Last active
December 28, 2015 12:49
-
-
Save russmckendrick/7503710 to your computer and use it in GitHub Desktop.
Puppet Server Installation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Hostname - Make sure the host name it set to puppet.yourdomain.com and that you replace references in this file | |
# Install puppet & epel repos | |
yum install -y http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-6.noarch.rpm http://www.mirrorservice.org/sites/dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm | |
# Download puppet-server from Puppet Labs, apache and necessary dependencies | |
yum install -y vim-enhanced puppet-server httpd httpd-devel mod_ssl ruby-devel rubygems gcc-c++ curl-devel zlib-devel make automake openssl-devel rubygem-rack rubygem-passenger-native-libs rubygem-passenger-native rubygem-passenger rubygem-fastthread libev mod_passenger git | |
# Start Puppet-Server | |
/etc/init.d/puppetmaster start | |
# Set Puppet Master to run on startup | |
puppet resource service puppetmaster ensure=running enable=true | |
# Create the directory structure for Puppet Master Rack Application | |
mkdir -p /usr/share/puppet/rack/puppetmasterd | |
mkdir /usr/share/puppet/rack/puppetmasterd/public /usr/share/puppet/rack/puppetmasterd/tmp | |
cp /usr/share/puppet/ext/rack/files/config.ru /usr/share/puppet/rack/puppetmasterd/ | |
chown puppet /usr/share/puppet/rack/puppetmasterd/config.ru | |
# Create the VHOST for puppet master | |
cat > /etc/httpd/conf.d/puppetmaster.conf << APACHE_CONFIG | |
PassengerHighPerformance On | |
PassengerMaxPoolSize 6 | |
PassengerMaxRequests 1000 | |
PassengerPoolIdleTime 600 | |
Listen 8140 | |
<VirtualHost *:8140> | |
SSLEngine On | |
# Only allow high security cryptography. Alter if needed for compatibility. | |
SSLProtocol All -SSLv2 | |
SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP | |
SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.yourdomain.com.pem | |
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.yourdomain.com.pem | |
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem | |
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem | |
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem | |
SSLVerifyClient optional | |
SSLVerifyDepth 1 | |
SSLOptions +StdEnvVars +ExportCertData | |
# These request headers are used to pass the client certificate | |
# authentication information on to the puppet master process | |
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e | |
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e | |
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e | |
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/ | |
<Directory /usr/share/puppet/rack/puppetmasterd/> | |
Options None | |
AllowOverride None | |
Order Allow,Deny | |
Allow from All | |
</Directory> | |
</VirtualHost> | |
APACHE_CONFIG | |
# Sort out the services | |
/etc/init.d/puppetmaster stop | |
/etc/init.d/httpd start | |
chkconfig puppetmaster off | |
chkconfig httpd on | |
# check its listening | |
netstat -ln | grep 8140 | |
# bosh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Add the Puppetlabs & VIM !!! | |
yum install -y http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-6.noarch.rpm vim-enhanced | |
# Disable the repo | |
sed -i 's/enabled=1/enabled=0/g' /etc/yum.repos.d/puppetlabs.repo | |
# Install the agent | |
yum install -y puppet --enablerepo=puppetlabs* | |
# Configure the agent | |
cat >> /etc/puppet/puppet.conf << CONFIG | |
server = puppet.yourdomain.com | |
report = true | |
pluginsync = true | |
CONFIG | |
# Daemonize it and make it start on boot | |
chkconfig puppet on | |
puppet agent --daemonize |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment