Skip to content

Instantly share code, notes, and snippets.

@mrvisser

mrvisser/puppet.md

Last active December 14, 2015 15:59
Show Gist options
  • Save mrvisser/5111770 to your computer and use it in GitHub Desktop.
Save mrvisser/5111770 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
puppet.md

SmartOS

sudo sm-set-hostname <name>
sudo sm-reboot
sudo sed -i '$ a\
10.224.14.30 puppet' /etc/hosts
sudo pkgin -y install ruby18-puppet

cat > /tmp/puppetd.xml <<EOF
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">

<!-- Puppetd Manifest: Luke Kanies - reductivelabs.com -->

<service_bundle type='manifest' name='puppetd'>

<service
name='pkgsrc/puppetd'
type='service'
version='1'>

<create_default_instance enabled='true'/>
<single_instance/>

<dependency name='config-file'
            grouping='require_all'
            restart_on='none'
            type='path'>
    <service_fmri value='file:////opt/local/etc/puppet/puppet.conf'/>
</dependency>

<dependency name='loopback'
            grouping='require_all'
            restart_on='error'
            type='service'>
    <service_fmri value='svc:/network/loopback:default'/>
</dependency>

<dependency name='physical'
            grouping='require_all'
            restart_on='error'
            type='service'>
    <service_fmri value='svc:/network/physical:default'/>
</dependency>

<dependency name='fs-local'
            grouping='require_all'
            restart_on='none'
            type='service'>
    <service_fmri value='svc:/system/filesystem/local'/>
</dependency>

<exec_method
    type='method'
    name='start'
    exec='/opt/local/bin/puppetd'
    timeout_seconds='60'>
    
    <method_context>
        <method_environment>
            <envvar name='PATH' value='/opt/local/bin:/opt/local/sbin:/usr/bin:/usr/sbin'/>
        </method_environment>
    </method_context>
    
</exec_method>

<exec_method
    type='method'
    name='stop'
    exec=':kill'
    timeout_seconds='60' />

<exec_method
    type='method'
    name='refresh'
    exec=':kill -HUP'
    timeout_seconds='60' />

<property_group name='application' type='application'>
    <propval name='config_file' type='astring' value='/opt/local/etc/puppet/puppet.conf'/>
</property_group>

<stability value='Unstable' />

<template>
    <common_name>
        <loctext xml:lang='C'>Puppet Client Daemon</loctext>
    </common_name>
    <documentation>
        <manpage title='puppetd' section='1' />
        <doc_link name='reductivelabs.com'
            uri='http://www.reductivelabs.com/projects/puppet' />
    </documentation>
</template>
</service>

</service_bundle>
EOF
sudo mv /tmp/puppetd.xml /opt/local/share/smf/ruby18-puppet/puppetd.xml

svccfg import /opt/local/share/smf/ruby18-puppet/puppetd.xml
sudo svcadm disable puppetd
sudo bash -c 'echo -e [main]\\npluginsync=true\\n[agent]\\nreport=true > /etc/puppet/puppet.conf'
sudo puppet agent --test
# sign cert on server
sudo puppet agent --test
sudo svcadm clear puppetd
sudo svcadm enable puppetd

Ubuntu

echo <name> >/etc/hostname
sed -i 's/^127\.0\.1\.1[[:space:]]*localhost/127.0.1.1 <name> localhost/' /etc/hosts
sed -i '$ a\
10.224.14.30 puppet' /etc/hosts
shutdown -r now
mkdir /var/lib/apt/lists/
aptitude update
aptitude install -y puppet
# add 'pluginsync=true' to /etc/puppet/puppet.conf in the [main] section and report=true in the [agent] section
puppet agent --test
# sign cert on server
puppet agent --test
# set START=yes in /etc/default/puppet
service puppet start

CentOS

# set HOSTNAME in /etc/sysconfig/network and /etc/hosts
sed -i -e 's/localhost.localdomain/<name>/g' /etc/sysconfig/network
sed -i 's/localhost /<name> localhost /g' /etc/hosts
echo '<name>' > /etc/hostname
sed -i '$ a\
10.224.14.30 puppet' /etc/hosts
shutdown -r now
cat > /etc/yum.repos.d/puppet.repo <<EOF
[puppetlabs]
name=Puppet Labs Packages
baseurl=http://yum.puppetlabs.com/el/\$releasever/products/\$basearch
enabled=0
gpgcheck=0

[puppetlabsdeps]
name=Puppet Labs Packages
baseurl=http://yum.puppetlabs.com/el/\$releasever/dependencies/\$basearch
gpgcheck=0
enabled=1
EOF
yum --enablerepo="puppetlabs,puppetlabsdeps" install -y puppet

cat > /etc/puppet/puppet.conf <<EOF
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet

# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet

# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
pluginsync=true

[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion.  Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt

# Where puppetd caches the local configuration.  An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
report=true
EOF

puppet agent --test
# sign cert on server
puppet agent --test
chkconfig puppet on
service puppet start

Puppet Master

## Puppet Master

echo puppet >/etc/hostname
sed -i 's/^127\.0\.1\.1[[:space:]]*localhost/127.0.1.1 localhost puppet/' /etc/hosts
shutdown -r now

# Install git
apt-get install -y git

# Install the puppetlabs repos
cd /tmp
wget http://apt.puppetlabs.com/puppetlabs-release-precise.deb
dpkg -i puppetlabs-release-precise.deb

# Open up the devel repos
sed -i 's/# deb /deb /g' /etc/apt/sources.list.d/puppetlabs.list
apt-get update
apt-get install -y puppetmaster-passenger

# Configure PuppetMaster
cat > /etc/puppet/puppet.conf <<EOF
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=\$vardir/lib/facter
templatedir=\$confdir/templates
pluginsync=true

[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN 
ssl_client_verify_header = SSL_CLIENT_VERIFY

# Use puppet-hilary checkout 
modulepath = \$confdir/puppet-hilary/environments/\$environment/modules:\$confdir/puppet-hilary/modules:\$confdir/modules
manifest = \$confdir/puppet-hilary/site.pp
reports = store, http
reporturl = http://puppet/reports/upload
EOF

git clone git://github.com/sakaiproject/puppet-hilary /etc/puppet/puppet-hilary
cd /etc/puppet/puppet-hilary
git fetch origin
git checkout production

## Puppet Dashboard

# Run this command alone, configure MySQL when prompted
apt-get install -y build-essential irb libmysql-ruby libmysqlclient-dev \
libopenssl-ruby libreadline-ruby mysql-server rake rdoc ri ruby ruby-dev

# Install rubygems (do not use the installation that came w/ OS)
URL="http://production.cf.rubygems.org/rubygems/rubygems-1.3.7.tgz"
PACKAGE=$(echo $URL | sed "s/\.[^\.]*$//; s/^.*\///")

cd $(mktemp -d /tmp/install_rubygems.XXXXXXXXXX) && \
wget -c -t10 -T20 -q $URL && \
tar xfz $PACKAGE.tgz && \
cd $PACKAGE && \
ruby setup.rb

update-alternatives --install /usr/bin/gem gem /usr/bin/gem1.8 1
apt-get install -y puppet-dashboard

# Create a 'dashboard' database in MySQL
#   mysql -u root -p
#   > CREATE DATABASE dashboard CHARACTER SET utf8;
#   > CREATE USER 'dashboard'@'localhost' IDENTIFIED BY 'my_password';
#   > GRANT ALL PRIVILEGES ON dashboard.* TO 'dashboard'@'localhost';

cat > /usr/share/puppet-dashboard/config/database.yml <<EOF
production:
database: dashboard
username: dashboard
password: my_password
encoding: utf8
adapter: mysql
EOF
chmod 660 /usr/share/puppet-dashboard/config/database.yml

# Deploy the database
sed -i 's/max_allowed_packet.*/max_allowed_packet = 32M/g' /etc/mysql/my.cnf
service mysql restart
rake RAILS_ENV=production db:migrate

# Set up the apache configs for puppetmaster and dashboard
# IMPORTANT: Replace <host> below with the host id of the machine (e.g., e45d901c-8fc4-4e87-b761-2195b14b067f, or whatever you changed it to)
rm -f /etc/apache2/sites-enabled/*
cat > /etc/apache2/sites-enabled/000-puppetmaster <<EOF
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120
RackAutoDetect Off
RailsAutoDetect On

Listen 8140

<VirtualHost *:8140>
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

SSLCertificateFile      /var/lib/puppet/ssl/certs/<host>.pem
SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/<host>.pem
SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
SSLCACertificateFile    /var/lib/puppet/ssl/certs/ca.pem
# If Apache complains about invalid signatures on the CRL, you can try disabling
# CRL checking by commenting the next line, but this is not recommended.
SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth  1
SSLOptions +StdEnvVars

RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
RackBaseURI /
<Directory /usr/share/puppet/rack/puppetmasterd/>
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
EOF

cat > /etc/apache2/sites-enabled/010-dashboard <<EOF
<VirtualHost *:80>
DocumentRoot /usr/share/puppet-dashboard/public/
<Directory /usr/share/puppet-dashboard/public/>
    Options None
    Order allow,deny
    allow from all
</Directory>
ErrorLog /var/log/apache2/dashboard.error.log
LogLevel warn
CustomLog /var/log/apache2/dashboard.access.log combined
ServerSignature On
</VirtualHost>
EOF

service apache2 restart

# Enable the dashboard workers
sed -i 's/### START=no/START=yes/g' /etc/default/puppet-dashboard-workers
chmod 0666 /usr/share/puppet-dashboard/log/production.log
service puppet-dashboard-workers start
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment