Puppet Installation & Configuration
GyeongRyoon Kim
# 설치 리눅스 SL5.3 32bit / SL5.5 64bit
Installation & Configuration Guide
This guide covers in-depth installation instructions and options for Puppet on a wide-range of operating systems.
Before Starting
You will need to install Puppet on all machines on both clients and the central Puppet master server(s).
For most platforms, you can install ‘puppet’ via your package manager of choice. For a few platforms, you will need to install using the tarball or RubyGems.
INFO: For instructions on installing puppet using a distribution-specific package manager, consult your operating system documentation. Volunteer contributed operating system packages can also be found on the downloads page
Ruby Prerequisites
The only prerequisite for Puppet that doesn’t come as part of the Ruby standard library is facter, which is also developed by Puppet Labs.
All other prerequisites Ruby libraries should come with any standard Ruby 1.8.2+ install. Should your OS not come with the complete standard library (or you are using a custom Ruby build), these include:
• base64
• cgi
• digest/md5
• etc
• fileutils
• ipaddr
• openssl
• strscan
• syslog
• uri
• webrick
• webrick/https
• xmlrpc
NOTE: We strongly recommend using the version of Ruby that comes with your system, since that will have a higher degree of testing coverage. If you feel the particular need to build Ruby manually, you can get the source from ruby-lang.org.
OS Packages
If installing from a distribution maintained package, such as those listed on the Downloading Puppet Wiki Page all OS prerequisites should be handled by your package manager. See the Wiki for information on how to enable repositories for your particular OS. Usually the latest stable version is available as a package. If you would like to do puppet-development or see the latest versions, however, you will want to install from source.
■ Install ruby
$ wget ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p302.tar.bz2
$ tar -xzjf ruby-1.9.2-p0.tar.bz2
$ cd ruby-1.9.2-p0
$ ./configure
$ make
$ make install
■ install ruby-gem
$ wget http://rubyforge.org/frs/download.php/73779/rubygems-1.4.1.tgz
$ tar -xvzf rubygems-1.4.1.tgz
$ cd rubygems-1.4.1
$ ruby setup.rb
■ Download puppet & facter
$ wget http://puppetlabs.com/downloads/facter/facter-latest.tgz
$ wget http://puppetlabs.com/downloads/puppet/puppet-latest.tgz
■ Install facter
$ cd facter-1.5.8
$ ruby install.rb
■ Install puppet
$ cd puppet-2.6.4
$ ruby install.rb
■ DNS setting
For puppet master server
$ vi /etc/hosts
puppetmast's IP servername puppet
15.180.234.kxx master.gsdc.re.kr puppet
For puppet client
$ vi /etc/hosts
puppetmast's IP servername puppet
ex) 15.180.234.xx master.gsdc.re.kr puppet
check DNS setting at puppet master server and client server both
■ Open the 8140 port
Only for puppetmaster
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 8140 -j ACCEPT <- add
$ netstat -anpt | grep 8140 <- check 8140 port
$ iptables -nL
■ Create puppet configuration directory and files
only for puppetmaster
$ mkdir -p /etc/puppet/manifests/
$ vi /etc/puppet/manifests/site.pp
■ create ca at puppet master server
$ puppetd --generate masgter_server_name
ex) puppetd --generate daniel03.gsdc.re.kr
$ ls /etc/puppet/ssl/ca/signed
■ Create puppetmasterd script
Only for puppetmaster
$ cp /opt/pupet-2.6.4/conf/redhat/server.init /etc/init.d/puppetmasterd
$ chmod u+x /etc/init.d/puppetmasterd
If you have some error, change permission at /var/lib/puppet directory
■ Create puppetd script
Only for client
$ cp /opt/pupet-2.6.4/conf/redhat/client.init /etc/init.d/puppetd
$ chmod u+x /etc/init.d/puppetd
$ vi /etc/init.d/puppetd
puppetd=${PUPPETD-/usr/local/sbin/puppetd} <- check puppetd path
■ Create puppet account for puppetmaster
Only for puppetmaster
■ Start Puppetmaster daemon
It is also neccessary to create the puppet user and group that the daemon will use. Either create these manually, or start the daemon with the --mkusers flag to create them.
Starting the puppet daemon will automatically create all necessary certificates, directories, and files.
$ /usr/sbin/pupptmasterd --mkusers
$ /usr/sbin/pupptmasterd start
If you Can not start puppetmasterd demon, check PATH of puppetmasterd and modify path at /etc/init.d/puppetmasterd files
$ vi /etc/init.d/puppetmasterd
PUPPETMASTER=/usr/local/sbin/$prog <- check the path
■ Request CA to puppetmaster
Only for client
■ Check CA from client and sign it.
$ puppetca --list
ex)daniel02.gsdc.re.kr
$ puppetca --sign daniel02.gsdc.re.kr
or
$ puppetca --sign all
If you can not see the list of CA from client, Check CA for puppetmaster
Issuer: CN=Puppet CA: daniel03.gsdc.re.kr
Validity
Not Before: Jan 19 04:49:45 2011 GMT
Not After : Jan 18 04:49:45 2016 GMT
Subject: CN=Puppet CA: daniel03.gsdc.re.kr
If hosts name at CA is not same with puppetmaster's name, clear all CA in puppetmaster and recreate CA using puppetmasterd.
■ Add init process
Only for puppetmaster
$ chkconfig --add puppetmasterd
$ chkconfig puppetmasterd on
$ chkconfig --list | grep puppetmasterd <- check
only for client
$ chkconfig --add puppetd
$ chkconfig puppetd on
$ chkconfig --list | grep puppetd <- check
■ Create puppet.conf files
client and puppetmaster are both.
[user] # where puppet stores dynamic and growing data. # The default value is '/var/puppet'. vardir = /var/lib/puppet # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/lib/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/lib/run # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $confdir/ssl #module path modulepath = /etc/puppet/modules [main] manifest = /etc/puppet/manifests/site.pp modulepath = /etc/puppet/modules [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved configuration. Can be loaded in # the separate ``puppet1`` excutable using the ``--loadclasses`` # option. # The default value is '$confdir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd chaches the local configuration. An # extension indicationg the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig server = daniel03.gsdc.re.kr runinterval = 1800 [master] ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY
|
■ Scaling Puppet (Using Passenger)
Passenger is the Apache 2.X Extension which lets you run Rails or Rack applications inside Apache.
Puppet (>0.24.6) now ships with a Rack application which can embed a puppetmaster. While it should be compatible with every Rack application server, it has only been tested with Passenger.
Depending on your operation system, the versions of Puppet, Apache and Passenger may not support this implementation. Specifically, Ubuntu Hardy ships with an older version of puppet(0.24.4) and doesn't include passenger at all, howerver updated packages for puppet can be found here. There are also some passenger packages there, but as of 2009-09-28 they do not seem to have the lastest passenger (2.2.5), so better install passenger from a gem as per the instructions at[modrails.com].
Note: Passenger versions 2.2.3 and 2.2.4 have known bugs regarding to the SSL environment variables, which make them unsuitable for hosting a puppetmaster. So user either 2.2.2, or 2.2.5. Note that while it was expected that Passenger 2.2.2 would be the last version which can host a 0.24.x puppetmaster, that turns out to be not true, cf. this bug report. So, passenger 2.2.5 works fine.
■ Install Rack/Passenger
$ gem install rack
$ gem install passenger
check the lists what you have installed
$ gem list
*** LOCAL GEMS ***
daemon_controller (0.2.5)
fastthread (1.0.7)
file-tail (1.0.5)
passenger (3.0.2)
rack (1.2.1)
rake (0.8.7)
spruz (0.2.2)
$ install passenger-install-apache2-module
$ passenger-install-apache2-module
■ Enable Apache modules “ssl” and “headers”:
install install mod_ssl
■ Configure Apache
For RHEL5:
Install the rack application [1]:
$ mkdir -p /etc/puppet/rack/puppetmasterd
$ mkdir /etc/puppet/rack/puppetmasterd/public
$ mkdir /etc/puppet/rack/puppetmasterd/tmp
$ cp /opt/puppet-2.6.4/ext/rack/files/config.ru /etc/puppet/rack/puppetmasterd
$ chown puppet /etc/puppet/rack/puppetmasterd/config.ru
Write below contents for puppetmasterd.conf
contents of puppetmasterd.conf
$vi /etc/httpd/conf.d/puppetmaster.conf
Listen 8140 <VirtualHost *:8140> SSLEngine on SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA SSLCertificateFile /etc/puppet/ssl/certs/daniel03.gsdc.re.kr.pem SSLCertificateKeyFile /etc/puppet/ssl/private_keys/daniel03.gsdc.re.kr.pem SSLCertificateChainFile /etc/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /etc/puppet/ssl/ca/ca_crt.pem # CRL checking should be enabled; if you have problems with Apache complaining about the CRL, disable the next line SSLCARevocationFile /etc/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars # The following client headers allow the same configuration to work with Pound. RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e RackAutoDetect On DocumentRoot /etc/puppet/rack/puppetmasterd/public/ <Directory /etc/puppet/rack/puppetmasterd/> Options None AllowOverride None Order allow,deny allow from all </Directory> </VirtualHost>
|
Add below contests for apache
$ vi /etc/httpd/conf/httpd.conf
LoadModule passenger_module //usr/local/lib/ruby/gems/1.8/gems/passenger-3.0.2/ext/apache2/mod_passenger.so
PassengerRoot /usr/local/lib/ruby/gems/1.8/gems/passenger-3.0.2/
PassengerRuby /usr/local/bin/ruby
■ Confugure auth.conf file to access modules directory
$ vi /etc/puppet/auth.conf
## authorize access to module directory to anybody
path /modules
method find
allow *
■ Start apache web server
If all works well, you’ll want to make sure your puppmetmasterd init script does not get called anymore:
# For Debian/Ubuntu
# For RHEL5
$ chkconfig puppetmaster off
$ chkconfig httpd on
■ Restart apache server
If puppetmaster process is alive, you should kill that process and execute apache process.
# For Debian/Ubuntu
# For RHEL5
'Computer Engineering > Linux' 카테고리의 다른 글
ssh 세션 지속 시간 설정 ( 안끊기게) (0) | 2012.03.06 |
---|---|
리눅스 프롬프트 변경 방법 (0) | 2011.03.04 |
ssh 자동접속 권한 생성 방법(공개키 public key 방식 - rsa) (0) | 2010.11.15 |
우분투 runlevel (런레벨) 변경 방법 (0) | 2010.09.13 |
윈도우 대체 리눅스 프로그램 (0) | 2010.09.11 |
ssh 입력시 welcom 메시지 나타내기 (0) | 2010.09.07 |
php한글문제 (0) | 2008.09.07 |
우분투 ftp 설치 (0) | 2008.09.07 |
우분투 소스 리스트 업데이트 (0) | 2008.09.07 |
리눅스 APM 설치 (0) | 2008.09.05 |