Posts

Had a play with SaltStack↗ today, it’s a good way to manage multiple machines from a central location. It runs as a Server (master) and client (minion). First we need to install the Salt-Master, this assumes you are installing on CentOS and don’t mind having EPEL installed on both the master and minion …. SaltStack on CentOS 6.x 1/3 # Install EPEL and Update on both the master and minions yum update -y yum install http://ftp.linux.ncsu.edu/pub/epel/6/i386/epel-release-6-8.noarch.rpm # Install the salt-master yum install salt-master chkconfig salt-master on sed -i ‘s/#interface: 0.0.0.0/interface: 0.0.0.0/g’ /etc/salt/master service salt-master start # Install the salt-minion # Replace $salt-master.yourdomain.com with the FQDN of your salt-master yum install salt-minion chkconfig salt-minion on sed -i ‘s/#master: salt/master: manager.yourdomain.com/g’ /etc/salt/minion service salt-minion start Now we have a minion talking to the master we need to accept the certificate; ...

This post assumes that you are starting with a clean minimal CentOS 6.4 64bit server and you have a full hostname set. Puppet Server Installation …… Puppet Server & Client Installation CentOS 6.x 1/4 # Hostname — Make sure the host name it set to puppet.yourdomain.com and that you replace references in this file # Install puppet & epel repos yum install -y http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-6.noarch.rpm http://www.mirrorservice.org/sites/dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm # Download puppet-server from Puppet Labs, apache and necessary dependencies yum install -y vim-enhanced puppet-server httpd httpd-devel mod_ssl ruby-devel rubygems gcc-c++ curl-devel zlib-devel make automake openssl-devel rubygem-rack rubygem-passenger-native-libs rubygem-passenger-native rubygem-passenger rubygem-fastthread libev mod_passenger git # Start Puppet-Server /etc/init.d/puppetmaster start # Set Puppet Master to run on startup puppet resource service puppetmaster ensure=running enable=true # Create the directory structure for Puppet Master Rack Application mkdir -p /usr/share/puppet/rack/puppetmasterd mkdir /usr/share/puppet/rack/puppetmasterd/public /usr/share/puppet/rack/puppetmasterd/tmp cp /usr/share/puppet/ext/rack/files/config.ru /usr/share/puppet/rack/puppetmasterd/ chown puppet /usr/share/puppet/rack/puppetmasterd/config.ru # Create the VHOST for puppet master cat > /etc/httpd/conf.d/puppetmaster.conf << APACHE_CONFIG PassengerHighPerformance On PassengerMaxPoolSize 6 PassengerMaxRequests 1000 PassengerPoolIdleTime 600 Listen 8140 <VirtualHost *:8140> SSLEngine On # Only allow high security cryptography. Alter if needed for compatibility. SSLProtocol All -SSLv2 SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.yourdomain.com.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.yourdomain.com.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars +ExportCertData # These request headers are used to pass the client certificate # authentication information on to the puppet master process RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/ <Directory /usr/share/puppet/rack/puppetmasterd/> Options None AllowOverride None Order Allow,Deny Allow from All </Directory> </VirtualHost> APACHE_CONFIG # Sort out the services /etc/init.d/puppetmaster stop /etc/init.d/httpd start chkconfig puppetmaster off chkconfig httpd on # check its listening netstat -ln | grep 8140 # bosh Install the agent …… ...