this repository contains all of the puppet manifests that i have written / ripped off.
also how to install the fucker
yum update -y
shutdown -r now
sudo rpm -ivh http://mirror.bytemark.co.uk/fedora/epel/6/i386/epel-release-6-8.noarch.rpm
sudo rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
sudo yum install puppet-server -y
- ensure that
puppet
is included in/etc/hosts
for the ip address of eth0 along with hostname and fqdn. - add
dns_alt_names = puppet,yalson,yalson.okayalright.co.uk
to the[main]
section of/etc/puppet/puppet.conf
puppet master --verbose --no-daemonize
ctrl + c
the above when you see Starting Puppet master version X.X. think of this as a syntax check of sorts, i suppose? it does a bunch of inital cert generating, too.
chuck in /etc/puppet/puppet.conf
:
- create a
[master]
section - move the
dns_alt_names
directive down to to[master]
environmentpath = $confdir/environments
basemodulepath = $confdir/modules:/usr/share/puppet/modules
mkdir -p /etc/puppet/environments/production/modules
mkdir -p /etc/puppet/environments/production/manifests
yum install httpd httpd-devel mod_ssl ruby-devel rubygems gcc curl-devel openssl-devel zlib-devel gcc-c++ -y
gem install rack passenger
passenger-install-apache2-module
mkdir -p /usr/share/puppet/rack/puppetmasterd
mkdir /usr/share/puppet/rack/puppetmasterd/public
mkdir /usr/share/puppet/rack/puppetmasterd/tmp
cp /usr/share/puppet/ext/rack/config.ru /usr/share/puppet/rack/puppetmasterd/
chown puppet:puppet /usr/share/puppet/rack/puppetmasterd/config.ru
- copy the contents of
install_files/puppetmaster.conf
to/etc/httpd/conf.d/
disables:
chkconfig puppetmaster off
service puppetmaster stop
enables:
chkconfig httpd on
chkconfig puppet on
service httpd start
service puppet start
https://yalson:8140
should actually be listening, although i do not think you will be able to get anything useful out of it.puppet agent test
- should return all green and compile catalogues etc.
when i applied it, the agent decided to generate a new cert
for itself because my search domain had changed. the server
thought it was yalson.okayalright.co.uk
instead of its classic
yalson
.
so i had two certs for one host and was a clever boy, deciding to:
rm -rf /var/lib/puppet/ssl
little did i know that is where the master certs lived too. sigh
regenerate them by
service httpd stop
puppet master --no-daemonize --verbose
and stop the temporary master when it gets to the notice: Starting Puppet master version X.X.X
part.
after that you will probably need to edit the certificate paths in
the httpd config around here: /etc/httpd/conf.d/puppetmaster.conf
after that:
service httpd start
puppet cert list
puppet cert sign 'yalson.okayalright.co.uk'
puppet agent -t
puppet hates when you use symlinks with environments. well, not hate exactly. more like completely ignores them.
i made my $confdir/environments/production/modules
and
$confdir/environments/production/manifests
directories
both symlinks to somewhere in my homedir and spent fucking
hours trying to figure out what happened. i suspect it was
the manifests dir which hated this, secretly.
i solved this by cloning my repo into $confdir
instead.
cd /etc/puppet/environments
git clone [email protected]:hybby/puppet.git
mv puppet production
puppet agent --test --noop