This is based on Chapter 1 of Pro Puppet by James Turnbull and Jeffrey McCune but for RHEL6.4. Also, I have SELinux running on both the master and the agent.
I. Install Packages
Master
yum install ruby ruby-libs wget https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm yum localinstall epel-release-6-8.noarch.rpm yum -y install puppet facter puppet-serverAgent
yum install ruby ruby-libs wget https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm yum localinstall epel-release-6-8.noarch.rpm yum -y install puppet facterVersions
Versions for the master as of May 26, 2013 are below. The agent will be the same except it won't have puppet-server.
[root@puppet-master ~]# rpm -qa | egrep "ruby|pup|fact" libselinux-ruby-2.0.94-5.3.el6_4.1.x86_64 ruby-augeas-0.4.1-1.el6.x86_64 ruby-shadow-1.4.1-13.el6.x86_64 ruby-1.8.7.352-10.el6_4.x86_64 facter-1.6.18-3.el6.x86_64 puppet-server-2.6.18-3.el6.noarch ruby-libs-1.8.7.352-10.el6_4.x86_64 puppet-2.6.18-3.el6.noarch [root@puppet-master ~]#
Update use Puppet Lab's own repo so you get newer packages (added 6/14/2013).
/etc/yum.repos.d/puppet.repo
[Puppet] name=Puppet baseurl=http://yum.puppetlabs.com/el/6Server/products/x86_64/ gpgcheck=0 [Puppet_Deps] name=Puppet Dependencies baseurl=http://yum.puppetlabs.com/el/6Server/dependencies/x86_64/ gpgcheck=0
II. Initialize Services
Master
1. Added the following to /etc/puppet/puppet.conf:
[master] certname=puppet.example.com2. Created empty file in /etc/puppet/manifests/site.pp
3. Opened only 8140 in iptables
4. Start puppetmaster and configure it for boot:
service puppetmaster start chkconfig puppetmaster on5. Observe certs in /var/lib/puppet/
Agent
1. Added "server=puppet.example.com" to /etc/puppet/puppet.conf
2. Run "puppet agent --server=puppet.example.com --no-daemonize --verbose" and observe:
[root@puppet-agent ~]# puppet agent --server=puppet.example.com --no-daemonize --verbose info: Creating a new SSL key for puppet-agent.example.com info: Caching certificate for ca info: Creating a new SSL certificate request for puppet-agent.example.com info: Certificate Request fingerprint (md5): EA:5E:82:B8:A8:BA:8D:7E:5B:3D:20:2C:68:06:B0:04 ... notice: Did not receive certificate ...The above sends a cert to be signed by the master. It will check every two minutes if there is a new cert.
Master
Sign the certificate
[root@puppet-master public_keys]# puppet cert --list "puppet-agent.example.com" (EA:5E:82:B8:A8:BA:8D:7E:5B:3D:20:2C:68:06:B0:04) [root@puppet-master public_keys]# [root@puppet-master public_keys]# puppet cert --sign puppet-agent.example.com notice: Signed certificate request for puppet-agent.example.com notice: Removing file Puppet::SSL::CertificateRequest puppet-agent.example.com at '/var/lib/puppet/ssl/ca/requests/puppet-agent.example.com.pem' [root@puppet-master public_keys]#
Agent
Continue to observe the output of "puppet agent --server=puppet.example.com --no-daemonize --verbose" and you should see news of the cert's acceptance:
... info: Caching certificate for puppet-agent.example.com notice: Starting Puppet client version 2.6.18 info: Caching certificate_revocation_list for ca info: Caching catalog for puppet-agent.example.com info: Applying configuration version '1369603392' info: Creating state file /var/lib/puppet/state/state.yaml notice: Finished catalog run in 0.01 seconds ^cNow run the puppet agent as a daemon and configure it to run on boot:
[root@puppet-agent ~]# service puppet start Starting puppet: [ OK ] [root@puppet-agent ~]# chkconfig puppet on [root@puppet-agent ~]#
III. Push a puppet forge module to the agent
In this example I will use jeffmccune/motd.
Master
Before I can install puppet-module I need the gem binary, which you can't get on RHEL6 without the optional channel.[root@puppet-master manifests]# rhn-channel --list rhel-x86_64-server-6 [root@puppet-master manifests]# [root@puppet-master manifests]# rhn-channel -a --channel=rhel-x86_64-server-optional-6 Username: $username Password: [root@puppet-master manifests]# rhn-channel --list rhel-x86_64-server-6 rhel-x86_64-server-optional-6 [root@puppet-master manifests]#Install rubygems:
yum install rubygemsInstall puppet-module
[root@puppet-master manifests]# gem install puppet-module ****************************************************************************** Thank you for installing puppet-module from Puppet Labs! * Usage instructions: read "README.markdown" or run `puppet-module usage` * Changelog: read "CHANGES.markdown" or run `puppet-module changelog` * Puppet Forge: visit http://forge.puppetlabs.com/ * If you don't have Puppet installed locally by your system package manager, please install it with: sudo gem install puppet ****************************************************************************** Successfully installed puppet-module-0.3.4 1 gem installed Installing ri documentation for puppet-module-0.3.4... Installing RDoc documentation for puppet-module-0.3.4... Could not find main page README.rdoc Could not find main page README.rdoc Could not find main page README.rdoc Could not find main page README.rdoc [root@puppet-master manifests]#
Puppet looks for modules in /etc/puppet/modules, so create that directory:
[root@puppet-master ~]# cd /etc/puppet/ [root@puppet-master puppet]# mkdir modules [root@puppet-master puppet]# cd modules/ [root@puppet-master modules]#Install the jeffmccune/motd module from the puppet forge:
[root@puppet-master modules]# puppet module install jeffmccune/motd Installed "jeffmccune-motd-1.0.3" into directory: motd [root@puppet-master modules]# ls motd [root@puppet-master modules]#Define $puppetserver and node list in /etc/puppet/manifests/site.pp
import 'nodes.pp' $pupppetserver = 'puppet.example.com'Define the nodes in /etc/puppet/manifests/nodes.pp
node 'puppet-agent.example.com' { include motd }In the above case I am making a place for my puppet-agent node and asking that the motd module be on the agent.
Agent
Wait the default amount of time (30 minutes) or reload puppet.
root@puppet-agent ~]# service puppet reload Restarting puppet: [ OK ] [root@puppet-agent ~]# tail -f /var/log/messages May 26 19:50:24 puppet-agent puppet-agent[13924]: Restarting with '/usr/sbin/puppetd ' May 26 19:50:25 puppet-agent puppet-agent[14060]: Reopening log files May 26 19:50:25 puppet-agent puppet-agent[14060]: Starting Puppet client version 2.6.18 May 26 19:50:28 puppet-agent puppet-agent[14060]: (/File[/etc/motd]/content) content changed '{md5}d41d8cd98f00b204e9800998ecf8427e' to '{md5}1b48863bff7665a65dda7ac9f57a2e8c' May 26 19:50:28 puppet-agent puppet-agent[14060]: Finished catalog run in 0.02 secondsNow if I SSH into the agent, I see my new MOTD.
me@workstation:~$ ssh puppet-agent me@puppet-agent's password: Last login: Sun May 26 19:07:17 2013 from 192.168.1.50 ------------------------------------------------- Welcome to the host named puppet-agent RedHat 6.4 x86_64 ------------------------------------------------- Puppet: 2.6.18 Facter: 1.6.18 FQDN: puppet-agent.example.com IP: 192.168.1.67 Processor: Intel(R) Xeon(R) CPU E5462 @ 2.80GHz Memory: 486.71 MB ------------------------------------------------- [me@puppet-agent ~]$
No comments:
Post a Comment