Thursday, January 19, 2012

Getting started with Puppet on CentOS 6

This is a how to for setting up Puppet on machines running CentOS 6. Instructions were tested on CentOS 6.2 machines.

Introduction

Instructions below assume you have two machines named master.example.com which will be the Puppet master and client.example.com which will be the Puppet client.
Puppet requires machines to have full qualified domain names (FQDN). Also, the clocks on machines must be in sync. Enable NTP daemon on both machines to sync the machine clock to NTP servers. 
# service ntpd start

Prerequisites

Puppet requires "ruby" and "ruby-lib" packages installed.
To view puppet command-line help, you need "ruby-rdoc" package installed. 
# yum ruby ruby-lib ruby-rdoc
Puppet is not available in CentOS "base" repository. PuppetLabs provides a Yum repository for puppet. You can install a RPM provided by PuppetLabs to configure the Yum repository. 
# wget -c http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-1.noarch.rpm
# yum install puppetlabs-release-6-1.noarch.rpm

Puppet Server

Install Puppet server package on master.example.com 
[root@master ~]# yum install puppet-server
Start the Puppet master daemon. 
[root@master ~]# service puppetmaster start

Puppet and SSL

Puppet clients uses HTTPS to communicate with the server. In order to communicate with the server Puppet clients require valid SSL certificate. Puppet master daemon acts as CA (certificate authority) for SSL certificates.
During the first run of the puppet client it generates a SSL certificate and sends to puppet master. 
[root@client ~]# puppet agent --no-daemonize --onetime --verbose --debug --server=master.example.com
Before the client can successfully connect to the master, master has to sign the client certificate. 
[root@master ~]# puppet cert list --all
[root@master ~]# puppet cert --sign client.example.com

Puppet Client

Install Puppet client package on client.example.com 
[root@client ~]# yum install puppet
Test Puppet client from the command-line. We will assume that the master has valid signed certificate for client.example.com. 
[root@client ~]# puppet agent --help
[root@client ~]# puppet agent --no-daemonize --onetime --verbose --debug --server=master.example.com
See the "puppet agent --help" to understand the command line flags.

In the next post, we will see how to setup a "helloworld" example for Puppet.
Posted by at

3 comments:

Amos Shapira said...

You miss "install" in "yum ruby..."

February 7, 2012 at 2:46 PM
Amos Shapira said...

You can also do a direct "yum install http://yum.puppetlabs..." instead of wget+yum.

(feel free to remove my comments, they are not important for the article, just little improvements)

February 7, 2012 at 2:49 PM
RnD said...

Under Prerequisites, package name ruby-lib should be ruby-libs?

December 26, 2012 at 4:11 AM

Post a Comment

Subscribe to: Post Comments (Atom)