Server installation: CentOS 6
Client installation: CentOS 6, CentOS 5

Server Installation

  1. need kickstart to do basic install up to puppet-server
  2. copy in modules and manifests
  3. copy puppet.conf
  4. copy slapd.conf
  5. install cmdb
    1. copy puppet.schema
    2. copy cmdb.schema
  6. reboot
  7. add servers.txt, build cmdb ldifs
  8. start ldap
  9. install cmdb ldifs
  10. run puppet apply /etc/puppet/manifests/puppet-server.pp
    • based on /usr/share/puppet/ext/rack/
  11. setup firewall
  12. start httpd


  1. yum install openldap-clients openldap-servers ruby-ldap python-ldap
  2. install the puppet schema, also in /usr/share/puppet/ext/ldap/
  3. install the cmdbit.schema
    • update the config for ccit
  4. start slapd
  5. update cmdbit for ccit
  6. install cmdbit (rm -f installed/* to-inst/*; ./build.sh; ./build-ldif.sh initdb; ./build-ldif.sh generate; ./build-ldif.sh install;)
  7. enable slapd (chkconfig slapd on)


[root@jet network-scripts]# passenger-config --root

install docs

  1. install epel repo
    1. rpm –import RPM-GPG-KEY-EPEL
    2. yum localinstall epel-release-5-4.noarch.rpm
  2. setup epel.repo includepkgs (see xtc2)
    • so far:
      includepkgs=puppet* facter augeas augeas-libs ruby-augeas ruby-ldap ruby-shadow rubygems rubygem-rake
  3. yum install puppet-server
  4. setup manifests and modules and puppet.conf
    • edit for ccit
  5. start puppetmaster to generate initial certificates
  6. stop puppetmaster

stored-configs/mysql (optional)

Use this if you want to use stored configs/exported resources


  1. yum install mysql mysql-devel mysql-server
  2. gem install mysql – –with-mysql-config=/usr/bin/mysql_config
  3. gem install activerecord -v '3.0.10'
  4. start mysql, do safe config whatnot (from gitorious doc), and then
    # mysql -u root -p
    mysql> create database puppet;
    mysql> grant all privileges on puppet.* to puppet@localhost identified by 'password';
  5. add puppet config info:
    storeconfigs = true
    dbadapter = mysql
    dbuser = puppet
    dbpassword = password
    dbserver = localhost
    dbsocket = /var/lib/mysql/mysql.sock
  6. To optimize some often run Puppet queries on your MySQL database, use the following index:
    create index exported_restype_title on resources (exported, restype, title(50));

puppet-dashboard (optional)

requires mysql above

Look into this to setup passenger: http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html


  1. create database:
    # mysql -u root -p
    mysql> create database puppet_dash_prod;
    mysql> grant all privileges on puppet_dash_prod.* to puppet@localhost identified by 'password';

    (leave off identified by if you already have a puppet user)

  2. edit, configure production database: /usr/share/puppet-dashboard/config/database.yml
  3. setup database:
    cd /usr/share/puppet-dashboard; rake RAILS_ENV=production db:migrate
  4. update puppet.conf
  5. ln -s /usr/share/puppet-dashboard/ext/puppet/puppet_dashboard.rb /usr/lib/ruby/site_ruby/1.8/puppet/reports/puppet_dashboard.rb
  6. start dashboard:
    1. start puppet-dashboard
    2. start puppet-dashboard-workers
    3. stop puppet-dashboard-workers
    4. fix perms:
      chown puppet-dashboard:puppet-dashboard /usr/share/puppet-dashboard/log/production.log
    5. start puppet-dashboard-workers


Run puppetmaster out of passenger/rack served up from Apache for scalability (default puppetmasterd and mongrel setup doesn't scale)


  1. make sure you can ping the internet
  2. setup passenger/rack (new)
    • run:
      puppet apply /etc/puppet/manifests/puppet-server.pp
    • uncomment PUPPETMASTER_PORTS=( 18140 18141 18142 18143 ) in /etc/sysconfig/puppetmaster you don't run puppetmaster outside of apache with this setup
    • update puppet.conf for [master] section (should be part of rack manifest) - this seems to be done? or it's in my puppet.conf
    • fix /etc/httpd/conf.d/puppetmaster.conf for /usr/lib /usr/lib64 - this was wrong
    • see suggested tweaks section
  3. setup firewall (not done, just stopped iptables)
  4. start httpd
    • fix ssl certs (should be an erb template)

rack (old)

  1. yum install httpd httpd-devel ruby-devel mod_ssl
  2. yum install gcc-c++ curl-devel openssl-devel zlib-devel
  3. yum install rubygems rubygem-rake (from epel)
  4. gem install rack
    1. there's a problem in the rack gemspec file, the 1.2.0.pre2 lines need .pre2 removed - only a problem on centos5, not centos6
  5. gem install passenger
  6. passenger-install-apache2-module





http://people.redhat.com/dlutter/puppet-app.html http://docs.puppetlabs.com/ http://ifireball.wordpress.com/docs/howto-install-puppet-on-centos-50/

 LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-3.0.11/ext/apache2/mod_passenger.so
 PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.11
 PassengerRuby /usr/bin/ruby
 <VirtualHost *:80>
    ServerName www.yourhost.com
    DocumentRoot /somewhere/public    # <-- be sure to point to 'public'!
    <Directory /somewhere/public>
       AllowOverride all              # <-- relax Apache security settings
       Options -MultiViews            # <-- MultiViews must be turned off


augeas-libs ruby-augeas ruby-shadow

rubygem-activesupport rubygem-fastthread gem install activerecord -v '3.0.10' gem install activerecord -v '3.0.10'


Client Installation

  1. yum install -y puppet ruby-ldap augeas
  2. add puppet.conf settings (for ldap and server):
        server = xtc2.thoughtbit.com
        node_terminus = ldap
        ldapnodes = true
        ldapserver = xtc2.thoughtbit.com
        ldapbase = ou=systems,dc=thoughtbit,dc=com
  3. run:
    puppet agent --server xtc2.thoughtbit.com --waitforcert 60 --test
    • or better:
      puppet agent --test
  4. need to run, on puppetmaster:
    puppet cert --list
    puppet cert --sign hostname.domain

Ruby gem info

  1. passenger 3.0.11
    1. deps are:
      • rack
      • fastthread
      • rake-0.8.7
      • daemon_controller
  2. activerecord currently needs to be version 3.0.10 (see bug: http://projects.puppetlabs.com/issues/9290)
    1. deps are:
      • activemodel 3.0.10
        • activesupport 3.0.10
        • builder 2.1.2
        • i18n 0.5.0
      • arel 2.0.10
      • tzinfo 0.3.32 (tzinfo < 0.4)


  • use augeas for editing files. Use augtool for testing:
    # augtool print /files/etc/ssh/sshd_config
  • if augeas doesn't give any output, try some debugging:
    # augtool
    augtool> print /files/etc/php.d/apc.ini
    augtool> print /augeas//error


linux/server/puppet.txt · Last modified: 2012/03/12 01:36 by john
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki