10.1.1.10 pmaster.test.net 10.1.1.11 stage.test.net
rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm rpm -ivh http://mirror.logol.ru/epel/6/i386/epel-release-6-8.noarch.rpm
yum –y install puppet-server
hiera 1.3.4-1.el6 ruby 1.8.7.374-4.el6_ rubygems 1.3.7
PUPPET_LOG=/var/log/puppet/puppet.log
confdir = /etc/puppet server = pmaster.test.net certname = pmaster.test.net environmentpath = $confdir/environments basemodulepath = $confdir/modules default_manifest = $confdir/manifests hiera_config = $confdir/hiera.yaml environment_timeout = unlimited dns_alt_names = pmaster.test.net,stage.test.net vardir=/var/lib/puppet
[user] http_proxy_host = proxy01.int http_proxy_port = 8080
puppet config print
rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm rpm -ivh http://mirror.logol.ru/epel/6/i386/epel-release-6-8.noarch.rpm
yum –y install puppet
PUPPET_SERVER=pmaster.test.net PUPPET_PORT=8140 PUPPET_LOG=/var/log/puppet/puppet.log PUPPET_EXTRA_OPTS=--waitforcert=500
server = pmaster.test.net
puppet agent --test --ca_server=pmaster.test.net
Error: Could not request certificate: No route to host - connect(2)
Debug: Creating new connection for https://pmaster.test.net:8140 Error: Could not request certificate: No route to host - connect(2)
Info: Caching certificate for ca Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for stage.test.net Info: Certificate Request fingerprint (SHA256): 89:19:56:C4:76:0F:7F:C3:14:F3:D7:91:81:8C:A3:07:C5:55:AC:32:35:F5:93:6A:1B:17:DE:AC:EB:5D:DD:44 Info: Caching certificate for ca Exiting; no certificate found and waitforcert is disabled
puppet cert list --all "stage.test.net" (SHA256) 89:19:56:C4:76:0F:7F:C3:14:F3:D7:91:81:8C:A3:07:C5:55:AC:32:35:F5:93:6A:1B:17:DE:AC:EB:5D:DD:44 + "pmaster.test.net" (SHA256) 67:F8:6A:01:58:9B:1F:24:46:12:4E:5D:FB:39:60:12:79:4C:2C:6C:BE:EF:D2:27:52:95:6C:AE:B3:6C:05:1E (alt names: "DNS:pmaster.test.net", "DNS:stage.test.net")
puppet cert --sign –all Notice: Signed certificate request for stage.test.net Notice: Removing file Puppet::SSL::CertificateRequest stage.test.net at '/var/lib/puppet/ssl/ca/requests/stage.test.net.pem'
puppet module search passwd Notice: Searching https://forgeapi.puppetlabs.com ... NAME DESCRIPTION AUTHOR KEYWORDS fraenki-vpasswd Manage virtual users @fraenki dovecot proftpd virtual user passwd wcooley-name_service Type & provider to manage system name service configuration @wcooley dns files ldap passwd lookup group reidmv-local_user Example local user pattern @reidmv user local passwd
puppet module generate myname-mytest
class mytest { file { '/tmp/puppettestfile': path => '/tmp/puppettestfile', ensure => file, content => 'test text' } file { '/tmp/puppettestdir': path => "/tmp/puppettestdir", ensure => directory } }
node default { } node 'stage.test.net' { include mytest }
puppet agent –test
puppet agent --test Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for stage.test.net Info: Applying configuration version '1448981968' Notice: /Stage[main]/Mytest/File[/tmp/puppettestdir]/ensure: created Notice: /Stage[main]/Mytest/File[/tmp/puppettestfile]/ensure: defined content as '{md5}1e2db57dd6527ad4f8f281ab028d2c70' Notice: Finished catalog run in 0.15 seconds
ls -l /tmp/puppet* -rw-r--r-- 1 root root 9 Dec 1 09:54 /tmp/puppetenv -rw-r--r-- 1 root root 9 Dec 1 09:59 /tmp/puppettestfile
/etc/init.d/puppetmaster stop
yum install httpd yum install mod_passenger yum install mod_ssl yum install gcc-c++ yum install libcurl-devel openssl-devel zlib-devel httpd-devel ruby-devel gem install rack gem install passenger
passenger-install-apache2-module ls -l /usr/lib/ruby/gems/1.8/gems/passenger-5.0.21/buildout/apache2/mod_passenger.so
mkdir -p /usr/share/puppet/rack/puppetmasterd mkdir /usr/share/puppet/rack/puppetmasterd/public /usr/share/puppet/rack/puppetmasterd/tmp cp /usr/share/puppet/ext/rack/config.ru /usr/share/puppet/rack/puppetmasterd/ chown puppet:puppet /usr/share/puppet/rack/puppetmasterd/config.ru
[master] always_cache_features = true ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY
LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-5.0.21/buildout/apache2/mod_passenger.so <IfModule mod_passenger.c> PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-5.0.21 PassengerDefaultRuby /usr/bin/ruby </IfModule> PassengerHighPerformance on PassengerMaxPoolSize 12 PassengerPoolIdleTime 600 PassengerMaxRequests 1000 PassengerStatThrottleRate 120 Listen 8140 <VirtualHost *:8140> SSLEngine on SSLProtocol ALL -SSLv2 -SSLv3 SSLCipherSuite EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SS SSLHonorCipherOrder on SSLCertificateFile /var/lib/puppet/ssl/certs/pmaster.test.net.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/pmaster.test.net.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars +ExportCertData RequestHeader unset X-Forwarded-For RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e DocumentRoot /usr/share/puppet/rack/puppetmasterd/public RackBaseURI / <Directory /usr/share/puppet/rack/puppetmasterd/> Options None AllowOverride None Order allow,deny allow from all </Directory> ErrorLog /var/log/httpd/puppet-server_error.log CustomLog /var/log/httpd/puppet-server_access.log combined </VirtualHost>
: EECDH + aRSA + AESGCM: EECDH + aRSA + SHA384: EECDH + aRSA + SHA256: EECDH: + CAMELLIA256: + AES256: + CAMELLIA128: + AES128: + SS LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-5.0.21/buildout/apache2/mod_passenger.so <IfModule mod_passenger.c> PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-5.0.21 PassengerDefaultRuby /usr/bin/ruby </IfModule> PassengerHighPerformance on PassengerMaxPoolSize 12 PassengerPoolIdleTime 600 PassengerMaxRequests 1000 PassengerStatThrottleRate 120 Listen 8140 <VirtualHost *:8140> SSLEngine on SSLProtocol ALL -SSLv2 -SSLv3 SSLCipherSuite EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SS SSLHonorCipherOrder on SSLCertificateFile /var/lib/puppet/ssl/certs/pmaster.test.net.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/pmaster.test.net.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars +ExportCertData RequestHeader unset X-Forwarded-For RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e DocumentRoot /usr/share/puppet/rack/puppetmasterd/public RackBaseURI / <Directory /usr/share/puppet/rack/puppetmasterd/> Options None AllowOverride None Order allow,deny allow from all </Directory> ErrorLog /var/log/httpd/puppet-server_error.log CustomLog /var/log/httpd/puppet-server_access.log combined </VirtualHost>
/etc/init.d/httpd start
puppet agent --test
Source: https://habr.com/ru/post/272199/
All Articles