On the puppet server:
install facter-1.3.7.tgz and puppet-0.23.2.tgz
if necessary install ruby
copy the following init script to /etc/init.d and chmod +x
#!/bin/bash
# puppetmaster This shell script enables the puppetmaster server.
#
# Author: Duane Griffin <d.griffin@psenterprise.com>
#
# chkconfig: - 65 45
#
# description: Server for the puppet system management tool.
# processname: puppetmaster
PATH=/usr/bin:/sbin:/bin:/usr/sbin
export PATH
lockfile=/var/lock/subsys/puppetmaster
# Source function library.
. /etc/rc.d/init.d/functions
if [ -f /etc/sysconfig/puppetmaster ]; then
. /etc/sysconfig/puppetmaster
fi
PUPPETMASTER_OPTS=""
[ -n "$PUPPETMASTER_MANIFEST" ] && PUPPETMASTER_OPTS="--manifest=${PUPPETMASTER_MANIFEST}"
[ -n "$PUPPETMASTER_LOG" ] && PUPPETMASTER_OPTS="${PUPPETMASTER_OPTS} --logdest=${PUPPETMASTER_LOG}"
PUPPETMASTER_OPTS="${PUPPETMASTER_OPTS}
${PUPPETMASTER_EXTRA_OPTS}"
RETVAL=0
prog=puppetmasterd
PUPPETMASTER=/usr/bin/$prog
start() {
echo -n $"Starting puppetmaster: "
# Confirm the manifest exists
if [ -r $PUPPETMASTER_MANIFEST ]; then
daemon $PUPPETMASTER $PUPPETMASTER_OPTS
RETVAL=$?
else
failure $"Manifest does not exist: $PUPPETMASTER_MANIFEST"
echo
return 1
fi
[ $RETVAL -eq 0 ] && touch "$lockfile"
echo
return $RETVAL
}
stop() {
echo -n $"Stopping puppetmaster: "
killproc $PUPPETMASTER
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f "$lockfile"
return $RETVAL
}
restart() {
stop
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload|force-reload)
restart
;;
condrestart)
[ -f "$lockfile" ] && restart
;;
status)
status $PUPPETMASTER
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart}"
exit 1
esac
exit $RETVAL
##############################################
Copy the following into /etc/sysconfig/puppetmaster
# Location of the main manifest
PUPPETMASTER_MANIFEST=/etc/puppet/manifests/site.pp
# Where to log general messages to.
# Specify syslog to send log messages to the system log.
PUPPETMASTER_LOG=syslog
# You may specify other parameters to the puppetmaster here
#PUPPETMASTER_EXTRA_OPTS=--noca
###############################################
Copy the following into /etc/puppet/fileserver.conf
# This file consists of arbitrarily named sections/modules
# defining where files are served from and to whom
# Define a section 'files'
# Adapt the allow/deny settings to your needs. Order
# for allow/deny does not matter, allow always takes precedence
# over deny
# [files]
# path /var/lib/puppet/files
# allow *.example.com
# deny *.evil.example.com
# allow 192.168.0.0/24
[dist]
path /dist
allow *
[private]
path /dist/private/%h
allow *
###############################################
Copy the following into /etc/puppet/manifests/site.pp
# site.pp
# import functions
import "functions.pp"
# import all of the os classes, like redhat.pp
#import "os/*"
# import all of the server classes, like webserver.pp
import "classes/*"
node default {
include sudo
}
###############################################
Create folders /etc/puppet/manifests/classes and
/etc/puppet/manifests/os
################################################
Copy the following into /etc/puppet/manifests/functions.pp
# functions.pp
define remotefile($owner = root, $server = santa, $group = root, $mode, $source, $backup = false, $recurse = false) {
file {
$name:
mode => $mode,
owner => $owner,
group => $group,
backup => $backup,
source => "puppet://$server/dist/$source"
}
}
###############################################
Start the server with:
service puppet start
or for testing:
puppetmasterd --verbose
###############################################
###############################################
###############################################
On the puppet client:
install facter-1.3.7.tgz and puppet-0.23.2.tgz from http://santa/install/puppet
Copy the following into /etc/init.d/puppet
#!/bin/bash
# puppet Init script for running the puppet client daemon
#
# Author: Duane Griffin <d.griffin@psenterprise.com>
# David Lutterkort <dlutter@redhat.com>
#
# chkconfig: - 98 02
#
# description: Enables periodic system configuration checks through puppet.
# processname: puppet
# config: /etc/sysconfig/puppet
PATH=/usr/bin:/sbin:/bin:/usr/sbin:/apps/ruby/ruby-1.8.5/bin/puppetd
export PATH
[ -f /etc/sysconfig/puppet ] && . /etc/sysconfig/puppet
lockfile=${LOCKFILE-/var/lock/subsys/puppet}
pidfile=${PIDFILE-/var/run/puppet/puppet.pid}
puppetd=${PUPPETD-/apps/ruby/ruby-1.8.5/bin/puppetd}
RETVAL=0
# Source function library.
. /etc/rc.d/init.d/functions
PUPPET_OPTS=""
[ -n "${PUPPET_SERVER}" ] && PUPPET_OPTS="--server=${PUPPET_SERVER}"
[ -n "$PUPPET_LOG" ] && PUPPET_OPTS="${PUPPET_OPTS} --logdest=${PUPPET_LOG}"
[ -n "$PUPPET_PORT" ] && PUPPET_OPTS="${PUPPET_OPTS} --port=${PUPPET_PORT}"
# Figure out if the system just booted. Let's assume
# boot doesn't take longer than 5 minutes
## Not used for now
##[ -n "$INIT_VERSION" ] && PUPPET_OPTS="${PUPPET_OPTS} --fullrun"
start() {
echo -n $"Starting puppet: "
daemon $puppetd ${PUPPET_OPTS} ${PUPPET_EXTRA_OPTS}
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch ${lockfile}
return $RETVAL
}
stop() {
echo -n $"Stopping puppet: "
killproc $puppetd
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}
}
reload() {
echo -n $"Restarting puppet: "
killproc $puppetd -HUP
RETVAL=$?
echo
return $RETVAL
}
restart() {
stop
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload|force-reload)
reload
;;
condrestart|try-restart)
[ -f "$pidfile" ] && restart
;;
status)
status $puppetd
RETVAL=$?
;;
once)
shift
$puppetd -o ${PUPPET_OPTS} ${PUPPET_EXTRA_OPTS} $@
;;
*)
echo $"Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart|once}"
exit 1
esac
exit $RETVAL
###############################################
Copy the following into /etc/sysconfig/puppet
# The puppetmaster server
PUPPET_SERVER=puppet.pvalentino.lan
# If you wish to specify the port to connect to do so here
#PUPPET_PORT=8140
# Where to log to. Specify syslog to send log messages to the system log.
PUPPET_LOG=/var/log/puppet/puppet.log
# You may specify other parameters to the puppet client here
#PUPPET_EXTRA_OPTS=--waitforcert=500
###############################################
Copy the following int /etc/logrotate.d/puppet
/var/log/puppet/*log {
missingok
create 0644 puppet puppet
postrotate
[ -e /etc/init.d/puppetmaster ] && /etc/init.d/puppetmaster condrestart >/dev/null 2>&1 || true
[ -e /etc/init.d/puppet ] && /etc/init.d/puppet reload > /dev/null 2>&1 || true
endscript
}
###############################################
Start the client with:
puppetd --waitforcert 30 --server puppet.pvalentino.lan -v
Back on server for first client connect to issue and sign client certificate:
puppetca --list
puppetca --sign clientname.pvalentino.lan
###############################################
In the /etc/puppet/manifests/classes folder create the following files:
sudo.pp containing:
class sudo {
file { sudoers:
path => $operatingsystem ? {
solaris => "/usr/local/etc/sudoers",
default => "/etc/sudoers"
},
owner => "root",
group => "root",
mode => 644,
source => "puppet://puppet.pvalentino.lan/dist/apps/sudo/sudoers"
}
}
-----------------------------------------
crontab.pp containing:
# /etc/puppet/manifests/classes/crontab.pp
class sudo {
file { "/etc/crontab":
owner => "root",
group => "root",
mode => 600,
}
}
------------------------------------------
# /etc/puppet/manifests/classes/login.pp
class sudo {
file { "/etc/login.defs":
owner => "root",
group => "root",
mode => 640,
}
}
-------------------------------------------
# /etc/puppet/manifests/classes/xinetd.pp
class sudo {
file { "/etc/xinetd.conf":
owner => "root",
group => "root",
mode => 640,
}
}
1 comment:
Hello Paul,
Well i have installed puppet and was unable to get the puppetd service. Your init script helped great deal !. Thank you!!.
Regards,
Gokul
Post a Comment