cluePrints/puppet_client_install_centos.sh

## puppet_client_install_centos.sh
EXPORT CLIENT_FQDN="my.client.com"
EXPORT SERVER_FQDN="my.server.com"
EXPORT CLIENT_IP=". . ."
EXPORT SERVER_IP=". . ."


cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=$CLIENT_FQDN
EOF

service iptables save
service iptables stop
chkconfig iptables off


cat > /etc/selinux/config << EOF
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted
EOF

cat > /etc/yum.repos.d/puppet.repo << EOF
[puppetlabs]
name=Puppet Labs Packages
baseurl=http://yum.puppetlabs.com/el/\$releasever/products/\$basearch/
enabled=1
gpgcheck=1
gpgkey=http://yum.puppetlabs.com/RPM-GPG-KEY-puppetlabs
EOF

rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm

yum install puppet -y

cat > /etc/puppet/puppet.conf << EOF
[main]
    # The Puppet log directory.
    # The default value is '$vardir/log'.
    logdir = /var/log/puppet

    # Where Puppet PID files are kept.
    # The default value is '$vardir/run'.
    rundir = /var/run/puppet

    # Where SSL certificates are kept.
    # The default value is '$confdir/ssl'.
    ssldir = \$vardir/ssl

[agent]
    server = $SERVER_FQDN
    listen = true
    # The file in which puppetd stores a list of the classes
    # associated with the retrieved configuratiion.  Can be loaded in
    # the separate ``puppet`` executable using the ``--loadclasses``
    # option.
    # The default value is '$confdir/classes.txt'.
    classfile = \$vardir/classes.txt

    # Where puppetd caches the local configuration.  An
    # extension indicating the cache format is added automatically.
    # The default value is '$confdir/localconfig'.
    localconfig = \$vardir/localconfig
EOF

cat > /etc/hosts << EOF
127.0.0.1       localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6
$CLIENT_IP  $CLIENT_FQDN
$SERVER_IP  $SERVER_FQDN
EOF

chmod u+x /etc/rc.local
echo "service puppet start" >> /etc/rc.local

reboot

###################################################
# Manual part
####################################################

# On client:
puppetd --test --waitforcert

# On master:
puppetca --sign :all
	EXPORT CLIENT_FQDN="my.client.com"
	EXPORT SERVER_FQDN="my.server.com"
	EXPORT CLIENT_IP=". . ."
	EXPORT SERVER_IP=". . ."


	cat > /etc/sysconfig/network << EOF
	NETWORKING=yes
	NETWORKING_IPV6=no
	HOSTNAME=$CLIENT_FQDN
	EOF

	service iptables save
	service iptables stop
	chkconfig iptables off



	cat > /etc/selinux/config << EOF
	# This file controls the state of SELinux on the system.
	# SELINUX= can take one of these three values:
	# enforcing - SELinux security policy is enforced.
	# permissive - SELinux prints warnings instead of enforcing.
	# disabled - SELinux is fully disabled.
	SELINUX=disabled
	# SELINUXTYPE= type of policy in use. Possible values are:
	# targeted - Only targeted network daemons are protected.
	# strict - Full SELinux protection.
	SELINUXTYPE=targeted
	EOF

	cat > /etc/yum.repos.d/puppet.repo << EOF
	[puppetlabs]
	name=Puppet Labs Packages
	baseurl=http://yum.puppetlabs.com/el/\$releasever/products/\$basearch/
	enabled=1
	gpgcheck=1
	gpgkey=http://yum.puppetlabs.com/RPM-GPG-KEY-puppetlabs
	EOF

	rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm

	yum install puppet -y

	cat > /etc/puppet/puppet.conf << EOF
	[main]
	# The Puppet log directory.
	# The default value is '$vardir/log'.
	logdir = /var/log/puppet

	# Where Puppet PID files are kept.
	# The default value is '$vardir/run'.
	rundir = /var/run/puppet

	# Where SSL certificates are kept.
	# The default value is '$confdir/ssl'.
	ssldir = \$vardir/ssl

	[agent]
	server = $SERVER_FQDN
	listen = true
	# The file in which puppetd stores a list of the classes
	# associated with the retrieved configuratiion. Can be loaded in
	# the separate ``puppet`` executable using the ``--loadclasses``
	# option.
	# The default value is '$confdir/classes.txt'.
	classfile = \$vardir/classes.txt

	# Where puppetd caches the local configuration. An
	# extension indicating the cache format is added automatically.
	# The default value is '$confdir/localconfig'.
	localconfig = \$vardir/localconfig
	EOF

	cat > /etc/hosts << EOF
	127.0.0.1 localhost.localdomain localhost
	::1 localhost6.localdomain6 localhost6
	$CLIENT_IP $CLIENT_FQDN
	$SERVER_IP $SERVER_FQDN
	EOF

	chmod u+x /etc/rc.local
	echo "service puppet start" >> /etc/rc.local

	reboot

	###################################################
	# Manual part
	####################################################

	# On client:
	puppetd --test --waitforcert

	# On master:
	puppetca --sign :all