Created
June 18, 2017 03:28
-
-
Save prasanjit-/e58b4927047266521b715aff21db9428 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ::PUPPET:: | |
| - Key Puppet components | |
| Agent | |
| Description A daemon process running on a node that collects information about the node and sends it to the Puppet master. | |
| Catalog | |
| Description Compilation of facts that specifies how to configure the node. | |
| Facts | |
| Description Data about a node, sent by the node to the Puppet master. | |
| Manifest | |
| Description Describes resources and the dependencies among them. | |
| Module | |
| Description Groups related manifests (in a directory). For example, a module might define how a database like MySQL gets installed, configured, and run. | |
| Node | |
| Description A host that is managed by the Puppet master. Nodes are defined like classes but contain the host name or fully qualified domain name. | |
| Puppet master | |
| Description The server that manages all the Puppet nodes. | |
| Resource | |
| Description For example, a package, file, or service. | |
| ## -PUPPET MASTER | |
| # Script at - https://github.com/prasanjit-/shellscripts/blob/master/puppet_master_install.bash | |
| #Some Prerequisites-- | |
| #If you are not using DNS in your envrionment, you will need to manually edit your hosts file on both machines . | |
| #vim /etc/hosts | |
| #10.1.x.x node | |
| #10.1.x.y puppet-server | |
| # The the pem file in below script shpuld be named as `hostname`.pem (modify script and run) | |
| # Installs Puppet Server on CentOS-7 | |
| rpm -ivh https://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-11.noarch.rpm | |
| yum install -y puppet-server | |
| systemctl start puppetmaster.service | |
| systemctl enable puppetmaster.service | |
| yum install -y httpd httpd-devel mod_ssl ruby-devel rubygems gcc-c++ curl-devel zlib-devel make automake openssl-devel | |
| curl -sSL https://rvm.io/mpapis.asc | gpg2 --import - | |
| curl -sSL get.rvm.io | bash -s stable | |
| source /etc/profile.d/rvm.sh | |
| #Check for stable – https://www.ruby-lang.org/en/downloads/ | |
| rvm install 2.3.1 | |
| gem install rack passenger | |
| passenger-install-apache2-module | |
| ### Check the pem file name should be hostname.pem or apache will not start | |
| FILE="/etc/httpd/conf.d/puppetmaster.conf" | |
| cat <<EOF >$FILE | |
| # RHEL/CentOS: | |
| LoadModule passenger_module /usr/local/rvm/gems/ruby-2.3.1/gems/passenger-5.1.4/buildout/apache2/mod_passenger.so | |
| #<IfModule mod_passenger.c> | |
| PassengerRoot /usr/local/rvm/gems/ruby-2.3.1/gems/passenger-5.1.4 | |
| PassengerDefaultRuby /usr/local/rvm/gems/ruby-2.3.1/wrappers/ruby | |
| #</IfModule> | |
| # And the passenger performance tuning settings: | |
| PassengerHighPerformance On | |
| PassengerUseGlobalQueue On | |
| # Set this to about 1.5 times the number of CPU cores in your master: | |
| PassengerMaxPoolSize 6 | |
| # Recycle master processes after they service 1000 requests | |
| PassengerMaxRequests 1000 | |
| # Stop processes if they sit idle for 10 minutes | |
| PassengerPoolIdleTime 600 | |
| Listen 8140 | |
| <VirtualHost *:8140> | |
| SSLEngine On | |
| # Only allow high security cryptography. Alter if needed for compatibility. | |
| SSLProtocol All -SSLv2 | |
| SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP | |
| SSLCertificateFile /var/lib/puppet/ssl/certs/ansible.pem | |
| SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/ansible.pem | |
| SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem | |
| SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem | |
| SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem | |
| SSLVerifyClient optional | |
| SSLVerifyDepth 1 | |
| SSLOptions +StdEnvVars +ExportCertData | |
| # These request headers are used to pass the client certificate | |
| # authentication information on to the puppet master process | |
| RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e | |
| RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e | |
| RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e | |
| #RackAutoDetect On | |
| DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/ | |
| <Directory /usr/share/puppet/rack/puppetmasterd/> | |
| Options None | |
| AllowOverride None | |
| Order Allow,Deny | |
| Allow from All | |
| </Directory> | |
| </VirtualHost> | |
| EOF | |
| firewall-cmd --zone=public --add-port=8140/tcp --permanent | |
| firewall-cmd --reload | |
| systemctl restart puppetmaster httpd | |
| # | |
| echo "[master]" >> /etc/puppet/puppet.conf | |
| echo "certname = puppet-server #Use the FQDN here" >> /etc/puppet/puppet.conf | |
| echo "autosign = true" >> /etc/puppet/puppet.conf | |
| # | |
| mkdir -p /usr/share/puppet/rack/puppetmasterd/ | |
| cp /usr/share/puppet/ext/rack/config.ru /usr/share/puppet/rack/puppetmasterd/ | |
| chown puppet:puppet /usr/share/puppet/rack/puppetmasterd/config.ru | |
| ################# | |
| ## -PUPPET SLAVE | |
| # Script at - https://github.com/prasanjit-/shellscripts/blob/master/puppet_slave_install.bash | |
| #Some Prerequisites-- | |
| #If you are not using DNS in your envrionment, you will need to manually edit your hosts file on both machines . | |
| #vim /etc/hosts | |
| #10.1.x.x node | |
| #10.1.x.y puppet-server | |
| # The the pem file in below script shpuld be named as `hostname`.pem (modify script and run) | |
| rpm -ivh https://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-11.noarch.rpm | |
| yum install -y puppet | |
| #Edit /etc/puppet/puppet.conf and add the agent variables: | |
| #vim /etc/puppet/puppet.conf | |
| # In the [agent] section | |
| echo "server = puppet-server #Should be the FQDN!" >> /etc/puppet/puppet.conf | |
| echo "report = true" >> /etc/puppet/puppet.conf | |
| echo "pluginsync = true" >> /etc/puppet/puppet.conf | |
| chkconfig puppet on | |
| puppet agent --daemonize | |
| puppet agent -t | |
| puppet cert list | |
| puppet cert sign --all | |
| ######## | |
| #Some Prerequisites-- | |
| #If you are not using DNS in your envrionment, you will need to manually edit your hosts file on both machines . | |
| #vim /etc/hosts | |
| #10.1.x.x node | |
| #10.1.x.y puppet-server | |
| rpm -ivh https://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-11.noarch.rpm | |
| yum install -y puppet | |
| ::MASTER:: | |
| mkdir puppet | |
| cd puppet | |
| mkdir datastore modules manifests | |
| docker run -d \ | |
| --name puppetmaster \ | |
| --restart always \ | |
| -h lb.intellipaat \ | |
| -p 8140:8140 \ | |
| -e 'ACLGRANT=192.168.1.102/24' \ | |
| -v /root/puppet/datastore:/var/lib/puppet \ | |
| -v /root/puppet/modules:/etc/puppet/modules \ | |
| -v /root/puppet/manifests:/etc/puppet/manifests \ | |
| -t vpetersson/puppetmaster | |
| ::SLAVE:: | |
| rpm -ivh https://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-11.noarch.rpm | |
| yum install -y puppet | |
| /etc/puppet/puppet.conf | |
| [main] | |
| server=puppet.master | |
| certname=puppet.slave | |
| All that’s left now is to run puppet on the client: | |
| $ puppet agent -t --waitforcert 20 | |
| #And hit below url from anywhere | |
| curl -k -X PUT -H "Content-Type: text/pson" --data '{"desired_state":"signed"}' https://lb.intellipaat:8140/production/certificate_status/puppet.slave | |
| # TO check cert | |
| curl -k -H "Accept: pson" https://puppetmaster:8140/production/certificate_statuses/all | |
| ::DEPLOYING A MANIFEST:: | |
| puppet agent --test | |
| #------------------------------------------------# |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment