|
Puppet : Install
2015/07/22 |
|
Install and setup the Configuration management tool "Puppet".
It's possible to use it on a server with standalone though, but this example setup it with Puppet server and Puppet client environment.
It's necessarry to setup DNS or hosts settings to resolve names or IP address and also NTP settings first.
|
|
| [1] | Install puppet-server on Puppet Server Host. |
|
[root@dlp ~]#
[root@dlp ~]# yum -y install https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/puppetlabs.repo
[root@dlp ~]#
yum --enablerepo=puppetlabs-products,puppetlabs-deps -y install puppet-server
[root@dlp ~]#
vi /etc/puppet/puppet.conf
[main]
[root@dlp ~]# # add follows into [main] section : Puppet server's DNS name
dns_alt_names = dlp.srv.world,dlp
puppet master --verbose --no-daemonize
Info: Creating a new SSL key for ca
Info: Creating a new SSL certificate request for ca
Info: Certificate Request fingerprint (SHA256):
Notice: Signed certificate request for ca
Info: Creating a new certificate revocation list
Info: Creating a new SSL key for dlp.srv.world
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for dlp.srv.world
Info: Certificate Request fingerprint (SHA256):
Notice: dlp.srv.world has a waiting certificate request
Notice: Signed certificate request for dlp.srv.world
Notice: Removing file Puppet::SSL::CertificateRequest dlp.srv.world at
'/var/lib/puppet/ssl/ca/requests/dlp.srv.world.pem'
Notice: Removing file Puppet::SSL::CertificateRequest dlp.srv.world at
'/var/lib/puppet/ssl/certificate_requests/dlp.srv.world.pem'
Notice: Starting Puppet master version 3.8.1
# push Ctrl + C to quit
systemctl start puppetmaster [root@dlp ~]# systemctl enable puppetmaster |
| [2] | Install puppet on Puppet Client Host. |
|
[root@node01 ~]#
[root@node01 ~]# yum -y install https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/puppetlabs.repo
[root@node01 ~]#
yum --enablerepo=puppetlabs-products,puppetlabs-deps -y install puppet
[root@node01 ~]#
vi /etc/puppet/puppet.conf
[agent]
[root@node01 ~]# # add follows into [agent] section : Puppet server's hostname or IP address
server = dlp.srv.world
puppet agent --test --ca_server=dlp.srv.world Info: Creating a new SSL key for node01.srv.world Info: Caching certificate for ca Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for node01.srv.world Info: Certificate Request fingerprint (SHA256): Info: Caching certificate for ca Exiting; no certificate found and waitforcert is disabled[root@node01 ~]# systemctl start puppet [root@node01 ~]# systemctl enable puppet |
| [3] | Enable certificate from Puppet Client on Puppet Server. |
|
# show certificate requests [root@dlp ~]# puppet cert list "node01.srv.world" (SHA256) xx:xx:xx:xx:xx:xx:xx # sign [root@dlp ~]# puppet cert --allow-dns-alt-names sign node01.srv.world
Notice: Signed certificate request for node01.srv.world
Notice: Removing file Puppet::SSL::CertificateRequest node01.srv.world at
'/var/lib/puppet/ssl/ca/requests/node01.srv.world.pem'
|
| [4] | Make sure Puppet Server/Client works normally to create a test manifest. Puppet clients refer to manifests on Puppet server for every 30 minutes by default, so wait for a moment to make sure it or if you'd like to make sure at once, restart Puppet Client daemon(puppetd). |
|
[root@dlp ~]#
vi /etc/puppet/manifests/site.pp # for example, create a "testgroup" like follows
group { 'testgroup':
ensure => present,
gid => 2000,
}
grep testgroup /etc/group testgroup:x:2000: |
| [5] | It's possible to apply manifest to local environment manually like follows. |
|
[root@dlp ~]# puppet apply /etc/puppet/manifests/site.pp Notice: Compiled catalog for dlp.srv.world in environment production in 0.13 seconds Notice: /Stage[main]/Main/Group[testgroup]/ensure: created Notice: Finished catalog run in 0.34 seconds |