Page tree
Skip to end of metadata
Go to start of metadata

Master server setup

Add the Puppet repository and install the 'puppet-server' package:

# rpm -Uvh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
[...]
# yum install puppet-server
[...]

Create the SSL certifications on the master:

# puppet master --verbose --no-daemonize
[...]

Set the name of the master server:

/etc/puppet/puppet.conf
[master]
    dns_alt_names = master,master.gacivs.info
[agent]
    server = master.gacivs.info

Install the necessary modules:

# puppet module install camptocamp-postfix
# puppet module install petems-swap_file
# puppet module install ssm-munin
[...]
# mkdir /etc/puppet/files/

 Add to the bottom of the 'fileserver.conf':

[files]
    path /etc/puppet/files
    allow *

Set the hostname, enable, start the 'puppet' and/or the 'puppetmaster':

# hostnamectl set-hostname node.gacivs.info
[...]
# puppet resource service puppetmaster ensure=running enable=true
[...]
# puppet resource service puppet ensure=running enable=true
[...]

Add 'site.pp':

/etc/puppet/manifests/site.pp
import 'commons/*.pp'
import 'nodes/*.pp'

Add 'commons/firewalld.pp':

commons/firewalld.pp
exec { "000 firewall open ssh port":
    command => "firewall-cmd --permanent --zone=public --add-service=ssh",
    path    => "/usr/bin/",
}

exec { "001 firewall open http port":
    command => "firewall-cmd --permanent --zone=public --add-service=http",
    path    => "/usr/bin/",
}
exec { "002 firewall open https port":
    command => "firewall-cmd --permanent --zone=public --add-service=https",
    path    => "/usr/bin/",
}

exec { "010 firewall open munin-node port":
    command => "firewall-cmd --permanent --zone=public --add-port=4949/tcp",
    path    => "/usr/bin/",
}

exec { "011 firewall open puppet port":
    command => "firewall-cmd --permanent --zone=public --add-port=8140/tcp",
    path    => "/usr/bin/",
}

exec { "999 firewall reload":
    command => "firewall-cmd --reload",
    path    => "/usr/bin/",
}

Add 'commons/munin-node.pp':

commons/munin-node.pp
class { 'munin::node':
    allow => [ '127.0.0.1', '::1', '108.61.164.173', '2001:19f0:5000:8904:5400:ff:fe08:d42a' ],
}

munin::plugin { 'apache_accesses':
    ensure => link,
}
munin::plugin { 'apache_processes':
    ensure => link,
}
munin::plugin { 'apache_volume':
    ensure => link,
}
munin::plugin { 'cpu':
    ensure => link,
}
munin::plugin { 'df':
    ensure => link,
}
munin::plugin { 'df_inode':
    ensure => link,
}
munin::plugin { 'diskstats':
    ensure => link,
}
munin::plugin { 'entropy':
    ensure => link,
}
munin::plugin { 'forks':
    ensure => link,
}
munin::plugin { 'fw_conntrack':
    ensure => link,
}
munin::plugin { 'fw_forwarded_local':
    ensure => link,
}
munin::plugin { 'fw_packets':
    ensure => link,
}
munin::plugin { 'http_loadtime':
    ensure => link,
}
munin::plugin { 'if_err_eth0':
    ensure => link,
    target => 'if_err_',
}
munin::plugin { 'if_err_eth1':
    ensure => link,
    target => 'if_err_',
}
munin::plugin { 'if_eth0':
    ensure => link,
    target => 'if_',
}
munin::plugin { 'if_eth1':
    ensure => link,
    target => 'if_',
}
munin::plugin { 'interrupts':
    ensure => link,
}
munin::plugin { 'iostat':
    ensure => link,
}
munin::plugin { 'iostat_ios':
    ensure => link,
}
munin::plugin { 'irqstats':
    ensure => link,
}
munin::plugin { 'load':
    ensure => link,
}
munin::plugin { 'memory':
    ensure => link,
}
munin::plugin { 'munin_stats':
    ensure => link,
}
munin::plugin { 'munin_update':
    ensure => link,
}
munin::plugin { 'netstat':
    ensure => link,
}
munin::plugin { 'open_files':
    ensure => link,
}
munin::plugin { 'open_inodes':
    ensure => link,
}
munin::plugin { 'postfix_mailqueue':
    ensure => link,
}
munin::plugin { 'postfix_mailstats':
    ensure => link,
}
munin::plugin { 'postfix_mailvolume':
    ensure => link,
}
munin::plugin { 'processes':
    ensure => link,
}
munin::plugin { 'proc_pri':
    ensure => link,
}
munin::plugin { 'selinux_avcstat':
    ensure => link,
}
munin::plugin { 'swap':
    ensure => link,
}
munin::plugin { 'threads':
    ensure => link,
}
munin::plugin { 'uptime':
    ensure => link,
}
munin::plugin { 'users':
    ensure => link,
}
munin::plugin { 'vmstat':
    ensure => link,
}

Add 'commons/packages.pp':

commons/packages.pp
package { 'bzip2':
    ensure => installed
}
package { 'etckeeper':
    ensure => installed
}
package { 'java-1.8.0-openjdk':
    ensure => installed
}
package { 'java-1.8.0-openjdk-devel':
    ensure => installed
}
package { 'mc':
    ensure => installed
}
package { 'net-tools':
    ensure => installed
}
package { 'rsync':
    ensure => installed
}
package { 'screen':
    ensure => installed
}
package { 'unzip':
    ensure => installed
}
package { 'wget':
    ensure => installed
}

Add 'commons/ssh-keys.pp':

commons/ssh-keys.pp
file { '/root/.ssh':
    ensure => directory,
    path   => '/root/.ssh',
    owner  => 'root',
    group  => 'root',
    mode   => '0700',
}
file { '/root/.ssh/authorized_keys':
    ensure => file,
    owner  => 'root',
    group  => 'root',
    mode   => '0600',
    source => 'puppet:///files/authorized_keys',
}

Add 'nodes/info.gacivs.master.pp':

nodes/info.gacivs.master.pp
node 'master.gacivs.info' {
    munin::master::node_definition { 'gacivs.info;master.gacivs.info':
        address => 'master.gacivs.info'
    }
    munin::master::node_definition { 'dc01.gacivs.info;dc01-rack01-cass01.gacivs.info':
        address => '185.92.223.74'
    }
    class { 'munin::master':
        html_strategy => 'cron',
        graph_strategy => 'cron'
    }
    file { '/etc/munin/munin-htpasswd':
        ensure => file,
        owner  => 'root',
        group  => 'root',
        mode   => '0644',
        source => 'puppet:///files/munin-htpasswd',
    }
    include munin::master

    package { 'httpd':
        ensure => installed
    }
    package { 'mod_ssl':
        ensure => installed
    }
    service { "httpd":
        enable => true,
        ensure => running
    }
}

Test the configuration:

# puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for master.gacivs.info
Info: Applying configuration version '1430989052'
[...]
Notice: Finished catalog run in 42.09 seconds

OK! (smile)

Agent setup

Set the hostname:

# hostnamectl set-hostname node.gacivs.info

Install the 'puppet' to the node:

# rpm -Uvh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
[...]
# yum install puppet
[...]

Set the name of the master server:

/etc/puppet/puppet.conf
[agent]
    server = master.gacivs.info

Check the agent's certification:

# puppet agent --test --waitforcert 60
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for node.gacivs.info
Info: Certificate Request fingerprint (SHA256): 94:1A:AF:41:DF:EB:BE:DC:40:58:76:24:4C:04:C8:DF:EC:5B:44:07:C5:8E:5E:A0:69:FE:ED:4A:6B:87:BD:40
Info: Caching certificate for node.gacivs.info
Info: Caching certificate_revocation_list for ca
Info: Retrieving pluginfacts
Info: Retrieving plugin
[...]
Info: Loading facts
Info: Caching catalog for node.gacivs.info
Info: Applying configuration version '1430933156'
Notice: Finished catalog run in 0.01 seconds
# puppet resource service puppet ensure=running enable=true
[...]

Accept the certification on the master:

# puppet cert --list
  "node.gacivs.info" (SHA256) 94:1A:AF:41:DF:EB:BE:DC:40:58:76:24:4C:04:C8:DF:EC:5B:44:07:C5:8E:5E:A0:69:FE:ED:4A:6B:87:BD:40
# puppet cert sign node.gacivs.info
Notice: Signed certificate request for node.gacivs.info
Notice: Removing file Puppet::SSL::CertificateRequest node.gacivs.info at '/var/lib/puppet/ssl/ca/requests/node.gacivs.info.pem'

OK! (smile)


.

      
      
Page viewed times
#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))
  • No labels