-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtest
165 lines (97 loc) · 6.58 KB
/
test
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
This is to install Puppet 4.0.0 on RHEL. The instllation on RHEL 7.1 and RHEL 6.5 is identical in the follwoing recipe.
############### Puppet MASTER installation on lozlnx16.canlab.ibm.com (RHEL 7.1)
1. Install ruby and ruby gem
$ wget http://cache.ruby-lang.org/pub/ruby/2.2/ruby-2.2.2.tar.gz
$ tar -xvf ruby-2.2.2.tar.gz
$ cd ruby-2.2.2
$ ./configure
$ make
$ make install
If you do not have wget installed, perform $yum install wget
2. Edit the environment variable:
$ vi ˜/.bash_profile
append PATH=$PATH:/usr/local/bin, and save.
3. Install Puppet
$ gem install puppet
4. Locate the $condir by command
$ puppet master --configprint confdir
and the output gives the directory. If such directory does not exit, create one. For example, if the output is /etc/puppetlabs/puppet, then
$ mkdir -p /etc/puppetlabs/puppet
5. Create necessary directories and files in $condir
$ puppet master --genconfig > /etc/puppetlabs/puppet/puppet.conf
$ mkdir /etc/puppetlabs/puppet/modules
$ mkdir /etc/puppetlabs/puppet/manifests
$ cd /etc/puppetlabs/puppet
$ wget https://raw.githubusercontent.com/puppetlabs/puppet/master/conf/auth.conf
6. Create other necessary directories
$ mkdir -p /opt/puppetlabs/puppet
$ mkdir -p /var/log/puppetlabs
7. Comment the "configtimeout" setting in $condir/puppet.conf
$ vi /etc/puppetlabs/puppet/puppet.conf
in vi, type "/configtimeout", press "n" to locate the setting "configtimeout" and input a "#" in front of it to comment it.
8. Create a group and user for the master:
$ puppet resource group puppet ensure=present
$ puppet resource user puppet ensure=present gid=puppet shell='/sbin/nologin'
9. Modify the $condir/puppet.conf. Change the values of dns_alt/_names and server (both in the main or master section) as follows:
dns_alt_names = puppet,lozlnx16.canlab.ibm.com
server=lozlnx16.canlab.ibm.ca
make sure the value of server setting is the hostname of the master machine and it is DNS resolvable to the agent machine.
10. The Puppet master runs on TCP port 8140. This port needs to be open on your master’s firewall (and any intervening firewalls and network devices), and your client must be able to route and connect to the master. To do this, you need to have an appropriate firewall rule on your master, such as the following rule for the Netfilter firewall:
$ iptables -A INPUT -p tcp -m state --state NEW --dport 8140 -j ACCEPT
############### Puppet Agent installation on lozlnx20.canlab.ibm.com (RHEL 6.5)
1. Install ruby and ruby gem
$ wget http://cache.ruby-lang.org/pub/ruby/2.2/ruby-2.2.2.tar.gz
$ tar -xvf ruby-2.2.2.tar.gz
$ cd ruby-2.2.2
$ ./configure
$ make
$ make install
If you do not have wget installed, perform $yum install wget
2. Edit the environment variable:
$ vi ˜/.bash_profile
append PATH=$PATH:/usr/local/bin, and save.
3. Install Puppet
$ gem install puppet
4. Locate the $condir by command
$ puppet agent --configprint confdir
if such directory does not exit, create one. For example, if the output is /etc/puppetlabs/puppet, then
$ mkdir -p /etc/puppetlabs/puppet
5. Create necessary directories and files in $condir
$ puppet agent --genconfig > /etc/puppetlabs/puppet/puppet.conf
$ mkdir /etc/puppetlabs/puppet/modules
$ mkdir /etc/puppetlabs/puppet/manifests
$ cd /etc/puppetlabs/puppet
$ wget https://raw.githubusercontent.com/puppetlabs/puppet/master/conf/auth.conf
6. Create other necessary directories
$ mkdir -p /opt/puppetlabs/puppet
$ mkdir -p /var/log/puppetlabs
7. Comment the "configtimeout" setting in $condir/puppet.conf
$ vi /etc/puppetlabs/puppet/puppet.conf
in vi, type "/configtimeout", press "n" to locate the setting "configtimeout" and input a "#" in front of it to comment it.
8. Modify the $condir/puppet.conf. Change the values of dns_alt/_names and server (both in the main or master section) as follows:
dns_alt_names = puppet,lozlnx16.canlab.ibm.com
server=lozlnx16.canlab.ibm.ca
make sure the server is the hostname of the master machine and the agent hostname is DNS resolvable to the master machine.
9. Puppet runs on TCP port 8140.
$ iptables -A INPUT -p tcp -m state --state NEW --dport 8140 -j ACCEPT
############### Connecting the Master and Agent for the first time
1. On the master machine, run the master application:
$ puppet master --verbose --no-daemonize
The --verbose option outputs verbose logging and the --no-daemonize option keeps the daemon in the foreground and redirects output to standard out. You can also add the --debug option to produce more verbose debug output from the daemon.
On the agent application:
# puppet agent --test
You can see the output from our connection. The agent has created a certificate signing request and a private key to secure our connection. Puppet uses SSL certificates to authenticate connections between the master and the agent. The agent sends the certificate request to the master and waits for the master to sign and return the certificate. At this point, the agent has exited after sending in its Certificate Signing Request (CSR). The agent will need to be rerun to check in and run Puppet after the CSR has been signed by the CA. You can configure puppet agent not to exit, but instead stay alive and poll periodically for the CSR to be signed. This configuration is called waitforcert and is generally only useful if you are also auto-signing certificates on the master.
2. On the Master side. To complete the connection and authenticate our agent, we now need to sign the certificate the agent has sent to the master. We do this using puppet cert (or the puppetca binary) on the master:
# puppet cert list
The list option displays all the certificates waiting to be signed. We can then sign our certificate using the sign option:
# puppet cert sign lozlnx20.canlab.ibm.com
3. Restart both master and client, now they should connect.
4. If an error occurs, showing that
Info: Retrieving pluginfacts
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve information from environment production source(s) puppet:///pluginfacts
Info: Retrieving plugin
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could not retrieve information from environment production source(s) puppet://lozlnx16.canlab.ibm.com/plugins
This is because you don't have any plugins to syn yet, and the pluginsyn property is set to be true by default. So solutions are:
1). Disable the setting in the agent's config file: pluginsyn=false
or
2). Create at least one plugin.