Tuesday, August 4, 2015




Configure Puppet for Centos 6.0

1> yum install ntp

2>   dowlaod puppet repository

[root@bik ~]# rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm


3> go to /etc/yum.repos.d
edit file puppetlabs.repo

[puppetlabs-devel]
name=Puppet Labs Devel El 6 - $basearch
baseurl=http://yum.puppetlabs.com/el/6/devel/$basearch
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs
enabled=1    -------changed from 0 to 1
gpgcheck=1

4> yum install puppet-server

5> go to /etc/puppet/puppet.conf

vi /etc/puppet/puppet.conf

Add following line after [main] last line

#Set up DNS names that the server will respond to
dns_alt_names = puppet puppet.mydomain.local

save it

6>create a new cetificate

puppet master --verbose --no-daemonize


7> make a couple of dir for mainfest for diff environment
cd /etc/puppet

[root@bik ~]# cd /etc/puppet/
[root@bik puppet]# ls
auth.conf  environments  fileserver.conf  manifests  modules  puppet.conf
[root@bik puppet]# cd environments/
[root@bik environments]# ls
example_env
[root@bik environments]# ls -a example_env/
.  ..  manifests  modules  README.environment

create diff folder for diff environment ---

[root@bik environments]# mkdir -p prodcution/manifests
[root@bik environments]# mkdir -p prodcution/modules
[root@bik environments]# mkdir -p development/manifests
[root@bik environments]# mkdir -p development/modules
[root@bik environments]# ls
development  example_env  prodcution
[root@bik environments]# cd development/
[root@bik development]# ls
manifests  modules

now we are going to tell puppet these above file exists.
[root@bik development]# vi /etc/puppet/puppet.conf

#Tell puppet where the environment directories live
environmentpath = $confdir/environments

root@bik development]# service puppetmaster  start
Starting puppetmaster:                                     [  OK  ]

[root@bik development]# service puppetmaster  stop
Stopping puppetmaster:                                     [  OK  ]

8> [root@bik development]# yum install httpd httpd-devel mod_ssl ruby_devel rubygems gcc

[root@bik development]# chkconfig httpd on

9> install passenger
 gem install rack passenger
10 > lunch the installer for passenger
development]# passenger-install-apache2-module

Eneter ---

install all dependency
yum install gcc-c++ openssl-devel  zlib-devel ruby-devel

Rerun

[root@bik development]# passenger-install-apache2-module

-----------------------------------------------------------------

# You'll need to adjust the paths in the Passenger config depending on which OS
# you're using, as well as the installed version of Passenger.

# Debian/Ubuntu:
#LoadModule passenger_module /var/lib/gems/1.8/gems/passenger-4.0.x/ext/apache2/mod_passenger.so
#PassengerRoot /var/lib/gems/1.8/gems/passenger-4.0.x
#PassengerRuby /usr/bin/ruby1.8

# RHEL/CentOS:
#LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.x/ext/apache2/mod_passenger.so
#PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.x
#PassengerRuby /usr/bin/ruby

# And the passenger performance tuning settings:
# Set this to about 1.5 times the number of CPU cores in your master:
PassengerMaxPoolSize 12
# Recycle master processes after they service 1000 requests
PassengerMaxRequests 1000
# Stop processes if they sit idle for 10 minutes
PassengerPoolIdleTime 600

Listen 8140
<VirtualHost *:8140>
    # Make Apache hand off HTTP requests to Puppet earlier, at the cost of
    # interfering with mod_proxy, mod_rewrite, etc. See note below.
    PassengerHighPerformance On

    SSLEngine On

    # Only allow high security cryptography. Alter if needed for compatibility.
    SSLProtocol ALL -SSLv2 -SSLv3
    SSLCipherSuite EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
    SSLHonorCipherOrder     on

    SSLCertificateFile      /etc/puppetlabs/puppet/ssl/certs/puppet-server.example.com.pem
    SSLCertificateKeyFile   /etc/puppetlabs/puppet/ssl/private_keys/puppet-server.example.pem
    SSLCertificateChainFile /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem
    SSLCACertificateFile    /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem
    SSLCARevocationFile     /etc/puppetlabs/puppet/ssl/ca/ca_crl.pem
    SSLCARevocationCheck     chain
    SSLVerifyClient         optional
    SSLVerifyDepth          1
    SSLOptions              +StdEnvVars +ExportCertData

    # Apache 2.4 introduces the SSLCARevocationCheck directive and sets it to none
    # which effectively disables CRL checking. If you are using Apache 2.4+ you must
    # specify 'SSLCARevocationCheck chain' to actually use the CRL.

    # These request headers are used to pass the client certificate
    # authentication information on to the Puppet master process
    RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

    DocumentRoot /usr/share/puppet/rack/puppetmasterd/public

    <Directory /usr/share/puppet/rack/puppetmasterd/>
      Options None
      AllowOverride None
      # Apply the right behavior depending on Apache version.
      <IfVersion < 2.4>
        Order allow,deny
        Allow from all
      </IfVersion>
      <IfVersion >= 2.4>
        Require all granted
      </IfVersion>
    </Directory>

    ErrorLog /var/log/httpd/puppet-server.example.com_ssl_error.log
    CustomLog /var/log/httpd/puppet-server.example.com_ssl_access.log combined
</VirtualHost>

----------------------------------------------------------------------------------------------------

vim /etc/httpd/conf.d/puppet.conf

Uncomment following lines

# RHEL/CentOS:
LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.x/ext/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.x
PassengerRuby /usr/bin/ruby

install mlocate for file index system
yum install mlocate

populate database

use command  --locateupdatedb

find out the path of file

[root@bik development]# locate mod_passenger.so
/usr/lib/ruby/gems/1.8/gems/passenger-5.0.15/buildout/apache2/mod_passenger.so
[root@bik development]#

copy the whole path and edit conif file

vim /etc/httpd/conf.d/puppet.conf
change to

 RHEL/CentOS:
LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-5.0.15/buildout/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-5.0.15
PassengerRuby /usr/bin/ruby

vim /etc/httpd/conf.d/puppet.conf



 SSLCertificateFile     /var/lib/puppet/ssl/certs/puppet.mydomain.local.pem
    SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/puppet.mydomain.local.pem
    SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
    SSLCACertificateFile    /var/lib/puppet/ssl/ca/ca_crt.pem
    SSLCARevocationFile    / var/lib/puppet/ssl/ca/ca_crl.pem
    #SSLCARevocationCheck     chain
    SSLVerifyClient         optional
    SSLVerifyDepth          1




vim  /etc/httpd/conf/httpd.conf
#ServerName puppet.mydomain.local:80
:wq




[root@bik ca]# mkdir -p /usr/share/puppet/rack/puppetmasterd
[root@bik ca]# mkdir -p /usr/share/puppet/rack/puppetmasterd/public
[root@bik ca]# mkdir -p /usr/share/puppet/rack/puppetmasterd/tmp
[root@bik ca]# cp /usr/share/puppet/ext/rack/config.ru  /usr/share/puppet/rack/puppetmasterd/
[root@bik ca]# chown puppet:puppet /usr/share/puppet/rack/puppetmasterd/config.ru
[root@bik ca]# service httpd restart

[root@bik ca]# netstat -anl | grep 8140
tcp        0      0 :::8140                     :::*                        LISTEN     
[root@bik ca]#









Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)