Installing and Configuring Puppet from Source

               Installing and Configuring Puppet from Source

Dependencies:

Puppet has the following dependencies:

1. Ruby 
2. Facter
3. Hiera
4. JSON library


Installing Ruby

Ruby comes bundled with RedHat systems , so we can install it using YUM.We will see how to install rest of the dependencies from Source Code. To install rest of the dependencies , we will need ruby first. Assuming we successfully installed ruby related packages using YUM.

                $yum install ruby

Installing JSON libabry

1.   Download JSON from the following location
          http://www.ping.de/~flori

2.   Installing JSON

                 tar xvf  json-1.5.3.tgz
                 cd json-1.5.3
                 ruby install.rb


Installing Hiera

1.   Download Hiera from the following location              
            https://downloads.puppetlabs.com/

2.   Installing Hiera

                tar zxvf hiera-3.0.6.tar.gz
                cd hiera-3.0.6
                ruby install.rb

Installing facter

1. Download facter from the following location   
         https://downloads.puppetlabs.com/

2. Install facter

             tar zxvf facter-2.4.6.tar.gz
             cd facter-2.4.6
             ruby install.rb

With this we are done installing the dependencies. We will now proceed with Puppet installation

Installing Puppet:

    Puppet Master : Both Puppet and Puppetserver package
    Puppet Agent  : Only Puppet package 

1. Download Puppet and Puppet Server from the following location 
          https://downloads.puppetlabs.com/

2. Installing Puppet

          tar zxvf puppet-3.8.5.tar.gz
          cd puppet-3.8.5/
          ruby install.rb

3. Installing Puppetserver (Only on Puppet Master)

        tar zxvf puppetserver-2.2.1.tar.gz
        cd puppetserver-2.2.1
        make
        make install
       ./install



Post Installation Configuration

1. Create puppet user/group using the below puppet command
      
        # puppet resource user puppet ensure=present gid=puppet shell='/sbin/nologin'
             Notice: /User[puppet]/ensure: created
             user { 'puppet':
                       ensure = 'present',
                        gid   = '502',
                        shell = '/sbin/nologin',
                  }
          


        # puppet resource group puppet ensure=present
            Notice: /Group[puppet]/ensure: created
            group { 'puppet':
                           ensure = 'present',
                      }


 2. Verifying how 'puppet' user/group is created

           # id puppet
             uid=502(puppet) gid=502(puppet) groups=502(puppet)
           # grep puppet /etc/passwd
                 puppet:x:502:502::/home/puppet:/sbin/nologin
           # grep puppet /etc/group
                 puppet:x:502:

  3. Create  the following directories

              # mkdir /var/log/puppet/
              # mkdir /etc/puppetlabs/manifests
              # mkdir /var/lib/puppet/run

  4. Populate /etc/puppet/puppet.conf with the following contents

             [main]
             logdir=/var/log/puppet
             vardir=/var/lib/puppet
             ssldir=/var/lib/puppet/ssl
             rundir=/var/lib/puppet/run
             dns_alt_names = master.example.com,node2.example.com

  5.  Remove the old certificates from Puppet
  
             #rm -rf /var/lib/puppet/ssl/*

  6. Start the Puppet Master as follows:
       
        #sudo puppet master --verbose --no-daemonize
       
         Info: Creating a new SSL key for ca
           Info: Creating a new SSL certificate request for ca
           Info: Certificate Request fingerprint (SHA256):      
           6E:BF:0A:4F:DE:0A:DF:9A:E8:12:DB:D0:9C:EB:9E:A8:8C:00:1E::B1:D4:C6:39:E7:59:A8:76:2C
           Notice: Signed certificate request for ca
           Info: Creating a new certificate revocation list
           Info: Creating a new SSL key for master.example.com
           Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
           Info: Creating a new SSL certificate request for master.example.com
           Info: Certificate Request fingerprint (SHA256):                
           DF:00:A3:2C:66:C5:F9:53:9D:39:9C:E9:A7:FE:C0:6A::20:66:62:CE:31:0B:3D:AD:88:8A:0F:C5
           Notice: master.example.com has a waiting certificate request
           Notice: Signed certificate request for master.example.com
           Notice: Removing file Puppet::SSL::CertificateRequest 
           master.example.com at '/var/lib/puppet/ssl/ca 
           /requests/master.example.com.pem'
           Notice: Removing file Puppet::SSL::CertificateRequest     
           master.example.com at '/var/lib/puppet  
           /ssl/certificate_requests/master.example.com.pem'
           Notice: Starting Puppet master version 3.8.5
          ^CNotice: Caught INT; exiting    
           
     # puppet cert list -all
     + "master.example.com" (SHA256)      
        64:A8:29:C0:95:BE:99:C4:C1:90:84:22:82:2D:02:FF:E4:37:BB:C4:41:80:96:26:11:AE:2F:96:5C (alt    names: "DNS:master.example.com", "DNS:node2", "DNS:node2.example.com", "DNS:node3",   
        "DNS:node3.example.com")

                     On the Agent Node

   1.Start the agent as follows: 

        # puppet agent --verbose --no-daemonize --onetime
            Info: Creating a new SSL key for node2.example.com
               Info: Caching certificate for ca
               Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
               Info: Creating a new SSL certificate request for node2.example.com
               Info: Certificate Request fingerprint (SHA256):                   
                  AA:71:26:21:DC:FA:3A:86:3C:8E:CA:F3:99:6D:9A:E1:7D:BF:F5:07:2E:68:D6:63:8F
               Info: Caching certificate for ca
               Exiting; no certificate found and waitforcert is disabled

                      On the Master Node  

# puppet cert list -all "node2.example.com" (SHA256) E9:60:76:6B:8A:C5:11:BD:67:EF:CA:46:68:C0:62:33:FE:96:89:CC:68:DE:62:18:96:6C:BF:09:F6:FA:DD:20
+ "master.example.com" (SHA256) 64:A8:29:C0:95:BE:99:C4:C1:90:84:22:82:DE:CC:D5:2D:02:FF:E4:37:BB:C4:41:80:96:26:11:AE:2F:96:5C (alt names: "DNS:master.example.com", "DNS:node2", "DNS:node2.example.com", "DNS:node3", "DNS:node3.example.com")


Now sign the certificate on the Master Node using the below command.


# puppet cert list -all
  "node2.example.com"  (SHA256) AA:71:26:21:1E:7C:72:BA:12:27:5C:DC:FA:3A:86:3C:8E:CA:F3:99:6D:9A:E1:7D:BF:F5:07:2E:68:D6:63:8F
+ "master.example.com" (SHA256) 1B:DC:0E:BF:5B:B7:D9:1A:34:11:B7:9C:87:31:8B:0F:ED:5D:FB:90:CF:1C:7F:85:36:00:41:6A:BE:BD:10:C9 (alt names: "DNS:master.example.com")

# puppet cert sign "node2.example.com"
Notice: Signed certificate request for node2.example.com
Notice: Removing file Puppet::SSL::CertificateRequest node2.example.com at '/var/lib/puppet/ssl/ca/requests/node2.example.com.pem'

# puppet cert list -all
+ "master.example.com" (SHA256) 1B:DC:0E:BF:5B:B7:D9:1A:34:11:B7:9C:87:31:8B:0F:ED:5D:FB:90:CF:1C:7F:85:36:00:41:6A:BE:BD:10:C9 (alt names: "DNS:master.example.com")
+ "node2.example.com"  (SHA256) 22:D8:A6:E8:FA:91:85:EE:D4:11:6E:A2:DA:A9:9B:2A:28:C8:0B:21:36:54:C2:B1:0F:09:8F:C5:E7:94:BB:84





Comments

Popular Posts