Sunday, May 26, 2013

RHEL6 Puppet install of master/agent

This is based on Chapter 1 of Pro Puppet by James Turnbull and Jeffrey McCune but for RHEL6.4. Also, I have SELinux running on both the master and the agent.


I. Install Packages

Master
yum install ruby ruby-libs
wget https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum localinstall epel-release-6-8.noarch.rpm
yum -y install puppet facter puppet-server 
Agent
yum install ruby ruby-libs
wget https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum localinstall epel-release-6-8.noarch.rpm
yum -y install puppet facter
Versions
Versions for the master as of May 26, 2013 are below. The agent will be the same except it won't have puppet-server.
[root@puppet-master ~]# rpm -qa | egrep "ruby|pup|fact"
libselinux-ruby-2.0.94-5.3.el6_4.1.x86_64
ruby-augeas-0.4.1-1.el6.x86_64
ruby-shadow-1.4.1-13.el6.x86_64
ruby-1.8.7.352-10.el6_4.x86_64
facter-1.6.18-3.el6.x86_64
puppet-server-2.6.18-3.el6.noarch
ruby-libs-1.8.7.352-10.el6_4.x86_64
puppet-2.6.18-3.el6.noarch
[root@puppet-master ~]# 

Update use Puppet Lab's own repo so you get newer packages (added 6/14/2013).

/etc/yum.repos.d/puppet.repo

[Puppet]
name=Puppet
baseurl=http://yum.puppetlabs.com/el/6Server/products/x86_64/
gpgcheck=0

[Puppet_Deps]
name=Puppet Dependencies
baseurl=http://yum.puppetlabs.com/el/6Server/dependencies/x86_64/
gpgcheck=0


II. Initialize Services

Master

1. Added the following to /etc/puppet/puppet.conf:
[master]
    certname=puppet.example.com
2. Created empty file in /etc/puppet/manifests/site.pp
3. Opened only 8140 in iptables
4. Start puppetmaster and configure it for boot:
service puppetmaster start
chkconfig puppetmaster on
5. Observe certs in /var/lib/puppet/

Agent

1. Added "server=puppet.example.com" to /etc/puppet/puppet.conf
2. Run "puppet agent --server=puppet.example.com --no-daemonize --verbose" and observe:
[root@puppet-agent ~]# puppet agent --server=puppet.example.com --no-daemonize --verbose
info: Creating a new SSL key for puppet-agent.example.com
info: Caching certificate for ca
info: Creating a new SSL certificate request for puppet-agent.example.com
info: Certificate Request fingerprint (md5): EA:5E:82:B8:A8:BA:8D:7E:5B:3D:20:2C:68:06:B0:04
...
notice: Did not receive certificate
...
The above sends a cert to be signed by the master. It will check every two minutes if there is a new cert.

Master

Sign the certificate
[root@puppet-master public_keys]# puppet cert --list
  "puppet-agent.example.com" (EA:5E:82:B8:A8:BA:8D:7E:5B:3D:20:2C:68:06:B0:04)
[root@puppet-master public_keys]# 

[root@puppet-master public_keys]# puppet cert --sign puppet-agent.example.com
notice: Signed certificate request for puppet-agent.example.com
notice: Removing file Puppet::SSL::CertificateRequest puppet-agent.example.com at '/var/lib/puppet/ssl/ca/requests/puppet-agent.example.com.pem'
[root@puppet-master public_keys]# 

Agent

Continue to observe the output of "puppet agent --server=puppet.example.com --no-daemonize --verbose" and you should see news of the cert's acceptance:
...
info: Caching certificate for puppet-agent.example.com
notice: Starting Puppet client version 2.6.18
info: Caching certificate_revocation_list for ca
info: Caching catalog for puppet-agent.example.com
info: Applying configuration version '1369603392'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.01 seconds
^c
Now run the puppet agent as a daemon and configure it to run on boot:
[root@puppet-agent ~]# service puppet start
Starting puppet:                                           [  OK  ]
[root@puppet-agent ~]# chkconfig puppet on
[root@puppet-agent ~]#

III. Push a puppet forge module to the agent

In this example I will use jeffmccune/motd.

Master

Before I can install puppet-module I need the gem binary, which you can't get on RHEL6 without the optional channel.
[root@puppet-master manifests]# rhn-channel --list
rhel-x86_64-server-6
[root@puppet-master manifests]#
[root@puppet-master manifests]# rhn-channel -a --channel=rhel-x86_64-server-optional-6
Username: $username
Password: 
[root@puppet-master manifests]# rhn-channel --list
rhel-x86_64-server-6
rhel-x86_64-server-optional-6
[root@puppet-master manifests]# 
Install rubygems:
yum install rubygems
Install puppet-module
[root@puppet-master manifests]# gem install puppet-module
******************************************************************************

  Thank you for installing puppet-module from Puppet Labs!

  * Usage instructions: read "README.markdown" or run `puppet-module usage`
  * Changelog: read "CHANGES.markdown" or run `puppet-module changelog`
  * Puppet Forge: visit http://forge.puppetlabs.com/
  * If you don't have Puppet installed locally by your system package
    manager, please install it with:

        sudo gem install puppet


******************************************************************************
Successfully installed puppet-module-0.3.4
1 gem installed
Installing ri documentation for puppet-module-0.3.4...
Installing RDoc documentation for puppet-module-0.3.4...
Could not find main page README.rdoc
Could not find main page README.rdoc
Could not find main page README.rdoc
Could not find main page README.rdoc
[root@puppet-master manifests]# 

Puppet looks for modules in /etc/puppet/modules, so create that directory:

[root@puppet-master ~]# cd /etc/puppet/
[root@puppet-master puppet]# mkdir modules
[root@puppet-master puppet]# cd modules/
[root@puppet-master modules]# 
Install the jeffmccune/motd module from the puppet forge:
[root@puppet-master modules]# puppet module install jeffmccune/motd
Installed "jeffmccune-motd-1.0.3" into directory: motd
[root@puppet-master modules]# ls
motd
[root@puppet-master modules]# 
Define $puppetserver and node list in /etc/puppet/manifests/site.pp
import 'nodes.pp'
$pupppetserver = 'puppet.example.com'
Define the nodes in /etc/puppet/manifests/nodes.pp
node 'puppet-agent.example.com' {
     include motd
}
In the above case I am making a place for my puppet-agent node and asking that the motd module be on the agent.

Agent

Wait the default amount of time (30 minutes) or reload puppet.

root@puppet-agent ~]# service puppet reload
Restarting puppet:                                         [  OK  ]
[root@puppet-agent ~]# tail -f /var/log/messages
May 26 19:50:24 puppet-agent puppet-agent[13924]: Restarting with '/usr/sbin/puppetd '
May 26 19:50:25 puppet-agent puppet-agent[14060]: Reopening log files
May 26 19:50:25 puppet-agent puppet-agent[14060]: Starting Puppet client version 2.6.18
May 26 19:50:28 puppet-agent puppet-agent[14060]: (/File[/etc/motd]/content) content changed '{md5}d41d8cd98f00b204e9800998ecf8427e' to '{md5}1b48863bff7665a65dda7ac9f57a2e8c'
May 26 19:50:28 puppet-agent puppet-agent[14060]: Finished catalog run in 0.02 seconds
Now if I SSH into the agent, I see my new MOTD.
me@workstation:~$ ssh puppet-agent
me@puppet-agent's password: 
Last login: Sun May 26 19:07:17 2013 from 192.168.1.50
-------------------------------------------------
Welcome to the host named puppet-agent
RedHat 6.4 x86_64
-------------------------------------------------
Puppet: 2.6.18
Facter: 1.6.18

FQDN: puppet-agent.example.com
IP:   192.168.1.67

Processor: Intel(R) Xeon(R) CPU           E5462  @ 2.80GHz
Memory:    486.71 MB

-------------------------------------------------
[me@puppet-agent ~]$ 

No comments: