Install Puppet configuration management tool on CentOS6.4

Source: Internet
Author: User
Tags ssl certificate
CentOS6.4: install puppet3.1.1 on the system. For more information, see chenshake's article OS: centso6.4X64Puppet3.1.1Puppetm.

Install puppet 3.1.1 on CentOS6.4 system. For more information, see chenshake.

  OS: centso 6.4 X64Puppet 3.1.1Puppet master: master. canghai. comPuppet clients: node1-5.canghai.com

Puppet requires that all machines have a complete domain name (FQDN). If no DNS server provides a domain name, you can set the host name on the two machines (note that you must set the host name before installing Puppet, because the host name is written into the certificate when Puppet is installed, this certificate is required for communication between the client and the server.) because I have configured DNS, you do not need to change the hosts, if not, you need to change the hosts file.
1. disable selinux and iptables and set ntp
CentOS-6.4-x86_64-minimal.iso is used to minimize installation, so first install ntp, wget and other commonly used tools
Install ntp wget

 
  Yum install wget ntp-y

Disable selinux

 
  Sed-I '/SELINUX/s/enforcing/disabled/g'/etc/selinux/configsetenforce 0

Stop iptables

 
  Chkconfig ip6tables offchkconfig iptables off/etc/init. d/ip6tables stop/etc/init. d/iptables stop

Set ntp

 
  Ntpdate pool. ntp. orgchkconfig ntp onservice ntpd start

2. install the puppet service
Puppet is not in the basic CentOS Source. you must add the official sources provided by PuppetLabs:

 
  Wget http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpmrpm-ivh puppetlabs-release-6-7.noarch.rpmyum update

Install and enable the puppet service on the master:

 
  Yum install puppet-serverchkconfig puppet onservice puppetmaster start

Install the puppet client on clients

 
  Yum install puppetchkconfig puppet onservice puppet start

3. configure puppet
For the puppet client, modify/etc/puppet. conf and specify the master server

 
  Vi/etc/puppet. conf [main] # The Puppet log directory. # The default value is '$ vardir/log '. logdir =/var/log/puppet # Where Puppet PID files are kept. # The default value is '$ vardir/run '. rundir =/var/run/puppet # Where SSL certificates are kept. # The default value is '$ confdir/ssl '. ssldir = $ vardir/ssl [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved provided atiion. can be loaded in # the separate ''puppet'' executable using the ''-- loadclasses'' # option. # The default value is '$ confdir/classes.txt '. classfile = $ vardir/classes.txt # Where puppetd caches the local configuration. an # extension indicating the cache format is added automatically. # The default value is '$ confdir/localconfig '. localconfig = $ vardir/localconfigserver = master.canghai.com

Restart the puppet service.

 
  Service puppet restart

4. the Client applies for a certificate
Server-side automatic certificate issuance settings
Set the master to automatically issue all certificates. we only need to create the autosign. conf file in the/etc/puppet directory. (You do not need to modify the/etc/puppet. conf file because the location of my default autosign. conf file is not modified)

 
  Cat>/etc/puppet/autosign. conf <

In this way, all requests from canghai.com are automatically signed.
The client needs to send a request to the server for the server to manage the client. this is actually a process of issuing certificates. when you run the puppet client for the first time, an SSL certificate is generated and sent to the Puppet server. if the server agrees to manage the client, the certificate is issued. you can use this command to issue the certificate, because we have set the server address on the client, we do not need to contact the server address.

 
  Puppet agent

To learn more about the registration process and daily troubleshooting, you can add parameters because the configuration file contains
-No-daemonize foreground output log
-Verbose: enter more detailed logs.
-Debug more detailed logs, used in troubleshooting
-Test indicates the test. you can use the-test parameter.

 
  Puppet agent -- no-daemonize -- onetime -- verbose -- debug

You can apply for a certificate. because I configured the automatic issuance certificate, it was issued directly and executed on the server.

 
  Puppet cert list -- all + "master.canghai.com" (SHA256) CA: 50: 6A: 51: D5: AD: F0: 73: BF: 83: A0: 4A: BF: 1F: 4E: F0: 56: C9: 4B: D8: 4D: BB: 62: 10: EE: 14: 16: D5: 96: D0: B6: F7 (alt names: "DNS: master.canghai.com", "DNS: puppet", "DNS: puppet.canghai.com") + "node1.canghai.com" (SHA256) B8: 95: 69: 2B: 7B: 3E: F4: 38: CA: 63: BE: A0: ED: 3C: E7: 05: 1F: 93: 53: 2D: 1C: 60: 67: E9: D8: 20: 99: 90: B8: 9B: D6: 40 + "node2.canghai.com" (SHA256) 6C: 65: 34: 9D: B1: 82: 35: 24: EF: 3F: 10: 2B: 10: F0: 0B: 44: 42: AB: 84: 42: 29: B5: 73: 1A: A0: 1D: D5: 1E: 9E: 24: BC: e3 + "node3.canghai.com" (SHA256) 57: 54: 33: 37: 23: A7: CD: BE: F6: 25: BD: 6F: E3: DA: F9: 57: 48: 50: C7: 5E: 36: 8F: F4: BA: C8: 27: DF: B0: A2: 84: 5F: AF + "node4.canghai.com" (SHA256) 65: 2F: 0E: E7: 98: F5: 05: 40: 31: 2F: FF: 36: A5: 3E: DE: C1: 91: E8: 45: 16: 55: 60: A1: 82: 74: BC: 84: EC: BA: C0: 62: F0 + "node5.canghai.com" (SHA256) 8C: 1B: 31: B6: C0: 9C: a5: AF: 89: 6C: 85: 1B: BA: D0: 03: 63: 07: 4C: B1: 89: D4: E6: B7: 4E: CA: 4A: 23: C7: 3C: 5F: CA: 3D

You can see that all clients have issued certificates. the "+" sign is successfully issued. if the certificate has not been signed, you can use

 
  Puppet cert -- sign node1.canghai.com

To issue the certificate. after the certificate is issued, run

 
  Puppet cert list -- all

The certificate has been issued.
5. install the puppet dashboard on the server.
Install mysql

 
  Yum install-y mysql-devel mysql-server

Optimize mysql settings
Edit/etc/my. cnf and add the last line in the [mysqld] field.

 
  Cat/etc/my. cnf [mysqld] datadir =/var/lib/mysqlsocket =/var/lib/mysql. sockuser = mysql # Disabling symbolic-links is recommended to prevent assorted security riskssymbolic-links = 0max_allowed_packet = 32 M [mysqld_safe] log-error =/var/log/mysqld. logpid-file =/var/run/mysqld. pid

Start the service

 
  /Etc/init. d/mysqld startchkconfig mysqld on

Set the mysql password. here the password is 123456.

 
  Mysqladmin-u root password '123'

Create a dashboard database

 
  Mysql-uroot-p123456 <

Passenger + Apache + Dashboard
This allows Apache to support ruby. because Passenger is not in the official centos source, you need to add the epel source.

 
  Wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpmrpm-ivh epel-release-6-8.noarch.rpmyum install mod_passenger puppet-dashboard

Configure Dashboard

 
  Vi/usr/share/puppet-dashboard/config/database. ymlproduction: database: dashboard username: dashboard password: 123456 encoding: utf8 adapter: mysql

Modify time zone

 
  Vi/usr/share/puppet-dashboard/config/environment. rb # config. time_zone = 'utc' config. time_zone = 'Beijing'

Initialize database

 
  Cd/usr/share/puppet-dashboard/rake RAILS_ENV = production db: migrate

Configure Apache
We need to integrate Passenger and apache

 
  Cat>/etc/httpd/conf. d/passenger. conf <EOFLoadModule passenger_module modules/mod_passenger.so PassengerRoot/usr/share/rubygems/gems/passenger-3.0.17PassengerRuby/usr/bin/rubyPassengerHighPerformance limit 12 limit 1500 limit 120 RailsAutoDetect On ServerName master. canghai. comDocumentRoot "/usr/share/puppet-dashboard/public/" <Directory "/usr/share/puppet-dashboard/public/"> Options NoneAllowOverride AuthConfigOrder allow, denyallow from all ErrorLog/var/log/httpd/master.canghai.com _ error. logLogLevel warnCustomLog/var/log/httpd/master.canghai.com _ access. log combinedServerSignature On EOF

Start the service

 
  /Etc/init. d/httpd startchkconfig httpd on

Configure puppet
Let Dashboard use Reports. now the Report function is enabled by default, so you do not need to set the agent. you only need to set the Server side.

 
  Vi/etc/puppet. conf [master] reports = store, httpreporturl = http://master.canghai.com: 80/reports/upload

Restart puppetmaster service

 
  /Etc/init. d/puppetmaster restart

At this time, you can directly access puppet Dashboard through http: // ip
Import Report

 
  Cd/usr/share/puppet-dashboardrake RAILS_ENV = production reports: import

At this time, you can access the Dashboard to view the import task.
4. execute the imported reports

 
  Cd/usr/share/puppet-dashboardrake jobs: work RAILS_ENV = "production"

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.