --genconfig === | ||
| + | <syntaxhighlight> | ||
| + | root@ubuntu1204-cobbler:~# /etc/init.d/puppetmaster restart | ||
| + | * Restarting puppet master | ||
| + | start-stop-daemon: warning: failed to kill 25584: No such process | ||
| + | Could not prepare for execution: Got 1 failure(s) while initializing: change from directory to file failed: Could not set 'file on ensure: Is a directory - /var/lib/puppet/facts | ||
| + | </syntaxhighlight> | ||
| + | Resolution: Comment out the facts | ||
| + | <syntaxhighlight> | ||
| + | #factdest = /var/lib/puppet/facts/ | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Revision as of 16:54, 26 February 2013
Make sure you have the EPEL repository available.
Basic Server Setup
yum install puppet facterPuppet configuration files will be in: /etc/puppet
Create the /etc/puppet/puppet.conf file
puppetmasterd --genconfig > /etc/puppet/puppet.confCreate the default /etc/puppet/puppet.conf file. To create the first configuration, run the command:
puppetmasterd --genconfig > puppet.confAdding in a line to autosign certs:
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
# dp autosign
autosign = /etc/puppet/autosign.conf
[master]
certname = puppetmaster.virtual.viglen.co.ukI'm autosigning all hosts, too lazy (this would be dangerous in a production setup)
$ cat /etc/puppet/autosign.conf
*Create the /etc/puppet/manifests/site.pp file
# site.pp
import 'systems/*.pp'
import 'classes/*.pp' # not needed immediately, only when classes are created
Exec { path => "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" } # required when modules need to run exec commandsShow help
If no arguments are entered when using puppet you may get the error " No help available unless you have RDoc::usage installed" to enable help messages install ruby-rdoc.
yum install ruby-rdocBasic Client Setup
- Install puppet
yum install puppet- make sure the /etc/hosts file has an entry for puppet (the master host)
# this must work
ping puppetClean out all SSL certs (needed to do this as the first few attempts failed - DNS errors, make sure both hosts can resolve each other correctly)
$ rm -rf $(puppet agent --configprint ssldir)
$ puppet agent --test
# sample output if it goes through ok
info: Creating a new SSL key for calx13.pxe.boston.co.uk
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for calx13.pxe.boston.co.uk
info: Certificate Request fingerprint (md5): 20:18:76:F9:6E:D5:89:1D:77:02:61:70:20:04:49:9E
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for calx13.pxe.boston.co.uk
pcilib: Cannot open /proc/bus/pci
lspci: Cannot find any working access method.
info: Caching certificate_revocation_list for ca
info: Caching catalog for calx13.pxe.boston.co.uk
info: Applying configuration version '1354922612'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.09 secondsBasic Module Setup
Create a configuraiton on the puppet master. In this example we will setup sudo.
Create the sudo manifest file:
# /etc/puppet/modules/sudo/manifests/init.pp
class sudo {
file { "/etc/sudoers":
owner => 'root',
group => 'root',
mode => '0440',
source => "puppet:///modules/sudo/sudoers"
}
}Note the source tag, files must be present in the module directory under files
# That is to say, if a module named test_module is installed in the central server’s /etc/puppet/modules directory, the following puppet: URI…
puppet:///modules/test_module/testfile.txt
# …will resolve to the following absolute path:
/etc/puppet/modules/test_module/files/testfile.txtAdd the sudo module to the standard site.pp file
# /etc/puppet/manifests/site.pp
node default {
include sudo
}Removing system certificates
- On the puppet master:
puppet cert clean cx1.pxe.boston.co.uk- On the client:
rm -f /var/lib/puppet/ssl/certs/cx1.pxe.boston.co.uk.pem
# Generate new certificate and initiate connection
puppet agent -tProblems
Error starting the puppet master after --genconfig
root@ubuntu1204-cobbler:~# /etc/init.d/puppetmaster restart
* Restarting puppet master
start-stop-daemon: warning: failed to kill 25584: No such process
Could not prepare for execution: Got 1 failure(s) while initializing: change from directory to file failed: Could not set 'file on ensure: Is a directory - /var/lib/puppet/factsResolution: Comment out the facts
#factdest = /var/lib/puppet/facts/