Installing Puppetmaster 2.6.1
Assuming, like me, the thought of letting rubygems vommit all over your filesystem is not a pleasant one, then how to get the latest puppet 2.6.1 installed on CentOS 5.5 with yum isn’t very clear. Things may differ on other peoples systems, but the below worked for me.Set up yum repositories.
Do this on both the client and the serverAdd the following files and save them to /etc/yum.repos.d/
puppet.repo
[puppetlabs] name=Puppet Labs Packages baseurl=http://yum.puppetlabs.com/base/ enabled=0 gpgcheck=0
epel.repo
[epel] name=Extra Packages for Enterprise Linux 5 - $basearch #baseurl=http://download.fedoraproject.org/pub/epel/5/$basearch mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch failovermethod=priority enabled=0 gpgcheck=0 [epel-puppet] name=epel puppet baseurl=http://tmz.fedorapeople.org/repo/puppet/epel/5/$basearch/ enabled=0 gpgcheck=0
ruby.repo
[ruby] name=ruby baseurl=http://repo.premiumhelp.eu/ruby/ gpgcheck=0 enabled=0
Note that we include ruby and puppetlabs as the next steps in this tutorial will be to configure puppet and install puppet-dashboard. We want to upgrade to ruby 1.8.6 in order to run puppet-dashboard, doing this now will save you some pain down the line.
Upgrade Ruby to 1.8.6
Do this on both the client and the serverAs mentioned above, use the ruby repo to upgrade.
punch# yum --enablerepo="ruby" update ruby [...] ============================================================== Package Arch Version Repository Size ============================================================== Updating: ruby i686 1.8.6.111-1 ruby 525 k Updating for dependencies: ruby-libs i686 1.8.6.111-1 ruby 2.6 M Transaction Summary =============================================================== Install 0 Package(s) Upgrade 2 Package(s) Total download size: 3.1 M Is this ok [y/N]: y [...]
Install Puppet Server
On your puppetmaster server:punch# yum --enablerepo=epel,epel-puppet install puppet-server [...] Installing: puppet-server noarch 2.6.1-0.3.rc3.el5 epel-puppet 20 k Installing for dependencies: facter noarch 1.5.8-0.2.rc2.el5 epel-puppet 55 k libselinux-ruby i386 1.33.4-5.5.el5 base 60 k puppet noarch 2.6.1-0.3.rc3.el5 epel-puppet 818 k ruby-augeas i386 0.3.0-1.el5 epel 19 k ruby-shadow i386 1.4.1-7.el5 epel 9.5 k Install 6 Package(s) Upgrade 0 Package(s) Total download size: 981 k Is this ok [y/N]: y [...]
On your puppet client
judy# yum --enablerepo="epel,epel-puppet" install puppet [...] Installing: puppet noarch 2.6.1-0.3.rc3.el5 epel-fedora 818 k Installing for dependencies: facter noarch 1.5.8-0.2.rc2.el5 epel-fedora 55 k libselinux-ruby i386 1.33.4-5.5.el5 base 60 k ruby-augeas i386 0.3.0-1.el5 epel 19 k ruby-shadow i386 1.4.1-7.el5 epel 9.5 k Install 5 Package(s) Upgrade 0 Package(s) Total download size: 961 k Is this ok [y/N]: y
That’s it, in part 2 and 3 we will install our client and server and install dashboard.
Part 2: Puppet 2.6.1, configure puppetmaster and puppetd
Configure Puppetmaster
For installing puppetmaster 2.4.1 on CentOS please click here for Part 1In Part 1 we covered installing the Puppetmaster and Puppetd packages on Centos 5.5. We will now configure a very basic client/server model to serve the /etc/resolv.conf file to our client. Simple enough!
Create your first module
Our first module will be called networking::resolver, it’s job will be to push out a resolve.conf file to clients.Create the directory structure under /etc/puppet
punch# cd /etc/puppet punch# mkdir modules punch# mkdir modules/networking punch# mkdir modules/networking/files punch# mkdir modules/networking/manifests punch# mkdir files
Create your resolv.conf file
punch# vi modules/networking/files/resolv.conf
punch# vi modules/networking/manifests/init.pp
class networking {
# Here you can add stuff to be inhereted by your networking classes
# We won't bother for this demonstration, but just for show!
}
class networking::resolver inherits networking {
file { "/etc/resolv.conf":
ensure => present,
source => "puppet:///modules/networking/resolv.conf",
group => "root",
owner => "root",
mode => "0755"
}
}
Configure your site and nodes
Create a minimal site.pppunch# vi manifests/site.pp
import "nodes"
import "templates"
filebucket { main: server => puppet }
Create a tempates file
punch# vi manifests/templates.pp
class baseclass {
include networking::resolver
}
node default {
include baseclass
}
Create your node file
Don’t forget to replace judy.craigdunn.org with the fqdn of your client server
punch# vi manifests/nodes.pp
node 'basenode' {
include baseclass
}
node 'judy.craigdunn.org' inherits basenode {
}
Set up puppetmaster parameters
Create default configuration
This is a minimal puppet.conf file, a more detailed file can be produced with puppetmasterd –genconfig
The autosign will automatically sign certs for new clients, this is discouraged in a production environment but useful for testing. For information on running puppetmaster without autosign see the puppetca documentation.
punch# vi puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
report = true
[master]
autosign = true
Set permissions for your fileserver.
Note that this allows everything, you should restrict this in a production environment.
punch# vi fileserver.conf
[files] path /etc/puppet/files allow * [modules] allow * [plugins] allow *
Start puppetmaster
punch# service puppetmaster start Starting puppetmaster: [ OK ]
The puppet client
Configure puppetd
On your client, edit puppet.conf and add the following in the [agent] section, remembering to change punch.craigdunn.org to the fqdn of your Puppetmaster.
judy# vi /etc/puppet/puppet.conf
[agent]
server = punch.craigdunn.org
report = true
listen = true
Allow puppetrunner
Create a file called namespaceauth.conf and add the following, note in a production environment this should be restricted to the fqdn of your puppet master
judy# vi /etc/puppet/namespaceauth.conf
[puppetrunner] allow *
Start puppetd
judy# service puppet start
View pending changes
Use –test along with –noop to do a dry run to view the changes that puppetd will make
judy# puppetd --noop --test [...] notice: /Stage[main]/Networking::Resolver/File[/etc/resolv.conf]/content: is
{md5}e71a913327efa3ec8dae8c1a6df09b43, should be {md5}24b6444365e7e012e8fdc5f302b56e9c (noop)
[...]
Now you can run puppetd without –noop to pull in your new resolv.conf file
This is a very basic demonstration of creating a server/client pair with puppet. There is much more documentation on configuring and managing puppet here
Part 3: Installing puppet-dashboard on CentOS / Puppet 2.6.1
Puppet Dashboard
Puppet dashboard is a fairly new app with loads of future potential and is great for monitoring your puppet estate. This is a quick guide to getting it running on puppet 2.6.1. Be sure you have the correct yum repos and ruby versions installed, see Part 1 and Part 2 for more details.Install the puppet-dashboard package.
punch# yum --enablerepo=puppetlabs,ruby,epel install puppet-dashboard [...] Installing for dependencies: mysql i386 5.0.77-4.el5_5.3 ruby-irb i686 1.8.6.111-1 ruby-mysql i686 2.7.4-1 ruby-rdoc i686 1.8.6.111-1 rubygem-rake noarch 0.8.7-2.el5 rubygems noarch 1.3.1-1.el5 Install 7 Package(s) Upgrade 0 Package(s) Total download size: 11 M Is this ok [y/N]: y [...]
Create a MySQL database for puppet-dashboard
Create a database for puppet-dashboard to use and set up a user with all privileges to use it. This can be done on a seperate host.mysql> CREATE DATABASE puppetdash; Query OK, 1 row affected (0.00 sec) mysql> GRANT ALL PRIVILEGES ON puppetdash.* TO puppet@'%' IDENTIFIED BY 'punchandjudy'; Query OK, 0 rows affected (0.00 sec)
Configure database.yaml
cd /usr/share/puppet-dashboard vi config/database.yaml
development: host: professor.craigdunn.org database: puppetdash username: puppet password: punchandjudy encoding: utf8 adapter: mysql
Migrate the database
punch# rake RAILS_ENV=development db:migrate
[...]
(in /usr/share/puppet-dashboard)
== BasicSchema: migrating ====================================================
-- create_table(:assignments, {:force=>true})
-> 0.0072s
-- create_table(:nodes, {:force=>true})
-> 0.0030s
-- create_table(:services, {:force=>true})
-> 0.0026s
== BasicSchema: migrated (0.0132s) ===========================================
[...]
Copy reports module to site_ruby
I hate doing this but puppetmasterd explicitly looks for reports in puppet/reports and so far I haven’t found a clean workaround to tell it to look in /usr/share/puppet-dashboard for it. If anyone knows of a way, please email me.
punch# cp /usr/share/puppet-dashboard/ext/puppet/puppet_dashboard.rb /usr/lib/ruby/site_ruby/1
.8/puppet/reports
Edit your puppet.conf
Include the following in the [master] section, changing punch.craigdunn.org to your puppet server[master] reports = puppet_dashboard,store reportdir = /var/lib/puppet/reports reporturl = http://punch.craigdunn.org:3000/reports
Restart puppetmaster and start puppet-dashboard
punch# service puppetmaster restart Stopping puppetmaster: [ OK ] Starting puppetmaster: [ OK ] punch# service puppet-dashboard start Starting puppet-dashboard: [ OK ]
Test web GUI
Go to the following link in your browser (replacing the hostname with your fqdn)http://punch.craigdunn.org:3000/
Configure the client
Edit puppet.conf
Make sure the following things are set in the [agent] section of puppet.conf on your client node.judy# vi /etc/puppet/puppet.conf
[agent]
report = true
Run puppet in noop mode on the client
judy# puppetd --noop --test