Golden Age of Civilizations
Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Current »

Master server setup

Add the Puppet repository and install the 'puppet-server' package:

# rpm -Uvh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
[...]
# yum install puppet-server
[...]

Create the SSL certifications on the master:

# puppet master --verbose --no-daemonize
[...]

Set the name of the master server:

/etc/puppet/puppet.conf
[master]
    dns_alt_names = master,master.gacivs.info
[agent]
    server = master.gacivs.info

Install the necessary modules:

# puppet module install camptocamp-postfix
# puppet module install petems-swap_file
# puppet module install ssm-munin
[...]
# mkdir /etc/puppet/files/

 Add to the bottom of the 'fileserver.conf':

[files]
    path /etc/puppet/files
    allow *

Set the hostname, enable, start the 'puppet' and/or the 'puppetmaster':

# hostnamectl set-hostname node.gacivs.info
[...]
# puppet resource service puppetmaster ensure=running enable=true
[...]
# puppet resource service puppet ensure=running enable=true
[...]

Add 'site.pp':

/etc/puppet/manifests/site.pp
import 'commons/*.pp'
import 'nodes/*.pp'

Add 'commons/firewalld.pp':

commons/firewalld.pp
exec { "000 firewall open ssh port":
    command => "firewall-cmd --permanent --zone=public --add-service=ssh",
    path    => "/usr/bin/",
}

exec { "001 firewall open http port":
    command => "firewall-cmd --permanent --zone=public --add-service=http",
    path    => "/usr/bin/",
}
exec { "002 firewall open https port":
    command => "firewall-cmd --permanent --zone=public --add-service=https",
    path    => "/usr/bin/",
}

exec { "010 firewall open munin-node port":
    command => "firewall-cmd --permanent --zone=public --add-port=4949/tcp",
    path    => "/usr/bin/",
}

exec { "011 firewall open puppet port":
    command => "firewall-cmd --permanent --zone=public --add-port=8140/tcp",
    path    => "/usr/bin/",
}

exec { "999 firewall reload":
    command => "firewall-cmd --reload",
    path    => "/usr/bin/",
}

Add 'commons/munin-node.pp':

commons/munin-node.pp
class { 'munin::node':
    allow => [ '127.0.0.1', '::1', '108.61.164.173', '2001:19f0:5000:8904:5400:ff:fe08:d42a' ],
}

munin::plugin { 'apache_accesses':
    ensure => link,
}
munin::plugin { 'apache_processes':
    ensure => link,
}
munin::plugin { 'apache_volume':
    ensure => link,
}
munin::plugin { 'cpu':
    ensure => link,
}
munin::plugin { 'df':
    ensure => link,
}
munin::plugin { 'df_inode':
    ensure => link,
}
munin::plugin { 'diskstats':
    ensure => link,
}
munin::plugin { 'entropy':
    ensure => link,
}
munin::plugin { 'forks':
    ensure => link,
}
munin::plugin { 'fw_conntrack':
    ensure => link,
}
munin::plugin { 'fw_forwarded_local':
    ensure => link,
}
munin::plugin { 'fw_packets':
    ensure => link,
}
munin::plugin { 'http_loadtime':
    ensure => link,
}
munin::plugin { 'if_err_eth0':
    ensure => link,
    target => 'if_err_',
}
munin::plugin { 'if_err_eth1':
    ensure => link,
    target => 'if_err_',
}
munin::plugin { 'if_eth0':
    ensure => link,
    target => 'if_',
}
munin::plugin { 'if_eth1':
    ensure => link,
    target => 'if_',
}
munin::plugin { 'interrupts':
    ensure => link,
}
munin::plugin { 'iostat':
    ensure => link,
}
munin::plugin { 'iostat_ios':
    ensure => link,
}
munin::plugin { 'irqstats':
    ensure => link,
}
munin::plugin { 'load':
    ensure => link,
}
munin::plugin { 'memory':
    ensure => link,
}
munin::plugin { 'munin_stats':
    ensure => link,
}
munin::plugin { 'munin_update':
    ensure => link,
}
munin::plugin { 'netstat':
    ensure => link,
}
munin::plugin { 'open_files':
    ensure => link,
}
munin::plugin { 'open_inodes':
    ensure => link,
}
munin::plugin { 'postfix_mailqueue':
    ensure => link,
}
munin::plugin { 'postfix_mailstats':
    ensure => link,
}
munin::plugin { 'postfix_mailvolume':
    ensure => link,
}
munin::plugin { 'processes':
    ensure => link,
}
munin::plugin { 'proc_pri':
    ensure => link,
}
munin::plugin { 'selinux_avcstat':
    ensure => link,
}
munin::plugin { 'swap':
    ensure => link,
}
munin::plugin { 'threads':
    ensure => link,
}
munin::plugin { 'uptime':
    ensure => link,
}
munin::plugin { 'users':
    ensure => link,
}
munin::plugin { 'vmstat':
    ensure => link,
}

Add 'commons/packages.pp':

commons/packages.pp
package { 'bzip2':
    ensure => installed
}
package { 'etckeeper':
    ensure => installed
}
package { 'java-1.8.0-openjdk':
    ensure => installed
}
package { 'java-1.8.0-openjdk-devel':
    ensure => installed
}
package { 'mc':
    ensure => installed
}
package { 'net-tools':
    ensure => installed
}
package { 'rsync':
    ensure => installed
}
package { 'screen':
    ensure => installed
}
package { 'unzip':
    ensure => installed
}
package { 'wget':
    ensure => installed
}

Add 'commons/ssh-keys.pp':

commons/ssh-keys.pp
file { '/root/.ssh':
    ensure => directory,
    path   => '/root/.ssh',
    owner  => 'root',
    group  => 'root',
    mode   => '0700',
}
file { '/root/.ssh/authorized_keys':
    ensure => file,
    owner  => 'root',
    group  => 'root',
    mode   => '0600',
    source => 'puppet:///files/authorized_keys',
}

Add 'nodes/info.gacivs.master.pp':

nodes/info.gacivs.master.pp
node 'master.gacivs.info' {
    munin::master::node_definition { 'gacivs.info;master.gacivs.info':
        address => 'master.gacivs.info'
    }
    munin::master::node_definition { 'dc01.gacivs.info;dc01-rack01-cass01.gacivs.info':
        address => '185.92.223.74'
    }
    class { 'munin::master':
        html_strategy => 'cron',
        graph_strategy => 'cron'
    }
    file { '/etc/munin/munin-htpasswd':
        ensure => file,
        owner  => 'root',
        group  => 'root',
        mode   => '0644',
        source => 'puppet:///files/munin-htpasswd',
    }
    include munin::master

    package { 'httpd':
        ensure => installed
    }
    package { 'mod_ssl':
        ensure => installed
    }
    service { "httpd":
        enable => true,
        ensure => running
    }
}

Test the configuration:

# puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for master.gacivs.info
Info: Applying configuration version '1430989052'
[...]
Notice: Finished catalog run in 42.09 seconds

OK! (smile)

Agent setup

Install the 'puppet' to the node:

# rpm -Uvh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
[...]
# yum install puppet
[...]

Check the agent's certification:

# puppet agent --test --waitforcert 60
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for node.gacivs.info
Info: Certificate Request fingerprint (SHA256): 94:1A:AF:41:DF:EB:BE:DC:40:58:76:24:4C:04:C8:DF:EC:5B:44:07:C5:8E:5E:A0:69:FE:ED:4A:6B:87:BD:40
Info: Caching certificate for node.gacivs.info
Info: Caching certificate_revocation_list for ca
Info: Retrieving pluginfacts
Info: Retrieving plugin
[...]
Info: Loading facts
Info: Caching catalog for node.gacivs.info
Info: Applying configuration version '1430933156'
Notice: Finished catalog run in 0.01 seconds
# puppet resource service puppet ensure=running enable=true
[...]

Accept the certification on the master:

# puppet cert --list
  "node.gacivs.info" (SHA256) 94:1A:AF:41:DF:EB:BE:DC:40:58:76:24:4C:04:C8:DF:EC:5B:44:07:C5:8E:5E:A0:69:FE:ED:4A:6B:87:BD:40
# puppet cert sign node.gacivs.info
Notice: Signed certificate request for node.gacivs.info
Notice: Removing file Puppet::SSL::CertificateRequest node.gacivs.info at '/var/lib/puppet/ssl/ca/requests/node.gacivs.info.pem'

OK! (smile)

.

      
      
Page viewed times
#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))
  • No labels