puppet

Server installation: CentOS 6
Client installation: CentOS 6, CentOS 5

1. need kickstart to do basic install up to puppet-server
2. copy in modules and manifests
3. copy puppet.conf
4. copy slapd.conf
5. install cmdb
   1. copy puppet.schema
   2. copy cmdb.schema
6. reboot
7. add servers.txt, build cmdb ldifs
8. start ldap
9. install cmdb ldifs
10. run puppet apply /etc/puppet/manifests/puppet-server.pp
    • based on /usr/share/puppet/ext/rack/
11. setup firewall
12. start httpd

1. yum install openldap-clients openldap-servers ruby-ldap python-ldap
2. install the puppet schema, also in /usr/share/puppet/ext/ldap/
3. http://projects.puppetlabs.com/projects/puppet/wiki/LDAP_Nodes
4. install the cmdbit.schema
5. for rhel6/centos: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Migration_Planning_Guide/ch07s03.html
   • update the config for ccit
6. start slapd
7. update cmdbit for ccit
8. install cmdbit (rm -f installed/* to-inst/*; ./build.sh; ./build-ldif.sh initdb; ./build-ldif.sh generate; ./build-ldif.sh install;)
9. enable slapd (chkconfig slapd on)

[root@jet network-scripts]# passenger-config --root
/usr/lib/ruby/gems/1.8/gems/passenger-3.0.11

install docs

1. install epel repo
   1. rpm –import RPM-GPG-KEY-EPEL
   2. yum localinstall epel-release-5-4.noarch.rpm
2. setup epel.repo includepkgs (see xtc2)
   • so far:

     includepkgs=puppet* facter augeas augeas-libs ruby-augeas ruby-ldap ruby-shadow rubygems rubygem-rake

3. yum install puppet-server
4. setup manifests and modules and puppet.conf
   • edit for ccit
5. start puppetmaster to generate initial certificates
6. stop puppetmaster

Use this if you want to use stored configs/exported resources

http://projects.puppetlabs.com/projects/1/wiki/Using_Stored_Configuration

1. yum install mysql mysql-devel mysql-server
2. gem install mysql – –with-mysql-config=/usr/bin/mysql_config
3. gem install activerecord -v '3.0.10'
   • bug: http://projects.puppetlabs.com/issues/9290
4. start mysql, do safe config whatnot (from gitorious doc), and then

   # mysql -u root -p
   mysql> create database puppet;
   mysql> grant all privileges on puppet.* to puppet@localhost identified by 'password';

5. add puppet config info:

   [puppetmasterd]
   storeconfigs = true
   dbadapter = mysql
   dbuser = puppet
   dbpassword = password
   dbserver = localhost
   dbsocket = /var/lib/mysql/mysql.sock

6. To optimize some often run Puppet queries on your MySQL database, use the following index:

   create index exported_restype_title on resources (exported, restype, title(50));

requires mysql above

Look into this to setup passenger: http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html

http://www.craigdunn.org/2010/08/part-3-installing-puppet-dashboard-on-centos-puppet-2-6-1/

1. create database:

   # mysql -u root -p
   mysql> create database puppet_dash_prod;
   mysql> grant all privileges on puppet_dash_prod.* to puppet@localhost identified by 'password';

   (leave off identified by if you already have a puppet user)

2. edit, configure production database: /usr/share/puppet-dashboard/config/database.yml
3. setup database:

   cd /usr/share/puppet-dashboard; rake RAILS_ENV=production db:migrate

4. update puppet.conf
5. ln -s /usr/share/puppet-dashboard/ext/puppet/puppet_dashboard.rb /usr/lib/ruby/site_ruby/1.8/puppet/reports/puppet_dashboard.rb
6. start dashboard:
   1. start puppet-dashboard
   2. start puppet-dashboard-workers
   3. stop puppet-dashboard-workers
   4. fix perms:

      chown puppet-dashboard:puppet-dashboard /usr/share/puppet-dashboard/log/production.log

   5. start puppet-dashboard-workers

Run puppetmaster out of passenger/rack served up from Apache for scalability (default puppetmasterd and mongrel setup doesn't scale)

https://github.com/puppetlabs/puppet/tree/master/ext/rack

1. make sure you can ping the internet
2. setup passenger/rack (new)
   • run:

     puppet apply /etc/puppet/manifests/puppet-server.pp

   • uncomment PUPPETMASTER_PORTS=( 18140 18141 18142 18143 ) in /etc/sysconfig/puppetmaster you don't run puppetmaster outside of apache with this setup
   • update puppet.conf for [master] section (should be part of rack manifest) - this seems to be done? or it's in my puppet.conf
   • fix /etc/httpd/conf.d/puppetmaster.conf for /usr/lib /usr/lib64 - this was wrong
3. tweak apache (Suggested Tweaks): http://projects.puppetlabs.com/projects/puppet/wiki/Using_Passenger
4. http://docs.puppetlabs.com/guides/passenger.html
   • see suggested tweaks section
5. setup firewall (not done, just stopped iptables)
6. start httpd
   • fix ssl certs (should be an erb template)

1. http://docs.puppetlabs.com/guides/passenger.html
2. yum install httpd httpd-devel ruby-devel mod_ssl
3. yum install gcc-c++ curl-devel openssl-devel zlib-devel
4. yum install rubygems rubygem-rake (from epel)
5. gem install rack
   1. there's a problem in the rack gemspec file, the 1.2.0.pre2 lines need .pre2 removed - only a problem on centos5, not centos6
6. gem install passenger
7. passenger-install-apache2-module

1. Puppet-dashboard on Centos

http://projects.puppetlabs.com/projects/1/wiki/Module_Iptables_Patterns

http://docs.puppetlabs.com/references/latest/type.html

http://projects.puppetlabs.com/projects/1/wiki/Puppet_Augeas

http://people.redhat.com/dlutter/puppet-app.html http://docs.puppetlabs.com/ http://ifireball.wordpress.com/docs/howto-install-puppet-on-centos-50/

1. quick manifest tutorial
2. configuration docs
3. http://projects.puppetlabs.com/projects/1/wiki/Puppet_Augeas
4. scaling puppet

 LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-3.0.11/ext/apache2/mod_passenger.so
 PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.11
 PassengerRuby /usr/bin/ruby

 <VirtualHost *:80>
    ServerName www.yourhost.com
    DocumentRoot /somewhere/public    # <-- be sure to point to 'public'!
    <Directory /somewhere/public>
       AllowOverride all              # <-- relax Apache security settings
       Options -MultiViews            # <-- MultiViews must be turned off
    </Directory>
 </VirtualHost>

puppet-server

augeas-libs ruby-augeas ruby-shadow

rubygem-activesupport rubygem-fastthread gem install activerecord -v '3.0.10' gem install activerecord -v '3.0.10'

http://projects.puppetlabs.com/issues/9290

1. yum install -y puppet ruby-ldap augeas
2. add puppet.conf settings (for ldap and server):

       server = xtc2.thoughtbit.com
       node_terminus = ldap
       ldapnodes = true
       ldapserver = xtc2.thoughtbit.com
       ldapbase = ou=systems,dc=thoughtbit,dc=com

3. run:

   puppet agent --server xtc2.thoughtbit.com --waitforcert 60 --test

   • or better:

     puppet agent --test

4. need to run, on puppetmaster:

   puppet cert --list
   puppet cert --sign hostname.domain

• Download gems from: http://gems.rubyforge.org/gems/%{gemname}-%{version}.gem
• Use gem2rpm

1. passenger 3.0.11
   1. deps are:
      • rack
      • fastthread
      • rake-0.8.7
      • daemon_controller
2. activerecord currently needs to be version 3.0.10 (see bug: http://projects.puppetlabs.com/issues/9290)
   1. deps are:
      • activemodel 3.0.10
        • activesupport 3.0.10
        • builder 2.1.2
        • i18n 0.5.0
      • arel 2.0.10
      • tzinfo 0.3.32 (tzinfo < 0.4)

• use augeas for editing files. Use augtool for testing:

  # augtool print /files/etc/ssh/sshd_config

• if augeas doesn't give any output, try some debugging:

  # augtool
  augtool> print /files/etc/php.d/apc.ini
  augtool> print /augeas//error

1. puppet 2.7.x: using ENC, puppet thinks Facter variables are dynamic lookups