Puppet Server & Client Installation CentOS 6.x

This post assumes that you are starting with a clean minimal CentOS 6.4 64bit server and you have a full hostname set.

Puppet Server Installation ……

Puppet Server & Client Installation CentOS 6.x 1/4

# Hostname — Make sure the host name it set to puppet.yourdomain.com and that you replace references in this file

# Install puppet & epel repos
yum install -y http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-6.noarch.rpm http://www.mirrorservice.org/sites/dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

# Download puppet-server from Puppet Labs, apache and necessary dependencies
yum install -y vim-enhanced puppet-server httpd httpd-devel mod_ssl ruby-devel rubygems gcc-c++ curl-devel zlib-devel make automake openssl-devel rubygem-rack rubygem-passenger-native-libs rubygem-passenger-native rubygem-passenger rubygem-fastthread libev mod_passenger git

# Start Puppet-Server
/etc/init.d/puppetmaster start

# Set Puppet Master to run on startup
puppet resource service puppetmaster ensure=running enable=true

# Create the directory structure for Puppet Master Rack Application
mkdir -p /usr/share/puppet/rack/puppetmasterd
mkdir /usr/share/puppet/rack/puppetmasterd/public /usr/share/puppet/rack/puppetmasterd/tmp
cp /usr/share/puppet/ext/rack/files/config.ru /usr/share/puppet/rack/puppetmasterd/
chown puppet /usr/share/puppet/rack/puppetmasterd/config.ru

# Create the VHOST for puppet master
cat > /etc/httpd/conf.d/puppetmaster.conf << APACHE_CONFIG

PassengerHighPerformance On
PassengerMaxPoolSize 6
PassengerMaxRequests 1000
PassengerPoolIdleTime 600

Listen 8140
<VirtualHost *:8140>
 SSLEngine On

# Only allow high security cryptography. Alter if needed for compatibility.
 SSLProtocol All -SSLv2
 SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
 SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.yourdomain.com.pem
 SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.yourdomain.com.pem
 SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
 SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
 SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
 SSLVerifyClient optional
 SSLVerifyDepth 1
 SSLOptions +StdEnvVars +ExportCertData

# These request headers are used to pass the client certificate
 # authentication information on to the puppet master process
 RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
 RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
 RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
 <Directory /usr/share/puppet/rack/puppetmasterd/>
 Options None
 AllowOverride None
 Order Allow,Deny
 Allow from All
 </Directory>
</VirtualHost>
APACHE_CONFIG

# Sort out the services
/etc/init.d/puppetmaster stop
/etc/init.d/httpd start
chkconfig puppetmaster off
chkconfig httpd on

# check its listening

netstat -ln | grep 8140

# bosh

Install the agent ……

Puppet Server & Client Installation CentOS 6.x 2/4

# Add the Puppetlabs & VIM !!!
yum install -y http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-6.noarch.rpm vim-enhanced

# Disable the repo
sed -i ‘s/enabled=1/enabled=0/g’ /etc/yum.repos.d/puppetlabs.repo

# Install the agent
yum install -y puppet — enablerepo=puppetlabs*

# Configure the agent
cat >> /etc/puppet/puppet.conf << CONFIG
 server = puppet.yourdomain.com
 report = true
 pluginsync = true
CONFIG

# Daemonize it and make it start on boot
chkconfig puppet on
puppet agent — daemonize

This will have sent the client certificate to the master server, all you have to do now is sign it. On Puppet Master ……

Puppet Server & Client Installation CentOS 6.x 3/4

puppet cert list
puppet cert sign — all

and then test on the Puppet client ……

Puppet Server & Client Installation CentOS 6.x 4/4

puppet agent — test