sudo sm-set-hostname <name>
sudo sm-reboot
sudo sed -i '$ a\
10.224.14.30 puppet' /etc/hosts
sudo pkgin -y install ruby18-puppet
cat > /tmp/puppetd.xml <<EOF
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!-- Puppetd Manifest: Luke Kanies - reductivelabs.com -->
<service_bundle type='manifest' name='puppetd'>
<service
name='pkgsrc/puppetd'
type='service'
version='1'>
<create_default_instance enabled='true'/>
<single_instance/>
<dependency name='config-file'
grouping='require_all'
restart_on='none'
type='path'>
<service_fmri value='file:////opt/local/etc/puppet/puppet.conf'/>
</dependency>
<dependency name='loopback'
grouping='require_all'
restart_on='error'
type='service'>
<service_fmri value='svc:/network/loopback:default'/>
</dependency>
<dependency name='physical'
grouping='require_all'
restart_on='error'
type='service'>
<service_fmri value='svc:/network/physical:default'/>
</dependency>
<dependency name='fs-local'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/system/filesystem/local'/>
</dependency>
<exec_method
type='method'
name='start'
exec='/opt/local/bin/puppetd'
timeout_seconds='60'>
<method_context>
<method_environment>
<envvar name='PATH' value='/opt/local/bin:/opt/local/sbin:/usr/bin:/usr/sbin'/>
</method_environment>
</method_context>
</exec_method>
<exec_method
type='method'
name='stop'
exec=':kill'
timeout_seconds='60' />
<exec_method
type='method'
name='refresh'
exec=':kill -HUP'
timeout_seconds='60' />
<property_group name='application' type='application'>
<propval name='config_file' type='astring' value='/opt/local/etc/puppet/puppet.conf'/>
</property_group>
<stability value='Unstable' />
<template>
<common_name>
<loctext xml:lang='C'>Puppet Client Daemon</loctext>
</common_name>
<documentation>
<manpage title='puppetd' section='1' />
<doc_link name='reductivelabs.com'
uri='http://www.reductivelabs.com/projects/puppet' />
</documentation>
</template>
</service>
</service_bundle>
EOF
sudo mv /tmp/puppetd.xml /opt/local/share/smf/ruby18-puppet/puppetd.xml
svccfg import /opt/local/share/smf/ruby18-puppet/puppetd.xml
sudo svcadm disable puppetd
sudo bash -c 'echo -e [main]\\npluginsync=true\\n[agent]\\nreport=true > /etc/puppet/puppet.conf'
sudo puppet agent --test
# sign cert on server
sudo puppet agent --test
sudo svcadm clear puppetd
sudo svcadm enable puppetd
echo <name> >/etc/hostname
sed -i 's/^127\.0\.1\.1[[:space:]]*localhost/127.0.1.1 <name> localhost/' /etc/hosts
sed -i '$ a\
10.224.14.30 puppet' /etc/hosts
shutdown -r now
mkdir /var/lib/apt/lists/
aptitude update
aptitude install -y puppet
# add 'pluginsync=true' to /etc/puppet/puppet.conf in the [main] section and report=true in the [agent] section
puppet agent --test
# sign cert on server
puppet agent --test
# set START=yes in /etc/default/puppet
service puppet start
# set HOSTNAME in /etc/sysconfig/network and /etc/hosts
sed -i -e 's/localhost.localdomain/<name>/g' /etc/sysconfig/network
sed -i 's/localhost /<name> localhost /g' /etc/hosts
echo '<name>' > /etc/hostname
sed -i '$ a\
10.224.14.30 puppet' /etc/hosts
shutdown -r now
cat > /etc/yum.repos.d/puppet.repo <<EOF
[puppetlabs]
name=Puppet Labs Packages
baseurl=http://yum.puppetlabs.com/el/\$releasever/products/\$basearch
enabled=0
gpgcheck=0
[puppetlabsdeps]
name=Puppet Labs Packages
baseurl=http://yum.puppetlabs.com/el/\$releasever/dependencies/\$basearch
gpgcheck=0
enabled=1
EOF
yum --enablerepo="puppetlabs,puppetlabsdeps" install -y puppet
cat > /etc/puppet/puppet.conf <<EOF
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
pluginsync=true
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
report=true
EOF
puppet agent --test
# sign cert on server
puppet agent --test
chkconfig puppet on
service puppet start
## Puppet Master
echo puppet >/etc/hostname
sed -i 's/^127\.0\.1\.1[[:space:]]*localhost/127.0.1.1 localhost puppet/' /etc/hosts
shutdown -r now
# Install git
apt-get install -y git
# Install the puppetlabs repos
cd /tmp
wget http://apt.puppetlabs.com/puppetlabs-release-precise.deb
dpkg -i puppetlabs-release-precise.deb
# Open up the devel repos
sed -i 's/# deb /deb /g' /etc/apt/sources.list.d/puppetlabs.list
apt-get update
apt-get install -y puppetmaster-passenger
# Configure PuppetMaster
cat > /etc/puppet/puppet.conf <<EOF
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=\$vardir/lib/facter
templatedir=\$confdir/templates
pluginsync=true
[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
# Use puppet-hilary checkout
modulepath = \$confdir/puppet-hilary/environments/\$environment/modules:\$confdir/puppet-hilary/modules:\$confdir/modules
manifest = \$confdir/puppet-hilary/site.pp
reports = store, http
reporturl = http://puppet/reports/upload
EOF
git clone git://github.com/sakaiproject/puppet-hilary /etc/puppet/puppet-hilary
cd /etc/puppet/puppet-hilary
git fetch origin
git checkout production
## Puppet Dashboard
# Run this command alone, configure MySQL when prompted
apt-get install -y build-essential irb libmysql-ruby libmysqlclient-dev \
libopenssl-ruby libreadline-ruby mysql-server rake rdoc ri ruby ruby-dev
# Install rubygems (do not use the installation that came w/ OS)
URL="http://production.cf.rubygems.org/rubygems/rubygems-1.3.7.tgz"
PACKAGE=$(echo $URL | sed "s/\.[^\.]*$//; s/^.*\///")
cd $(mktemp -d /tmp/install_rubygems.XXXXXXXXXX) && \
wget -c -t10 -T20 -q $URL && \
tar xfz $PACKAGE.tgz && \
cd $PACKAGE && \
ruby setup.rb
update-alternatives --install /usr/bin/gem gem /usr/bin/gem1.8 1
apt-get install -y puppet-dashboard
# Create a 'dashboard' database in MySQL
# mysql -u root -p
# > CREATE DATABASE dashboard CHARACTER SET utf8;
# > CREATE USER 'dashboard'@'localhost' IDENTIFIED BY 'my_password';
# > GRANT ALL PRIVILEGES ON dashboard.* TO 'dashboard'@'localhost';
cat > /usr/share/puppet-dashboard/config/database.yml <<EOF
production:
database: dashboard
username: dashboard
password: my_password
encoding: utf8
adapter: mysql
EOF
chmod 660 /usr/share/puppet-dashboard/config/database.yml
# Deploy the database
sed -i 's/max_allowed_packet.*/max_allowed_packet = 32M/g' /etc/mysql/my.cnf
service mysql restart
rake RAILS_ENV=production db:migrate
# Set up the apache configs for puppetmaster and dashboard
# IMPORTANT: Replace <host> below with the host id of the machine (e.g., e45d901c-8fc4-4e87-b761-2195b14b067f, or whatever you changed it to)
rm -f /etc/apache2/sites-enabled/*
cat > /etc/apache2/sites-enabled/000-puppetmaster <<EOF
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120
RackAutoDetect Off
RailsAutoDetect On
Listen 8140
<VirtualHost *:8140>
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateFile /var/lib/puppet/ssl/certs/<host>.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/<host>.pem
SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
SSLCACertificateFile /var/lib/puppet/ssl/certs/ca.pem
# If Apache complains about invalid signatures on the CRL, you can try disabling
# CRL checking by commenting the next line, but this is not recommended.
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
RackBaseURI /
<Directory /usr/share/puppet/rack/puppetmasterd/>
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
EOF
cat > /etc/apache2/sites-enabled/010-dashboard <<EOF
<VirtualHost *:80>
DocumentRoot /usr/share/puppet-dashboard/public/
<Directory /usr/share/puppet-dashboard/public/>
Options None
Order allow,deny
allow from all
</Directory>
ErrorLog /var/log/apache2/dashboard.error.log
LogLevel warn
CustomLog /var/log/apache2/dashboard.access.log combined
ServerSignature On
</VirtualHost>
EOF
service apache2 restart
# Enable the dashboard workers
sed -i 's/### START=no/START=yes/g' /etc/default/puppet-dashboard-workers
chmod 0666 /usr/share/puppet-dashboard/log/production.log
service puppet-dashboard-workers start