This post assumes that you are starting with a clean minimal CentOS 6.4 64bit server and you have a full hostname set.
Puppet Server Installation ……
# Hostname - Make sure the host name it set to puppet.yourdomain.com and that you replace references in this file
# Install puppet & epel reposyum install -y http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-6.noarch.rpm http://www.mirrorservice.org/sites/dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
# Download puppet-server from Puppet Labs, apache and necessary dependenciesyum install -y vim-enhanced puppet-server httpd httpd-devel mod_ssl ruby-devel rubygems gcc-c++ curl-devel zlib-devel make automake openssl-devel rubygem-rack rubygem-passenger-native-libs rubygem-passenger-native rubygem-passenger rubygem-fastthread libev mod_passenger git
# Start Puppet-Server/etc/init.d/puppetmaster start
# Set Puppet Master to run on startuppuppet resource service puppetmaster ensure=running enable=true
# Create the directory structure for Puppet Master Rack Applicationmkdir -p /usr/share/puppet/rack/puppetmasterdmkdir /usr/share/puppet/rack/puppetmasterd/public /usr/share/puppet/rack/puppetmasterd/tmpcp /usr/share/puppet/ext/rack/files/config.ru /usr/share/puppet/rack/puppetmasterd/chown puppet /usr/share/puppet/rack/puppetmasterd/config.ru
# Create the VHOST for puppet mastercat > /etc/httpd/conf.d/puppetmaster.conf << APACHE_CONFIG
PassengerHighPerformance OnPassengerMaxPoolSize 6PassengerMaxRequests 1000PassengerPoolIdleTime 600
Listen 8140<VirtualHost *:8140> SSLEngine On
# Only allow high security cryptography. Alter if needed for compatibility. SSLProtocol All -SSLv2 SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.yourdomain.com.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.yourdomain.com.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars +ExportCertData
# These request headers are used to pass the client certificate # authentication information on to the puppet master process RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/ <Directory /usr/share/puppet/rack/puppetmasterd/> Options None AllowOverride None Order Allow,Deny Allow from All </Directory></VirtualHost>APACHE_CONFIG
# Sort out the services/etc/init.d/puppetmaster stop/etc/init.d/httpd startchkconfig puppetmaster offchkconfig httpd on
# check its listening
netstat -ln | grep 8140
# boshInstall the agent ……
# Add the Puppetlabs & VIM !!!yum install -y http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-6.noarch.rpm vim-enhanced
# Disable the reposed -i ‘s/enabled=1/enabled=0/g’ /etc/yum.repos.d/puppetlabs.repo
# Install the agentyum install -y puppet - enablerepo=puppetlabs*
# Configure the agentcat >> /etc/puppet/puppet.conf << CONFIG server = puppet.yourdomain.com report = true pluginsync = trueCONFIG
# Daemonize it and make it start on bootchkconfig puppet onpuppet agent - daemonizeThis will have sent the client certificate to the master server, all you have to do now is sign it. On Puppet Master ……
puppet cert listpuppet cert sign - alland then test on the Puppet client ……
puppet agent - test


