====== puppet ======
Server installation: CentOS 6\\
Client installation: CentOS 6, CentOS 5
===== Server Installation =====
- need kickstart to do basic install up to puppet-server
- copy in modules and manifests
- copy puppet.conf
- copy slapd.conf
- install cmdb
- copy puppet.schema
- copy cmdb.schema
- reboot
- add servers.txt, build cmdb ldifs
- start ldap
- install cmdb ldifs
- run puppet apply /etc/puppet/manifests/puppet-server.pp
* based on /usr/share/puppet/ext/rack/
- setup firewall
- start httpd
==== ldap ====
- yum install openldap-clients openldap-servers ruby-ldap python-ldap
- install the [[https://github.com/puppetlabs/puppet/blob/master/ext/ldap/puppet.schema|puppet schema]], also in /usr/share/puppet/ext/ldap/
- [[http://projects.puppetlabs.com/projects/puppet/wiki/LDAP_Nodes]]
- install the cmdbit.schema
- for rhel6/centos: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Migration_Planning_Guide/ch07s03.html
* update the config for ccit
- start slapd
- update cmdbit for ccit
- install cmdbit (rm -f installed/* to-inst/*; ./build.sh; ./build-ldif.sh initdb; ./build-ldif.sh generate; ./build-ldif.sh install;)
- enable slapd (chkconfig slapd on)
==== puppet-server ====
[root@jet network-scripts]# passenger-config --root
/usr/lib/ruby/gems/1.8/gems/passenger-3.0.11
[[http://docs.puppetlabs.com/guides/installation.html|install docs]]
- install epel repo
- rpm --import RPM-GPG-KEY-EPEL
- yum localinstall epel-release-5-4.noarch.rpm
- setup epel.repo includepkgs (see xtc2)
* so far:
includepkgs=puppet* facter augeas augeas-libs ruby-augeas ruby-ldap ruby-shadow rubygems rubygem-rake
- yum install puppet-server
- setup manifests and modules and puppet.conf
* edit for ccit
- start puppetmaster to generate initial certificates
- stop puppetmaster
=== stored-configs/mysql (optional) ===
Use this if you want to use stored configs/exported resources
http://projects.puppetlabs.com/projects/1/wiki/Using_Stored_Configuration
- yum install mysql mysql-devel mysql-server
- gem install mysql -- --with-mysql-config=/usr/bin/mysql_config
- gem install activerecord -v '3.0.10'
* bug: http://projects.puppetlabs.com/issues/9290
- start mysql, do safe config whatnot (from gitorious doc), and then # mysql -u root -p
mysql> create database puppet;
mysql> grant all privileges on puppet.* to puppet@localhost identified by 'password';
- add puppet config info: [puppetmasterd]
storeconfigs = true
dbadapter = mysql
dbuser = puppet
dbpassword = password
dbserver = localhost
dbsocket = /var/lib/mysql/mysql.sock
- To optimize some often run Puppet queries on your MySQL database, use the following index: create index exported_restype_title on resources (exported, restype, title(50));
=== puppet-dashboard (optional) ===
requires mysql above
Look into this to setup passenger: http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html
http://www.craigdunn.org/2010/08/part-3-installing-puppet-dashboard-on-centos-puppet-2-6-1/
- create database: # mysql -u root -p
mysql> create database puppet_dash_prod;
mysql> grant all privileges on puppet_dash_prod.* to puppet@localhost identified by 'password'; (leave off identified by if you already have a puppet user)
- edit, configure production database: ''/usr/share/puppet-dashboard/config/database.yml''
- setup database: cd /usr/share/puppet-dashboard; rake RAILS_ENV=production db:migrate
- update puppet.conf
- ln -s /usr/share/puppet-dashboard/ext/puppet/puppet_dashboard.rb /usr/lib/ruby/site_ruby/1.8/puppet/reports/puppet_dashboard.rb
- start dashboard:
- start puppet-dashboard
- start puppet-dashboard-workers
- stop puppet-dashboard-workers
- fix perms: chown puppet-dashboard:puppet-dashboard /usr/share/puppet-dashboard/log/production.log
- start puppet-dashboard-workers
=== rack ===
Run puppetmaster out of passenger/rack served up from Apache for scalability (default puppetmasterd and mongrel setup doesn't scale)
https://github.com/puppetlabs/puppet/tree/master/ext/rack
- make sure you can ping the internet
- setup passenger/rack (new)
* run: puppet apply /etc/puppet/manifests/puppet-server.pp
* uncomment ''PUPPETMASTER_PORTS=( 18140 18141 18142 18143 )'' in ''/etc/sysconfig/puppetmaster'' you don't run puppetmaster outside of apache with this setup
* update puppet.conf for [master] section (should be part of rack manifest) - this seems to be done? or it's in my puppet.conf
* fix /etc/httpd/conf.d/puppetmaster.conf for /usr/lib /usr/lib64 - this was wrong
- tweak apache (Suggested Tweaks): http://projects.puppetlabs.com/projects/puppet/wiki/Using_Passenger
- http://docs.puppetlabs.com/guides/passenger.html
* see suggested tweaks section
- setup firewall (not done, just stopped iptables)
- start httpd
* fix ssl certs (should be an erb template)
=== rack (old) ===
- http://docs.puppetlabs.com/guides/passenger.html
- yum install httpd httpd-devel ruby-devel mod_ssl
- yum install gcc-c++ curl-devel openssl-devel zlib-devel
- yum install rubygems rubygem-rake (from epel)
- gem install rack
- there's a problem in the rack gemspec file, the 1.2.0.pre2 lines need .pre2 removed - only a problem on centos5, not centos6
- gem install passenger
- passenger-install-apache2-module
===== notes =====
- [[http://www.craigdunn.org/2010/08/part-3-installing-puppet-dashboard-on-centos-puppet-2-6-1/|Puppet-dashboard on Centos]]
http://projects.puppetlabs.com/projects/1/wiki/Module_Iptables_Patterns
http://docs.puppetlabs.com/references/latest/type.html
http://projects.puppetlabs.com/projects/1/wiki/Puppet_Augeas
http://people.redhat.com/dlutter/puppet-app.html
http://docs.puppetlabs.com/
http://ifireball.wordpress.com/docs/howto-install-puppet-on-centos-50/
- [[http://docs.puppetlabs.com/learning/manifests.html|quick manifest tutorial]]
- [[http://docs.puppetlabs.com/guides/configuring.html|configuration docs]]
- http://projects.puppetlabs.com/projects/1/wiki/Puppet_Augeas
- [[http://groups.google.com/group/puppet-users/browse_thread/thread/cce4f07c5e31d246?tvc=2|scaling puppet]]
LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-3.0.11/ext/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.11
PassengerRuby /usr/bin/ruby
ServerName www.yourhost.com
DocumentRoot /somewhere/public # <-- be sure to point to 'public'!
AllowOverride all # <-- relax Apache security settings
Options -MultiViews # <-- MultiViews must be turned off
puppet-server
augeas-libs
ruby-augeas
ruby-shadow
rubygem-activesupport
rubygem-fastthread
gem install activerecord -v '3.0.10'
gem install activerecord -v '3.0.10'
http://projects.puppetlabs.com/issues/9290
===== Client Installation =====
- yum install -y puppet ruby-ldap augeas
- add puppet.conf settings (for ldap and server):
server = xtc2.thoughtbit.com
node_terminus = ldap
ldapnodes = true
ldapserver = xtc2.thoughtbit.com
ldapbase = ou=systems,dc=thoughtbit,dc=com
- run: puppet agent --server xtc2.thoughtbit.com --waitforcert 60 --test
* or better: puppet agent --test
- need to run, on puppetmaster: puppet cert --list
puppet cert --sign hostname.domain
===== Ruby gem info =====
* Download gems from: http://gems.rubyforge.org/gems/%{gemname}-%{version}.gem
* Use gem2rpm
- passenger 3.0.11
- deps are:
* rack
* fastthread
* rake-0.8.7
* daemon_controller
- activerecord currently needs to be version ''3.0.10'' (see bug: [[http://projects.puppetlabs.com/issues/9290]])
- deps are:
* activemodel 3.0.10
* activesupport 3.0.10
* builder 2.1.2
* i18n 0.5.0
* arel 2.0.10
* tzinfo 0.3.32 (tzinfo < 0.4)
===== Tips =====
* use augeas for editing files. Use ''augtool'' for testing: # augtool print /files/etc/ssh/sshd_config
* if augeas doesn't give any output, try some debugging:# augtool
augtool> print /files/etc/php.d/apc.ini
augtool> print /augeas//error
===== Bugs =====
- puppet 2.7.x: [[http://projects.puppetlabs.com/issues/8174|using ENC, puppet thinks Facter variables are dynamic lookups]]
==
==
\\ \\
{{tag>:linux:server :linux}}