Install Puppet on CentOS 6.4

Posted by Dark Training on April 26, 2013 tags: | centos | puppet | linux

Installing Puppet on CentOS 6.4

Before I start I want to give credit to this site for starting me off in the right direction. His/Her instructions ALMOST work, but fail to finish the job for Centos 6.4 and Puppet 3.x.

Before we start, there are assumptions being made. First, you are starting from a vanilla minimal install of CentOS 6.4. Secound, when I say "FQDN" that means replace that with the fully qualified domain name of the host. IE

First you need to grab the appropriate puppet installer for your OS (x86_64 or i386)




rpm -ivh puppetlabs-release-6-7.noarch.rpm
yum clean all
yum update

Now lets get everything for the install:

yum groupinstall "Development tools"
yum install -y httpd httpd-devel mod_ssl ruby-devel rubygems gcc-c++ curl-devel zlib-devel openssl-devel puppet-server

Now start the Puppet-Server

/etc/init.d/puppetmaster start

Set Puppet Master to run on start-up

puppet resource service puppetmaster ensure=running enable=true

Configure Puppet and Apache server:

vim /etc/httpd/conf.d/puppetmaster.conf
Replace "your-fqdn". With your servers fully qualified domain name
	# RHEL/CentOS:
LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-3.0.19/ext/apache2/
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.19
PassengerRuby /usr/bin/ruby
# And the passenger performance tuning settings:
PassengerHighPerformance On
PassengerUseGlobalQueue On
# Set this to about 1.5 times the number of CPU cores in your master:
PassengerMaxPoolSize 6
# Recycle master processes after they service 1000 requests
PassengerMaxRequests 1000
# Stop processes if they sit idle for 10 minutes
PassengerPoolIdleTime 600
Listen 8140
<VirtualHost *:8140>
    SSLEngine On
    # Only allow high security cryptography. Alter if needed for compatibility.
    SSLProtocol             All -SSLv2
    SSLCipherSuite          HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
    SSLCertificateFile      /var/lib/puppet/ssl/certs/<strong><your-fqdn\></strong>.pem
    SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/<strong><your-fqdn></strong>.pem
    SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
    SSLCACertificateFile    /var/lib/puppet/ssl/ca/ca_crt.pem
    SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
    SSLVerifyClient         optional
    SSLVerifyDepth          1
    SSLOptions              +StdEnvVars +ExportCertData
    # These request headers are used to pass the client certificate
    # authentication information on to the puppet master process
    RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
    RackAutoDetect On
    DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
    <Directory /usr/share/puppet/rack/puppetmasterd/>
        Options None
        AllowOverride None
        Order Allow,Deny
        Allow from All

Start up Apache:

etc/init.d/httpd restart

Disable WEBrick and enable Apache on boot:

chkconfig puppetmaster off
chkconfig httpd on

Make sure the port is open and it’s listening:

netstat -ln | grep 8140
1	tcp    0  0*              LISTEN

Set the server to auto-sign certs. (If you are worried about security, don't do this, use puppet cert --sign FQDN).

*Append this to the end of the file

vim /etc/puppet/puppet.conf
certname = puppet-server #Use the FQDN here
autosign = true

Client Node install

Add the puppet labs repo

rpm -ivh

Install the Puppet Client

yum install -y puppet

If you are not using DNS in your envrionment, you will need to manually edit your hosts file.

vim /etc/hosts
192.168.x.x                node
192.168.x.y                puppet-server

Edit /etc/puppet/puppet.conf and add the agent variables:

vim /etc/puppet/puppet.conf
# In the [agent] section
    server = puppet-server #Should be the FQDN!
    report = true
    pluginsync = true

Set the puppet agent to run on boot:

chkconfig puppet on
puppet agent --daemonize

Now test the client:

puppet agent --t

That should connect you to the server which will automatically sign the cert. If you have opted to manually sign, you now need to go back to the server and run.

puppet cert --sign FQDN

Did this work for you? Let others know in the comments below!