Puppet

From D3xt3r01.tk
Revision as of 10:05, 7 September 2014 by Admin (talk | contribs) (Created page with "Just testing out puppet can be a lil' bit of a headache .. here's a heads up ! ==WHAT== You really really really want at least 1Gb of ram assigned to the virtual machine ( t...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Just testing out puppet can be a lil' bit of a headache .. here's a heads up !

WHAT

You really really really want at least 1Gb of ram assigned to the virtual machine ( the java stuff hits the swap hard ! )

Create your postgresql users before hand ! ( 3.3.1 seems to only support postgres and they won't support mysql in the future )

CREATE USER "console" PASSWORD 'P4ssw0rd';
CREATE DATABASE "console" OWNER "console" ENCODING 'utf8' LC_CTYPE 'en_US.utf8' LC_COLLATE 'en_US.utf8' template template0;
CREATE USER "console-auth" PASSWORD 'P4ssw0rd';
CREATE DATABASE "console-auth" OWNER "console-auth" ENCODING 'utf8' LC_CTYPE 'en_US.utf8' LC_COLLATE 'en_US.utf8' template template0;
CREATE USER "pe-puppetdb" PASSWORD 'P4ssw0rd';
CREATE DATABASE "pe-puppetdb" OWNER "pe-puppetdb" ENCODING 'utf8' LC_CTYPE 'en_US.utf8' LC_COLLATE 'en_US.utf8' template template0;

And you'll probably want to set it up to use md5 auth in /var/lib/pgsql/data/pg_hba.conf

# tail -n 3 /var/lib/pgsql/data/pg_hba.conf
host    pe-puppetdb     pe-puppetdb     127.0.0.1/32    md5
host    console console 127.0.0.1/32    md5
host    console-auth    console-auth    127.0.0.1/32    md5
# systemctl restart postgresql.service

You'll neet to create an user with sudo privileges !

# adduser -m puppet
# passwd puppet ( and set a password if you're only allowing sudo with password, it'll also be used if the ssh is with password auth )
# genkey
# mkdir -p /home/puppet/.ssh/
# cp /root/.ssh/id_rsa.pub /home/puppet/.ssh/authorized_keys
# chown -R puppet:puppet /home/puppet/.ssh/
# chmod 700 /home/puppet/.ssh/
# chmod 600 /home/puppet/.ssh/authorized_keys

You'll also want these ports open. Here's how I did it on centos 7:

firewall-cmd --zone=public --permanent --add-port=22/tcp # sshd - it uses it to connect to itself as an agent
firewall-cmd --zone=public --permanent --add-port=61613/tcp # mcollective
firewall-cmd --zone=public --permanent --add-port=3000/tcp # the ruby installer 
firewall-cmd --zone=public --permanent --add-port=443/tcp # the dashboard
firewall-cmd --zone=public --permanent --add-port=8140/tcp # puppet master
systemctl restart firewalld.service