Master server setup
Add the Puppet repository and install the 'puppet-server' package:
# rpm -Uvh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm [...] # yum install puppet-server [...]
Create the SSL certifications on the master:
# puppet master --verbose --no-daemonize [...]
Set the name of the master server:
/etc/puppet/puppet.conf
[master] dns_alt_names = master,master.gacivs.info [agent] server = master.gacivs.info
Install the necessary modules:
# puppet module install camptocamp-postfix # puppet module install petems-swap_file # puppet module install ssm-munin [...] # mkdir /etc/puppet/files/
Add to the bottom of the 'fileserver.conf':
[files] path /etc/puppet/files allow *
Set the hostname, enable, start the 'puppet' and/or the 'puppetmaster':
# hostnamectl set-hostname node.gacivs.info [...] # puppet resource service puppetmaster ensure=running enable=true [...] # puppet resource service puppet ensure=running enable=true [...]
Add 'site.pp':
/etc/puppet/manifests/site.pp
import 'commons/*.pp' import 'nodes/*.pp'
Add 'commons/firewalld.pp':
commons/firewalld.pp
exec { "000 firewall open ssh port": command => "firewall-cmd --permanent --zone=public --add-service=ssh", path => "/usr/bin/", } exec { "001 firewall open http port": command => "firewall-cmd --permanent --zone=public --add-service=http", path => "/usr/bin/", } exec { "002 firewall open https port": command => "firewall-cmd --permanent --zone=public --add-service=https", path => "/usr/bin/", } exec { "010 firewall open munin-node port": command => "firewall-cmd --permanent --zone=public --add-port=4949/tcp", path => "/usr/bin/", } exec { "011 firewall open puppet port": command => "firewall-cmd --permanent --zone=public --add-port=8140/tcp", path => "/usr/bin/", } exec { "999 firewall reload": command => "firewall-cmd --reload", path => "/usr/bin/", }
Add 'commons/munin-node.pp':
commons/munin-node.pp
class { 'munin::node': allow => [ '127.0.0.1', '::1', '108.61.164.173', '2001:19f0:5000:8904:5400:ff:fe08:d42a' ], } munin::plugin { 'apache_accesses': ensure => link, } munin::plugin { 'apache_processes': ensure => link, } munin::plugin { 'apache_volume': ensure => link, } munin::plugin { 'cpu': ensure => link, } munin::plugin { 'df': ensure => link, } munin::plugin { 'df_inode': ensure => link, } munin::plugin { 'diskstats': ensure => link, } munin::plugin { 'entropy': ensure => link, } munin::plugin { 'forks': ensure => link, } munin::plugin { 'fw_conntrack': ensure => link, } munin::plugin { 'fw_forwarded_local': ensure => link, } munin::plugin { 'fw_packets': ensure => link, } munin::plugin { 'http_loadtime': ensure => link, } munin::plugin { 'if_err_eth0': ensure => link, target => 'if_err_', } munin::plugin { 'if_err_eth1': ensure => link, target => 'if_err_', } munin::plugin { 'if_eth0': ensure => link, target => 'if_', } munin::plugin { 'if_eth1': ensure => link, target => 'if_', } munin::plugin { 'interrupts': ensure => link, } munin::plugin { 'iostat': ensure => link, } munin::plugin { 'iostat_ios': ensure => link, } munin::plugin { 'irqstats': ensure => link, } munin::plugin { 'load': ensure => link, } munin::plugin { 'memory': ensure => link, } munin::plugin { 'munin_stats': ensure => link, } munin::plugin { 'munin_update': ensure => link, } munin::plugin { 'netstat': ensure => link, } munin::plugin { 'open_files': ensure => link, } munin::plugin { 'open_inodes': ensure => link, } munin::plugin { 'postfix_mailqueue': ensure => link, } munin::plugin { 'postfix_mailstats': ensure => link, } munin::plugin { 'postfix_mailvolume': ensure => link, } munin::plugin { 'processes': ensure => link, } munin::plugin { 'proc_pri': ensure => link, } munin::plugin { 'selinux_avcstat': ensure => link, } munin::plugin { 'swap': ensure => link, } munin::plugin { 'threads': ensure => link, } munin::plugin { 'uptime': ensure => link, } munin::plugin { 'users': ensure => link, } munin::plugin { 'vmstat': ensure => link, }
Add 'commons/packages.pp':
commons/packages.pp
package { 'bzip2': ensure => installed } package { 'etckeeper': ensure => installed } package { 'java-1.8.0-openjdk': ensure => installed } package { 'java-1.8.0-openjdk-devel': ensure => installed } package { 'mc': ensure => installed } package { 'net-tools': ensure => installed } package { 'rsync': ensure => installed } package { 'screen': ensure => installed } package { 'unzip': ensure => installed } package { 'wget': ensure => installed }
Add 'commons/ssh-keys.pp':
commons/ssh-keys.pp
file { '/root/.ssh': ensure => directory, path => '/root/.ssh', owner => 'root', group => 'root', mode => '0700', } file { '/root/.ssh/authorized_keys': ensure => file, owner => 'root', group => 'root', mode => '0600', source => 'puppet:///files/authorized_keys', }
Add 'nodes/info.gacivs.master.pp':
nodes/info.gacivs.master.pp
node 'master.gacivs.info' { munin::master::node_definition { 'gacivs.info;master.gacivs.info': address => 'master.gacivs.info' } munin::master::node_definition { 'dc01.gacivs.info;dc01-rack01-cass01.gacivs.info': address => '185.92.223.74' } class { 'munin::master': html_strategy => 'cron', graph_strategy => 'cron' } file { '/etc/munin/munin-htpasswd': ensure => file, owner => 'root', group => 'root', mode => '0644', source => 'puppet:///files/munin-htpasswd', } include munin::master package { 'httpd': ensure => installed } package { 'mod_ssl': ensure => installed } service { "httpd": enable => true, ensure => running } }
Test the configuration:
# puppet agent --test Info: Retrieving pluginfacts Info: Retrieving plugin Info: Loading facts Info: Caching catalog for master.gacivs.info Info: Applying configuration version '1430989052' [...] Notice: Finished catalog run in 42.09 seconds
OK!
Agent setup
Install the 'puppet' to the node:
# rpm -Uvh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm [...] # yum install puppet [...]
Check the agent's certification:
# puppet agent --test --waitforcert 60 Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for node.gacivs.info Info: Certificate Request fingerprint (SHA256): 94:1A:AF:41:DF:EB:BE:DC:40:58:76:24:4C:04:C8:DF:EC:5B:44:07:C5:8E:5E:A0:69:FE:ED:4A:6B:87:BD:40 Info: Caching certificate for node.gacivs.info Info: Caching certificate_revocation_list for ca Info: Retrieving pluginfacts Info: Retrieving plugin [...] Info: Loading facts Info: Caching catalog for node.gacivs.info Info: Applying configuration version '1430933156' Notice: Finished catalog run in 0.01 seconds # puppet resource service puppet ensure=running enable=true [...]
Accept the certification on the master:
# puppet cert --list "node.gacivs.info" (SHA256) 94:1A:AF:41:DF:EB:BE:DC:40:58:76:24:4C:04:C8:DF:EC:5B:44:07:C5:8E:5E:A0:69:FE:ED:4A:6B:87:BD:40 # puppet cert sign node.gacivs.info Notice: Signed certificate request for node.gacivs.info Notice: Removing file Puppet::SSL::CertificateRequest node.gacivs.info at '/var/lib/puppet/ssl/ca/requests/node.gacivs.info.pem'
OK!
.
Page
viewed times
#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))