Puppet on CentOS
The Linux installation software yum makes
installing Puppet easy. The only difficulty is that Puppet is not in the CentOS
yum repository list by default, so we have to install that first before we can
invoke yum. (If you have CentOS 5 or CentOS 6, change the 7 to a 5 or 6).
Or
[user@puppet
~]# yum install puppet-server
You can confirm that the
Puppet repository has been installed with the following command:
yum repolist |
grep puppet
which should yield output looking something like this:
puppetlabs-deps/x86_64 Puppet Labs Dependencies El 7 -
x86_64
10
puppetlabs-products/x86_64 Puppet Labs Products El 7 - x86_64 70
puppetlabs-products/x86_64 Puppet Labs Products El 7 - x86_64 70
Now install Puppet using yum.
yes | yum -y install puppet
Test that Puppet is installed and working with the following
command. The output should be just a simple version number such as 3.6.2.
puppet
--version
Set Hostname and FQDN: To
see whether your node is correctly configured for Puppet, execute the following
two commands:
facter | grep
hostname
facter | grep fqdn
facter | grep fqdn
# Add
your puppet server hostnames to the conf file under the [main] section
[user@puppet ~]# vi /etc/puppet/puppet.conf
[user@puppet ~]# vi /etc/puppet/puppet.conf
dns_alt_names = puppet,puppet.yourserver.com
[user@puppet ~]# service puppetmaster start
When
the installation is done, set the Puppet server to automatically start on boot
and turn it on.
# chkconfig puppetmaster on
# chkconfig puppet on
Puppet
listens on port no 8140, ensure to unblock it in CSF or your firewall.
Run iptables -F to clear old tables
iptables -I INPUT 2 -p tcp --dport 8140 -j
ACCEPT
iptables -A INPUT -p tcp
--dport 8140 -j ACCEPT
Iptalbes -L
Create A Puppet Configuration
File
ls -la /etc/puppet
There should be a few .conf files and
a modules subdirectory.
mkdir
/etc/puppet/manifests
Now create the configuration file. You will need to
substitute your own domain name
formynode.example.com.
cat
>/etc/puppet/manifests/projectname.pp
node
"mynode.example.com" {
file {
'/root/example_file.txt':
ensure => "file",
owner => "root",
group => "root",
mode => "700",
content => "Congratulations!
Puppet has created this file.
",}
ensure => "file",
owner => "root",
group => "root",
mode => "700",
content => "Congratulations!
Puppet has created this file.
",}
} # End node
mynode.example.com
^D
^D
Invoke Puppet
puppet apply
/etc/puppet/manifests/projectname.pp
Puppet should create the file /root/example_file.txt owned by root, in the root group,
and with:
cat /root/example_file.txt
You should see the text we specified in the configuration
file.
Invoke Puppet Again
puppet apply
/etc/puppet/manifests/projectname.pp
###############################################################
Puppet client
update
/etc/sysconfig/puppet
PUPPET_SERVER=server.your.domain
Now
you can start your Puppet client:
# service
puppet start
We
need to force our client to check in with the Puppet master by using:
# puppet
agent --test
You
should expect certificate error:
Exiting; no
certificate found and waitforcert is disabled
On
puppet master server
and check certificate verification requests:
# puppet
cert list
You
should see a list of all the servers that requested a certificate signing from
your puppet master. Find the hostname of your client server and sign it using
the following command (client-node is the domain name of your client node):
# puppet
cert sign client-node
Puppet client runs
every 30mins, to change update /etc/puppet/puppet.conf on client nodes:
runinterval = <yourtime>
Note
that a runinterval of 0 means "run continuously" rather than
"never run"
No comments:
Post a Comment