Install the latest Puppet configuration management tool on CentOS6.4

Source: Internet
Author: User
Tags ssl certificate

Install the latest Puppet configuration management tool on CentOS6.4

Install puppet 3.1.1 on CentOS6.4 system. For more information, see chenshake.

OS: centso 6.4 X64Puppet 3.1.1Puppet master: master. canghai. comPuppet clients: node1-5.canghai.com

Puppet requires that all machines have a complete domain name (FQDN). If no DNS server provides a domain name, you can set the host name on the two machines (note that you must set the host name before installing Puppet, because the host name is written into the certificate when Puppet is installed, this certificate is required for communication between the client and the server.) because I have configured DNS, you do not need to change the hosts, if not, you need to change the hosts file.
1. Disable selinux and iptables and set ntp
CentOS-6.4-x86_64-minimal.iso is used to minimize installation, so first install ntp, wget and other commonly used tools
Install ntp wget

Yum install wget ntp-y

Disable selinux

Sed-I '/SELINUX/s/enforcing/disabled/G'/etc/selinux/configsetenforce 0

Stop iptables

Chkconfig ip6tables offchkconfig iptables off/etc/init. d/ip6tables stop/etc/init. d/iptables stop

Set ntp

Ntpdate pool. ntp. orgchkconfig ntp onservice ntpd start

2. Install the puppet Service
Puppet is not in the basic CentOS source. You must add the official sources provided by PuppetLabs:

Wget http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpmrpm-ivh puppetlabs-release-6-7.noarch.rpmyum update

Install and enable the puppet service on the master:

Yum install puppet-serverchkconfig puppet onservice puppetmaster start

Install the puppet client on clients

Yum install puppetchkconfig puppet onservice puppet start

3. Configure puppet
For the puppet client, modify/etc/puppet. conf and specify the master server

Vi/etc/puppet. conf [main] # The Puppet log directory. # The default value is '$ vardir/log '. logdir =/var/log/puppet # Where Puppet PID files are kept. # The default value is '$ vardir/run '. rundir =/var/run/puppet # Where SSL certificates are kept. # The default value is '$ confdir/ssl '. ssldir = $ vardir/ssl [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved provided atiion. can be loaded in # the separate ''puppet'' executable using the ''-- loadclasses'' # option. # The default value is '$ confdir/classes.txt '. classfile = $ vardir/classes.txt # Where puppetd caches the local configuration. an # extension indicating the cache format is added automatically. # The default value is '$ confdir/localconfig '. localconfig = $ vardir/localconfigserver = master.canghai.com

Restart the puppet service.

Service puppet restart

4. The Client applies for a certificate
Server-side automatic certificate issuance settings
Set the master to automatically issue all certificates. We only need to create the autosign. conf file in the/etc/puppet directory. (You do not need to modify the/etc/puppet. conf file because the location of my default autosign. conf file is not modified)

Cat>/etc/puppet/autosign. conf <EOF *. canghai. comEOFservice puppetmaster restart

In this way, all requests from canghai.com are automatically signed.
The client needs to send a request to the server for the server to manage the client. this is actually a process of issuing certificates. when you run the puppet client for the first time, an SSL certificate is generated and sent to the Puppet server. If the server agrees to manage the client, the certificate is issued. You can use this command to issue the certificate, because we have set the server address on the client, we do not need to contact the server address.

Puppet agent

To learn more about the registration process and daily troubleshooting, you can add parameters because the configuration file contains
-No-daemonize foreground output log
-Verbose: enter more detailed logs.
-Debug more detailed logs, used in troubleshooting
-Test indicates the test. You can use the-test parameter.

Puppet agent -- no-daemonize -- onetime -- verbose -- debug

You can apply for a certificate. Because I configured the automatic issuance certificate, it was issued directly and executed on the server.

Puppet cert list -- all + "master.canghai.com" (SHA256) CA: 50: 6A: 51: D5: AD: F0: 73: BF: 83: A0: 4A: BF: 1F: 4E: F0: 56: C9: 4B: D8: 4D: BB: 62: 10: EE: 14: 16: D5: 96: D0: B6: F7 (alt names: "DNS: master.canghai.com", "DNS: puppet", "DNS: puppet.canghai.com") + "node1.canghai.com" (SHA256) B8: 95: 69: 2B: 7B: 3E: F4: 38: CA: 63: BE: A0: ED: 3C: E7: 05: 1F: 93: 53: 2D: 1C: 60: 67: E9: D8: 20: 99: 90: B8: 9B: D6: 40 + "node2.canghai.com" (SHA256) 6C: 65: 34: 9D: B1: 82: 35: 24: EF: 3F: 10: 2B: 10: F0: 0B: 44: 42: AB: 84: 42: 29: B5: 73: 1A: A0: 1D: D5: 1E: 9E: 24: BC: e3 + "node3.canghai.com" (SHA256) 57: 54: 33: 37: 23: A7: CD: BE: F6: 25: BD: 6F: E3: DA: F9: 57: 48: 50: C7: 5E: 36: 8F: F4: BA: C8: 27: DF: B0: A2: 84: 5F: AF + "node4.canghai.com" (SHA256) 65: 2F: 0E: E7: 98: F5: 05: 40: 31: 2F: FF: 36: A5: 3E: DE: C1: 91: E8: 45: 16: 55: 60: A1: 82: 74: BC: 84: EC: BA: C0: 62: F0 + "node5.canghai.com" (SHA256) 8C: 1B: 31: B6: C0: 9C: a5: AF: 89: 6C: 85: 1B: BA: D0: 03: 63: 07: 4C: B1: 89: D4: E6: B7: 4E: CA: 4A: 23: C7: 3C: 5F: CA: 3D

You can see that all clients have issued certificates. The "+" sign is successfully issued. If the certificate has not been signed, you can use

Puppet cert -- sign node1.canghai.com

To issue the certificate. After the certificate is issued, run

Puppet cert list -- all

The certificate has been issued.
5. Install the puppet dashboard on the server.
Install mysql

Yum install-y mysql-devel mysql-server

Optimize mysql settings
Edit/etc/my. cnf and add the last line in the [mysqld] field.

Cat/etc/my. cnf [mysqld] datadir =/var/lib/mysqlsocket =/var/lib/mysql. sockuser = mysql # Disabling symbolic-links is recommended to prevent assorted security riskssymbolic-links = 0max_allowed_packet = 32 M [mysqld_safe] log-error =/var/log/mysqld. logpid-file =/var/run/mysqld. pid

Start the service

/Etc/init. d/mysqld startchkconfig mysqld on

Set the mysql password. Here the password is 123456.

Mysqladmin-u root password '123'

Create a dashboard Database

Mysql-uroot-p123456 <eofcreate database dashboard character set utf8; create user 'dashboard '@ 'localhost' identified by '20170101'; grant all privileges on dashboard. * TO 'dashboard '@ 'localhost'; flush privileges; EOF

Passenger + Apache + Dashboard
This allows Apache to support ruby. Because Passenger is not in the official centos source, you need to add the epel source.

Wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpmrpm-ivh epel-release-6-8.noarch.rpmyum install mod_passenger puppet-dashboard

Configure Dashboard

Vi/usr/share/puppet-dashboard/config/database. ymlproduction: database: dashboardusername: dashboardpassword: 123456 encoding: utf8adapter: mysql

Modify Time Zone

Vi/usr/share/puppet-dashboard/config/environment. rb # config. time_zone = 'utc' config. time_zone = 'beijing'

Initialize Database

Cd/usr/share/puppet-dashboard/rake RAILS_ENV = production db: migrate

Configure Apache
We need to integrate Passenger and apache

Cat>/etc/httpd/conf. d/passenger. conf <EOFLoadModule passenger_module modules/usr/share/rubygems/gems/passenger-3.0.17PassengerRuby/usr/bin/rubyPassengerHighPerformance onPassengerMaxPoolSize 12 bytes 1500 bytes 120 RailsAutoDetect OnServerName master. canghai. comDocumentRoot "/usr/share/puppet-dashboard/public/" & lt; Directory "/usr/share/puppet-dashboard/public/" & gt; Options NoneAllowOverride AuthConfigOrder allow, denyallow from allErrorLog/var/log/httpd/master.canghai.com _ error. logLogLevel warnCustomLog/var/log/httpd/master.canghai.com _ access. log combinedServerSignature OnEOF

Start the service

/Etc/init. d/httpd startchkconfig httpd on

Configure puppet
Let Dashboard use Reports. Now the Report function is enabled by default, so you do not need to set the agent. You only need to set the Server side.

Vi/etc/puppet. conf [master] reports = store, httpreporturl = http://master.canghai.com: 80/reports/upload

Restart puppetmaster Service

/Etc/init. d/puppetmaster restart

At this time, you can directly access puppet Dashboard through http: // ip

Import report

Cd/usr/share/puppet-dashboardrake RAILS_ENV = production reports: import

At this time, you can access the Dashboard to view the import task.

4. Execute the imported reports

Cd/usr/share/puppet-dashboardrake jobs: work RAILS_ENV = "production"

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.