Installing and Configuring Puppet from Source
Installing and Configuring Puppet from Source
Dependencies:
Puppet has the following dependencies:
1. Ruby
2. Facter
3. Hiera
4. JSON library
Installing Ruby
Ruby comes bundled with RedHat systems , so we can install it using YUM.We will see how to install rest of the dependencies from Source Code. To install rest of the dependencies , we will need ruby first. Assuming we successfully installed ruby related packages using YUM.
$yum install ruby
Installing JSON libabry
1. Download JSON from the following location
http://www.ping.de/~flori
2. Installing JSON
tar xvf json-1.5.3.tgz
cd json-1.5.3
ruby install.rb
Installing Hiera
1. Download Hiera from the following location
https://downloads.puppetlabs.com/
2. Installing Hiera
tar zxvf hiera-3.0.6.tar.gz
cd hiera-3.0.6
ruby install.rb
Installing facter
1. Download facter from the following location
https://downloads.puppetlabs.com/
2. Install facter
tar zxvf facter-2.4.6.tar.gz
cd facter-2.4.6
ruby install.rb
With this we are done installing the dependencies. We will now proceed with Puppet installation
Installing Puppet:
Puppet Master : Both Puppet and Puppetserver package
Puppet Agent : Only Puppet package
1. Download Puppet and Puppet Server from the following location
https://downloads.puppetlabs.com/
2. Installing Puppet
tar zxvf puppet-3.8.5.tar.gz
cd puppet-3.8.5/
ruby install.rb
3. Installing Puppetserver (Only on Puppet Master)
tar zxvf puppetserver-2.2.1.tar.gz
cd puppetserver-2.2.1
make
make install
./install
Post Installation Configuration
1. Create puppet user/group using the below puppet command
# puppet resource user puppet ensure=present gid=puppet shell='/sbin/nologin'
Notice: /User[puppet]/ensure: created
user { 'puppet':
ensure = 'present',
gid = '502',
shell = '/sbin/nologin',
}
# puppet resource group puppet ensure=present
Notice: /Group[puppet]/ensure: created
group { 'puppet':
ensure = 'present',
}
2. Verifying how 'puppet' user/group is created
# id puppet
uid=502(puppet) gid=502(puppet) groups=502(puppet)
# grep puppet /etc/passwd
puppet:x:502:502::/home/puppet:/sbin/nologin
# grep puppet /etc/group
puppet:x:502:
3. Create the following directories
# mkdir /var/log/puppet/
# mkdir /etc/puppetlabs/manifests
# mkdir /var/lib/puppet/run
4. Populate /etc/puppet/puppet.conf with the following contents
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/lib/puppet/run
dns_alt_names = master.example.com,node2.example.com
5. Remove the old certificates from Puppet
#rm -rf /var/lib/puppet/ssl/*
6. Start the Puppet Master as follows:
#sudo puppet master --verbose --no-daemonize
Info: Creating a new SSL key for ca
Info: Creating a new SSL certificate request for ca
Info: Certificate Request fingerprint (SHA256):
6E:BF:0A:4F:DE:0A:DF:9A:E8:12:DB:D0:9C:EB:9E:A8:8C:00:1E::B1:D4:C6:39:E7:59:A8:76:2C
Notice: Signed certificate request for ca
Info: Creating a new certificate revocation list
Info: Creating a new SSL key for master.example.com
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for master.example.com
Info: Certificate Request fingerprint (SHA256):
DF:00:A3:2C:66:C5:F9:53:9D:39:9C:E9:A7:FE:C0:6A::20:66:62:CE:31:0B:3D:AD:88:8A:0F:C5
Notice: master.example.com has a waiting certificate request
Notice: Signed certificate request for master.example.com
Notice: Removing file Puppet::SSL::CertificateRequest
master.example.com at '/var/lib/puppet/ssl/ca
/requests/master.example.com.pem'
Notice: Removing file Puppet::SSL::CertificateRequest
master.example.com at '/var/lib/puppet
/ssl/certificate_requests/master.example.com.pem'
Notice: Starting Puppet master version 3.8.5
^CNotice: Caught INT; exiting
# puppet cert list -all
+ "master.example.com" (SHA256)
64:A8:29:C0:95:BE:99:C4:C1:90:84:22:82:2D:02:FF:E4:37:BB:C4:41:80:96:26:11:AE:2F:96:5C (alt names: "DNS:master.example.com", "DNS:node2", "DNS:node2.example.com", "DNS:node3",
"DNS:node3.example.com")
On the Agent Node
1.Start the agent as follows:
# puppet agent --verbose --no-daemonize --onetime
Info: Creating a new SSL key for node2.example.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for node2.example.com
Info: Certificate Request fingerprint (SHA256):
AA:71:26:21:DC:FA:3A:86:3C:8E:CA:F3:99:6D:9A:E1:7D:BF:F5:07:2E:68:D6:63:8F
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
On the Master Node
# puppet cert list -all "node2.example.com" (SHA256) E9:60:76:6B:8A:C5:11:BD:67:EF:CA:46:68:C0:62:33:FE:96:89:CC:68:DE:62:18:96:6C:BF:09:F6:FA:DD:20
+ "master.example.com" (SHA256) 64:A8:29:C0:95:BE:99:C4:C1:90:84:22:82:DE:CC:D5:2D:02:FF:E4:37:BB:C4:41:80:96:26:11:AE:2F:96:5C (alt names: "DNS:master.example.com", "DNS:node2", "DNS:node2.example.com", "DNS:node3", "DNS:node3.example.com")
Now sign the certificate on the Master Node using the below command.
# puppet cert list -all
"node2.example.com" (SHA256) AA:71:26:21:1E:7C:72:BA:12:27:5C:DC:FA:3A:86:3C:8E:CA:F3:99:6D:9A:E1:7D:BF:F5:07:2E:68:D6:63:8F
+ "master.example.com" (SHA256) 1B:DC:0E:BF:5B:B7:D9:1A:34:11:B7:9C:87:31:8B:0F:ED:5D:FB:90:CF:1C:7F:85:36:00:41:6A:BE:BD:10:C9 (alt names: "DNS:master.example.com")
# puppet cert sign "node2.example.com"
Notice: Signed certificate request for node2.example.com
Notice: Removing file Puppet::SSL::CertificateRequest node2.example.com at '/var/lib/puppet/ssl/ca/requests/node2.example.com.pem'
# puppet cert list -all
+ "master.example.com" (SHA256) 1B:DC:0E:BF:5B:B7:D9:1A:34:11:B7:9C:87:31:8B:0F:ED:5D:FB:90:CF:1C:7F:85:36:00:41:6A:BE:BD:10:C9 (alt names: "DNS:master.example.com")
+ "node2.example.com" (SHA256) 22:D8:A6:E8:FA:91:85:EE:D4:11:6E:A2:DA:A9:9B:2A:28:C8:0B:21:36:54:C2:B1:0F:09:8F:C5:E7:94:BB:84
Comments