Puppet Master/Client Installation – RHEL 6.4

Lab Prerequisite:

Step:1 Build two linux VM’s.

VM-1
Name    - puppet-master.example.com
IP      - 10.0.0.1
Netmask - 255.255.255.0
Mount RHEL CD - /mnt
client.repo - exists
VM-2
Name    - puppet-client.example.com
IP      - 10.0.0.2
Netmask - 255.255.255.0
Mount RHEL CD - /mnt
client.repo - exists


Step:2 
Update /etc/hosts of both VM's as below:
vi /etc/hosts
10.0.0.1  puppet-master.example.com  puppet-master
10.0.0.2  puppet-client.example.com  puppet-client
:wq!

Step:3 

Ping test & ensure it is connecting with hostname.
From VM-1 (puppet-master)
  # ping puppet-client
From VM-2 (puppet-client)
  # ping puppet-master
 
Step:4 

Install Puppet Master & verify:
# sudo rpm -Uvh http://rbel.frameos.org/rbel6 
# yum install rubygems
# sudo rpm -ivh http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-7.noarch.rpm
# yum install puppet-server

Verify:
# rpm -qa | grep -i puppet
# puppet-3.8.3-1.el6.noarch
# puppetlabs-release-6-7.noarch
# puppet-server-3.8.3-1.el6.noarchPuppet

Step:5

Configure Puppet Master & Verify

Add the following line under ‘main’ section

vi '/etc/puppet/puppet.conf'
  dns_alt_names = puppet-master,puppet
:wq!

Then start the server to create the certificates…

use ‘puppet master –verbose –no-daemonize’.. Once you see the ‘version 3.8.3’… hit cntrl-c

# puppet master --verbose --no-daemonize
Info: Creating a new SSL key for ca
Info: Creating a new SSL certificate request for ca
Info: Certificate Request fingerprint (SHA256): AD:DE:41:AA:69:7A:E3:05:60:87:06:34:7F:9D:3B:69:4B:60:15:B5:C0:62:25:A6:61:62:E5:1E:6D:18:A3:8B
Notice: Signed certificate request for ca
Info: Creating a new certificate revocation list
Info: Creating a new SSL key for kickstart.home
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for kickstart.home
Info: Certificate Request fingerprint (SHA256): FC:12:99:D5:B4:01:60:CF:99:4E:96:0C:FF:36:33:D7:4A:A1:D8:69:79:31:B6:3B:41:B9:C4:81:B1:4B:23:9D
Notice: kickstart.home has a waiting certificate request
Notice: Signed certificate request for kickstart.home
Notice: Removing file Puppet::SSL::CertificateRequest kickstart.home at '/var/lib/puppet/ssl/ca/requests/kickstart.home.pem'
Notice: Removing file Puppet::SSL::CertificateRequest kickstart.home at '/var/lib/puppet/ssl/certificate_requests/kickstart.home.pem'
Notice: Starting Puppet master version 3.8.3

Step:6

Start the master server & verify

#service puppetmaster start
Starting puppetmaster:                             [  OK  ]

Verify:
# service puppetmaster status
puppet (pid  2236) is running...

Step:7
Add the following sample Manifests script to create test file & add HTTP service & test user in client :
   *** nodes.pp is for specific client servers
   *** sites.pp is for entire site / all the clients
vi /etc/puppet/manifests/nodes.pp
  
   node 'puppet-client.example.com' {
       
      file { '/tmp/puppet_test.txt':
                content => "This is test file update via Puppet master\n",
             }

       package { 'httpd':
                 ensure => present,
               }

       user { 'mike':
               ensure => present,
               comment => 'Mike - puppet user',
               home => '/home/mike',
               managehome => true,
               password => '$6$hpurxeTV9avuKEEu$RkHNSBxDOC4nZ6ZnLopKyfBf9DYYaZPIJe0xozLdpwCmFlMzz5uXVQyrVG/g.05JQ6EsawT8/oo8RT2Xm8.V5.',
            }

}   
:wq!


Note: To create an encrypted password : 
       # grub-crypt --sha-512
         Password: abc
         Retype Password : abc
        $6$hpurxeTV9avuKEEu$RkHNSBxDOC4nZ6ZnLopKyfBf9DYYaZPIJe0xozLdpwCmFlMzz5uXVQyrVG/g.05JQ6EsawT8/oo8RT2Xm8.V5.

Step:8  
Once above steps done, restart the puppet-master server :
#service puppetmaster restart
Starting puppetmaster:                             [  OK  ]

Step:9

Install Puppet Client Agent & Verify :
# sudo rpm -Uvh http://rbel.frameos.org/rbel6 
# yum install rubygems
# sudo rpm -ivh http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-7.noarch.rpm
# yum install puppet
# service puppet start or /etc/init.d/puppet start
# service puppet status
# chown puppet.puppet /var/lib/puppet/
# puppetd --test  --> this will send certificate to puppet-master

Step:10  (Test from Client)

@ Clinet  
# puppet agent --server puppet-master --waitforcert 60 --test
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppet-client.home
Info: Certificate Request fingerprint (SHA256): C4:C0:51:06:16:07:FA:48:DC:CA:9D:9C:3C:A6:66:E0:C2:01:19:63:E0:51:50:9E:4F:C9:DB:66:D7:07:48:A8
Info: Caching certificate for ca
# tail -f /var/log/puppet/puppet.log

 

Step:11  (Accept request from Master)
@ Master:
 # puppet cert --list
  "puppet-client.home" (SHA256) C4:C0:51:06:16:07:FA:48:DC:CA:9D:9C:3C:A6:66:E0:C2:01:19:63:E0:51:50:9E:4F:C9:DB:66:D7:07:48:A8

# puppet cert --sign puppet-client.home
Notice: Signed certificate request for puppet-client.home
Notice: Removing file Puppet::SSL::CertificateRequest puppet-client.home at '/var/lib/puppet/ssl/ca/requests/puppet-client.home.pem'


To clean certs @ master:
# puppet cert --list --all 
# puppet cert clean --all

both master and client 
rm -rf /var/lib/puppet/ssl

[root@puppet-master ~]# puppet cert --list --all 
 Create new certificate at master
#puppet cert generate puppet-master

Create new certificate at client
#puppet agent --server puppet-master --waitforcert 60 --test

Accept certificate at master:
puppet cert --sign puppet-client.home

Leave a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>