CentOS 7
Ads

Puppet : Install
2015/07/22
 
Install and setup the Configuration management tool "Puppet".
It's possible to use it on a server with standalone though, but this example setup it with Puppet server and Puppet client environment.
It's necessarry to setup DNS or hosts settings to resolve names or IP address and also NTP settings first.
[1] Install puppet-server on Puppet Server Host.
[root@dlp ~]#
yum -y install https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
[root@dlp ~]#
sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/puppetlabs.repo

[root@dlp ~]#
yum --enablerepo=puppetlabs-products,puppetlabs-deps -y install puppet-server
[root@dlp ~]#
vi /etc/puppet/puppet.conf
[main]
# add follows into [main] section : Puppet server's DNS name

    dns_alt_names = dlp.srv.world,dlp
[root@dlp ~]#
puppet master --verbose --no-daemonize

Info: Creating a new SSL key for ca
Info: Creating a new SSL certificate request for ca
Info: Certificate Request fingerprint (SHA256): 
Notice: Signed certificate request for ca
Info: Creating a new certificate revocation list
Info: Creating a new SSL key for dlp.srv.world
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for dlp.srv.world
Info: Certificate Request fingerprint (SHA256): 
Notice: dlp.srv.world has a waiting certificate request
Notice: Signed certificate request for dlp.srv.world
Notice: Removing file Puppet::SSL::CertificateRequest dlp.srv.world at 
    '/var/lib/puppet/ssl/ca/requests/dlp.srv.world.pem'
Notice: Removing file Puppet::SSL::CertificateRequest dlp.srv.world at 
    '/var/lib/puppet/ssl/certificate_requests/dlp.srv.world.pem'
Notice: Starting Puppet master version 3.8.1
# push Ctrl + C to quit
[root@dlp ~]#
systemctl start puppetmaster

[root@dlp ~]#
systemctl enable puppetmaster

[2] Install puppet on Puppet Client Host.
[root@node01 ~]#
yum -y install https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
[root@node01 ~]#
sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/puppetlabs.repo

[root@node01 ~]#
yum --enablerepo=puppetlabs-products,puppetlabs-deps -y install puppet
[root@node01 ~]#
vi /etc/puppet/puppet.conf
[agent]
# add follows into [agent] section : Puppet server's hostname or IP address

    server = dlp.srv.world
[root@node01 ~]#
puppet agent --test --ca_server=dlp.srv.world

Info: Creating a new SSL key for node01.srv.world
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for node01.srv.world
Info: Certificate Request fingerprint (SHA256): 
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled

[root@node01 ~]#
systemctl start puppet

[root@node01 ~]#
systemctl enable puppet

[3] Enable certificate from Puppet Client on Puppet Server.
# show certificate requests

[root@dlp ~]#
puppet cert list

  "node01.srv.world" (SHA256) xx:xx:xx:xx:xx:xx:xx
# sign

[root@dlp ~]#
puppet cert --allow-dns-alt-names sign node01.srv.world

Notice: Signed certificate request for node01.srv.world
Notice: Removing file Puppet::SSL::CertificateRequest node01.srv.world at 
    '/var/lib/puppet/ssl/ca/requests/node01.srv.world.pem'
[4] Make sure Puppet Server/Client works normally to create a test manifest.
Puppet clients refer to manifests on Puppet server for every 30 minutes by default, so wait for a moment to make sure it or if you'd like to make sure at once, restart Puppet Client daemon(puppetd).
[root@dlp ~]#
vi /etc/puppet/manifests/site.pp
# for example, create a "testgroup" like follows

group { 'testgroup':
    ensure => present,
    gid    => 2000,
}

# restart puppetd if you make sure it at once

[root@node01 ~]#
systemctl restart puppet
[root@node01 ~]#
grep testgroup /etc/group

testgroup:x:2000:
[5] It's possible to apply manifest to local environment manually like follows.
[root@dlp ~]#
puppet apply /etc/puppet/manifests/site.pp

Notice: Compiled catalog for dlp.srv.world in environment production in 0.13 seconds
Notice: /Stage[main]/Main/Group[testgroup]/ensure: created
Notice: Finished catalog run in 0.34 seconds
 
Tweet