Puppet

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Just testing out puppet can be a lil' bit of a headache .. here's a heads up !

WHAT

You really really really want at least 2Gb of ram assigned to the virtual machine ( the java stuff hits the swap hard ! )

Disable your ipv6 if you don't use it How to disable ipv6 on CentOS 7 to which I'd add to do this for the named server ( also don't forget to disable the listen ::1 and stuff from /etc/named.conf )

echo 'OPTIONS="-4"' >> /etc/sysconfig/named # so it won't resolve ipv6 addresses
systemctl restart named.service

Make sure all your dns works right ( aliases pointing to master, dns for the agents and so on )

Create your postgresql users before hand ! ( 3.3.1 seems to only support postgres and they won't support mysql in the future )

CREATE USER "console" PASSWORD 'P4ssw0rd';
CREATE DATABASE "console" OWNER "console" ENCODING 'utf8' LC_CTYPE 'en_US.utf8' LC_COLLATE 'en_US.utf8' template template0;
CREATE USER "console-auth" PASSWORD 'P4ssw0rd';
CREATE DATABASE "console-auth" OWNER "console-auth" ENCODING 'utf8' LC_CTYPE 'en_US.utf8' LC_COLLATE 'en_US.utf8' template template0;
CREATE USER "pe-puppetdb" PASSWORD 'P4ssw0rd';
CREATE DATABASE "pe-puppetdb" OWNER "pe-puppetdb" ENCODING 'utf8' LC_CTYPE 'en_US.utf8' LC_COLLATE 'en_US.utf8' template template0;

And you'll probably want to set it up to use md5 auth in /var/lib/pgsql/data/pg_hba.conf

tail -n 3 /var/lib/pgsql/data/pg_hba.conf

host    pe-puppetdb     pe-puppetdb     127.0.0.1/32    md5
host    console console 127.0.0.1/32    md5
host    console-auth    console-auth    127.0.0.1/32    md5

systemctl restart postgresql.service

You'll neet to create an user with sudo privileges !

adduser -m puppet
passwd puppet # ( and set a password if you're only allowing sudo with password, it'll also be used if the ssh is with password auth )
genkey
mkdir -p /home/puppet/.ssh/
cp /root/.ssh/id_rsa.pub /home/puppet/.ssh/authorized_keys
chown -R puppet:puppet /home/puppet/.ssh/
chmod 700 /home/puppet/.ssh/
chmod 600 /home/puppet/.ssh/authorized_keys
usermod -a -G wheel puppet

You'll also want these ports open. Here's how I did it on centos 7:

firewall-cmd --zone=public --permanent --add-port=22/tcp # sshd - it uses it to connect to itself as an agent
firewall-cmd --zone=public --permanent --add-port=61613/tcp # mcollective
firewall-cmd --zone=public --permanent --add-port=3000/tcp # the ruby installer 
firewall-cmd --zone=public --permanent --add-port=443/tcp # the dashboard
firewall-cmd --zone=public --permanent --add-port=8081/tcp # it only seems to listen on 127.0.0.1 though ...
firewall-cmd --zone=public --permanent --add-port=8140/tcp # puppet master
systemctl restart firewalld.service

Here's an example answer file for agent only ( there doesn't seem to be one in the repo and you have to make your own )

q_all_in_one_install=n
q_database_install=n
q_disable_live_management=n
q_fail_on_unsuccessful_master_lookup=y
q_install=y
q_pe_check_for_updates=n
q_puppet_cloud_install=n
q_puppet_enterpriseconsole_install=n
q_puppetagent_certname=debian.example.internal
q_puppetagent_install=y
q_puppetagent_server=puppet.example.internal
q_puppetca_install=n
q_puppetdb_install=n
q_puppetmaster_certname=puppet.example.internal
q_puppetmaster_dnsaltnames=puppet,puppet.example.internal
q_puppetmaster_install=n
q_run_updtvpkg=n
q_vendor_packages_install=y

Puppet

WHAT

Navigation menu

Page actions

Page actions

Personal tools

Navigation

Search

Tools