-
Notifications
You must be signed in to change notification settings - Fork 3
Puppet environment setup
Eraldo Junior edited this page Oct 3, 2018
·
7 revisions
# Open puppet port
iptables -I INPUT -p tcp -m tcp --dport 8140 -j ACCEPT
# Puppet labs repos
rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
# Install Puppet Master
yum -y install puppetserver
# Check version (must be on 2.8.1)
puppetserver --version
# Check puppet version (must be on >4.10.12)
# If not, just run: yum --disablerepo=cern update puppet
puppet --version
# Start service
sudo systemctl start puppetserver
# Check for error messages. Use "journalctl -xe" for a more complete output
systemctl status puppetserver.serviceEdit puppet.conf and add puppet master configuration:
vim /etc/puppetlabs/puppet/puppet.conf[main]
certname = puppet-server.cern.br
server = puppet
environment = production
runinterval = 1h
strict_variables = true# Restart the service
sudo systemctl start puppetserver
# Enable puppetserver
systemctl enable puppetserver
# Check certificates (puppet-server must appear on the list)
puppet cert list --allRuby/gems enviroment Make sure that you have git installed
# Check ruby must be >2.3.7 and gem 2.7.7
ruby --version
gem --version
# If gem complains about the ruby version, you can get from:
yum install wget -y
wget https://github.com/feedforce/ruby-rpm/releases/download/2.3.7/ruby-2.3.7-1.el7.centos.x86_64.rpm
rpm -ivh ruby-2.3.7-1.el7.centos.x86_64.rpm
# Updating gems to the latest version
gem install rubygems-update
/opt/puppetlabs/puppet/bin/update_rubygems
# Install cri
gem install cri
# Now let install the r10k package.
# This will allow to map git branches to Puppet environments
gem install r10k
mkdir -p /etc/puppetlabs/r10k/
cd /etc/puppetlabs/r10k/Create a r10k.yaml file with this content and DON'T FORGET TO CHANGE THE remote part:
:cachedir: '/var/cache/r10k'
:sources:
:simple_grid_framework:
remote: 'https://github.com/gitname/simple_grid_puppet_env'
basedir: '/etc/puppetlabs/code/environments'
:postrun: ['git', '--git-dir=/etc/puppetlabs/code/environments/master/site/simple_grid/', 'pull', 'origin', 'master']
Now we are ready to deploy the r10k enviroment
r10k deploy environment -p
For the Puppet+R10k and "Role x profile" stuff check it out on https://puppet.com/docs/pe/2017.2/r_n_p_full_example.html
(Puppet 4.19.12)
# Open puppet port
iptables -I INPUT -p tcp -m tcp --dport 8140 -j ACCEPT
# Puppet labs repos
rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
# Install puppet client
yum -y install puppet-agent
# Check version (must be on 4.10.12)
puppet --version
# Add server info
sudo vim /etc/puppetlabs/puppet/puppet.conf
[main]
certname = puppetclient.cern.ch
server = puppet-master.cern.ch
environment = production
runinterval = 1h# Restart the service
sudo systemctl restart puppet
# Restart the service
sudo systemctl enable puppet
# Check if the server is set correctly
sudo puppet config print server puppet
Now lets to the Puppet Master machine:
# List certificates (your client must appear on the list)
sudo puppet cert list --all
# Sign your client certificate
puppet cert sign puppetclient.cern.chOn the Client machine:
puppet agent -tYou should receive this output:
Info: Caching certificate for puppetclient.cern.ch
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for puppetclient.cern.ch
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppetclient.cern.ch
Info: Applying configuration version '1537779510'- On the master: puppet cert clean <agent_certname>
- On the agent: mv /etc/puppetlabs/puppet/ssl/ /etc/puppetlabs/puppet/ssl_bak
- Never do this if you are trying to regenerate the cert for the agent on the master. Instead you would need to delete specific certs
- On the agent: puppet agent -t
- On the master: puppet cert sign <agent_certname>