Skip to main content
Home
badllama.com
  • Search
  • Log In

Using Puppet to Manage CentOS 5

bchavet's picture

Sun, 01/29/2012 - 16:20 by bchavet

Overview

This article describes how to use Puppet to manage a group of servers. This management can range from package management to configuration management as well as many other things. The goal of this document is to use only stable, trusted CentOS repositories and native RPM package management as much as possible.

The example scenario given here consists of a single puppet server, called the puppet master. This server, along with a single client, will be managed by puppet. This scenario can easily be expanded by adding more clients.

Server Role IP Address
util.example.prv Puppet Master 192.168.56.10
centos.example.prv Puppet Client -- This is the server being managed by puppet 192.168.56.21

Prerequisites

This sections applies to all servers participating in the puppet architecture, including the puppet master and all of the clients.

  1. Enable the EPEL yum repository
    rpm -ivh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
  2. The clients use the special DNS name "puppet" to find its puppet master. If the operating system is configured to automatically search its domain to DNS queries (example.prv in this example), this means it would be looking for puppet.example.prv. This can be overridden in the client configuration file, but the fewer items that need configuring makes for an easier deployment. If modifying DNS is an option, add a puppet entry to point to the puppet master server. If this is not an option, add an entry to /etc/hosts
    192.168.56.10 puppet puppet.example.prv

Puppet Master (Server)

Installation

  1. Install the puppet-server package along with any dependencies
    yum install puppet-server
  2. Start the puppetmaster daemon. This initializes everything in /var/lib/puppet including the ssl certitficates
    service puppetmaster start

Configuration

The puppetmaster daemon that comes packaged with puppet is sufficient for very small environments (5-10 servers), or for testing. But in order to scale at all, puppetmaster should be run as a Rack application.

  1. Enable the stealthymonkeys.com repository. This is where the ruby passenger module is maintained (it's even linked from the main ruby on rails website)
    rpm -Uvh http://passenger.stealthymonkeys.com/rhel/5/passenger-release.noarch.rpm
  2. Install apache, mod_ssl, some ruby gems, and a few other dependencies
    yum install httpd mod_ssl rubygem-rack rubygem-rake mod_passenger
  3. Copy the package-provided apache configuration (with a few modifications on the way) to /etc/httpd/conf.d/puppetmaster.conf
    cat /usr/share/puppet/ext/rack/files/apache2.conf | sed 's/\/etc\/puppet\//\/var\/lib\/puppet\//g' |\
        sed s/squigley.namespace.at/`hostname`/g > /etc/httpd/conf.d/puppetmaster.conf
  4. Add the following section to /etc/puppet/puppet.conf
    [master]
        ssl_client_header = SSL_CLIENT_S_DN
        ssl_client_verify_header = SSL_CLIENT_VERIFY
    
  5. Copy the package-provided Rack configuration to the puppet directory, and set the correct permissions
    mkdir -p /var/lib/puppet/rack/public
    cp /usr/share/puppet/ext/rack/files/config.ru /var/lib/puppet/rack/
    chown -R puppet: /var/lib/puppet/rack
    

SELinux

If SELinux is set to enforcing mode (which is the default), the following policy changes must be made.

  1. Allow apache to listen on port 8140
    semanage port -a -t http_port_t -p tcp 8140

There are some other policies that keep puppet from working in passenger, but I have yet to flush them out. For now, I have just put SELinux in permissive mode, and will revisit this at some other time.

Execution

  1. Stop and disable puppetmasterd
    service puppetmaster stop
    chkconfig puppetmaster off
  2. Enable and start httpd
    service httpd start
    chkconfig httpd on

Puppet Client

  1. Install the puppet package, along with any dependencies
    yum install puppet

Resources

  • http://docs.puppetlabs.com/guides/setting_up.html
  • http://docs.puppetlabs.com/guides/passenger.html
  • http://www.barriebremner.com/geek/passenger_puppet.cgi
  • http://projects.puppetlabs.com/projects/1/wiki/Using_Passenger
  • http://docs.puppetlabs.com/guides/setting_up.html
Powered by Backdrop CMS