On the puppet server:

install facter-1.3.7.tgz and puppet-0.23.2.tgz

if necessary install ruby

copy the following init script to /etc/init.d and chmod +x

#!/bin/bash
# puppetmaster This shell script enables the puppetmaster server.
#
# Author: Duane Griffin <d.griffin@psenterprise.com>
#
# chkconfig: - 65 45
#
# description: Server for the puppet system management tool.
# processname: puppetmaster

PATH=/usr/bin:/sbin:/bin:/usr/sbin
export PATH

lockfile=/var/lock/subsys/puppetmaster

# Source function library.
. /etc/rc.d/init.d/functions

if [ -f /etc/sysconfig/puppetmaster ]; then
. /etc/sysconfig/puppetmaster
fi

PUPPETMASTER_OPTS=""
[ -n "$PUPPETMASTER_MANIFEST" ] && PUPPETMASTER_OPTS="--manifest=${PUPPETMASTER_MANIFEST}"
[ -n "$PUPPETMASTER_LOG" ] && PUPPETMASTER_OPTS="${PUPPETMASTER_OPTS} --logdest=${PUPPETMASTER_LOG}"
PUPPETMASTER_OPTS="${PUPPETMASTER_OPTS}
${PUPPETMASTER_EXTRA_OPTS}"

RETVAL=0

prog=puppetmasterd
PUPPETMASTER=/usr/bin/$prog

start() {
echo -n $"Starting puppetmaster: "

# Confirm the manifest exists
if [ -r $PUPPETMASTER_MANIFEST ]; then
daemon $PUPPETMASTER $PUPPETMASTER_OPTS
RETVAL=$?
else
failure $"Manifest does not exist: $PUPPETMASTER_MANIFEST"
echo
return 1
fi
[ $RETVAL -eq 0 ] && touch "$lockfile"
echo
return $RETVAL
}

stop() {
echo -n $"Stopping puppetmaster: "
killproc $PUPPETMASTER
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f "$lockfile"
return $RETVAL
}

restart() {
stop
start
}

case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload|force-reload)
restart
;;
condrestart)
[ -f "$lockfile" ] && restart
;;
status)
status $PUPPETMASTER
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart}"
exit 1
esac

exit $RETVAL

##############################################

Copy the following into /etc/sysconfig/puppetmaster

# Location of the main manifest
PUPPETMASTER_MANIFEST=/etc/puppet/manifests/site.pp

# Where to log general messages to.
# Specify syslog to send log messages to the system log.
PUPPETMASTER_LOG=syslog

# You may specify other parameters to the puppetmaster here
#PUPPETMASTER_EXTRA_OPTS=--noca

###############################################

Copy the following into /etc/puppet/fileserver.conf

# This file consists of arbitrarily named sections/modules
# defining where files are served from and to whom

# Define a section 'files'
# Adapt the allow/deny settings to your needs. Order
# for allow/deny does not matter, allow always takes precedence
# over deny
# [files]
# path /var/lib/puppet/files
# allow *.example.com
# deny *.evil.example.com
# allow 192.168.0.0/24
[dist]
path /dist
allow *

[private]
path /dist/private/%h
allow *

###############################################

Copy the following into /etc/puppet/manifests/site.pp

# site.pp

# import functions
import "functions.pp"

# import all of the os classes, like redhat.pp
#import "os/*"

# import all of the server classes, like webserver.pp
import "classes/*"

node default {
include sudo
}

###############################################

Create folders /etc/puppet/manifests/classes and
/etc/puppet/manifests/os

################################################

Copy the following into /etc/puppet/manifests/functions.pp

# functions.pp

define remotefile($owner = root, $server = santa, $group = root, $mode, $source, $backup = false, $recurse = false) {
file {
$name:
mode => $mode,
owner => $owner,
group => $group,
backup => $backup,
source => "puppet://$server/dist/$source"
}
}

###############################################

Start the server with:

service puppet start

or for testing:
puppetmasterd --verbose

###############################################
###############################################
###############################################

On the puppet client:

install facter-1.3.7.tgz and puppet-0.23.2.tgz from http://santa/install/puppet

Copy the following into /etc/init.d/puppet

#!/bin/bash
# puppet Init script for running the puppet client daemon
#
# Author: Duane Griffin <d.griffin@psenterprise.com>
# David Lutterkort <dlutter@redhat.com>
#
# chkconfig: - 98 02
#
# description: Enables periodic system configuration checks through puppet.
# processname: puppet
# config: /etc/sysconfig/puppet

PATH=/usr/bin:/sbin:/bin:/usr/sbin:/apps/ruby/ruby-1.8.5/bin/puppetd
export PATH

[ -f /etc/sysconfig/puppet ] && . /etc/sysconfig/puppet
lockfile=${LOCKFILE-/var/lock/subsys/puppet}
pidfile=${PIDFILE-/var/run/puppet/puppet.pid}
puppetd=${PUPPETD-/apps/ruby/ruby-1.8.5/bin/puppetd}
RETVAL=0

# Source function library.
. /etc/rc.d/init.d/functions

PUPPET_OPTS=""
[ -n "${PUPPET_SERVER}" ] && PUPPET_OPTS="--server=${PUPPET_SERVER}"
[ -n "$PUPPET_LOG" ] && PUPPET_OPTS="${PUPPET_OPTS} --logdest=${PUPPET_LOG}"
[ -n "$PUPPET_PORT" ] && PUPPET_OPTS="${PUPPET_OPTS} --port=${PUPPET_PORT}"

# Figure out if the system just booted. Let's assume
# boot doesn't take longer than 5 minutes
## Not used for now
##[ -n "$INIT_VERSION" ] && PUPPET_OPTS="${PUPPET_OPTS} --fullrun"

start() {
echo -n $"Starting puppet: "
daemon $puppetd ${PUPPET_OPTS} ${PUPPET_EXTRA_OPTS}
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch ${lockfile}
return $RETVAL
}

stop() {
echo -n $"Stopping puppet: "
killproc $puppetd
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}
}

reload() {
echo -n $"Restarting puppet: "
killproc $puppetd -HUP
RETVAL=$?
echo
return $RETVAL
}

restart() {
stop
start
}

case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload|force-reload)
reload
;;
condrestart|try-restart)
[ -f "$pidfile" ] && restart
;;
status)
status $puppetd
RETVAL=$?
;;
once)
shift
$puppetd -o ${PUPPET_OPTS} ${PUPPET_EXTRA_OPTS} $@
;;
*)
echo $"Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart|once}"
exit 1
esac

exit $RETVAL

###############################################

Copy the following into /etc/sysconfig/puppet

# The puppetmaster server
PUPPET_SERVER=puppet.pvalentino.lan

# If you wish to specify the port to connect to do so here
#PUPPET_PORT=8140

# Where to log to. Specify syslog to send log messages to the system log.
PUPPET_LOG=/var/log/puppet/puppet.log

# You may specify other parameters to the puppet client here
#PUPPET_EXTRA_OPTS=--waitforcert=500

###############################################

Copy the following int /etc/logrotate.d/puppet

/var/log/puppet/*log {
missingok
create 0644 puppet puppet
postrotate
[ -e /etc/init.d/puppetmaster ] && /etc/init.d/puppetmaster condrestart >/dev/null 2>&1 || true
[ -e /etc/init.d/puppet ] && /etc/init.d/puppet reload > /dev/null 2>&1 || true
endscript
}

###############################################

Start the client with:

puppetd --waitforcert 30 --server puppet.pvalentino.lan -v


Back on server for first client connect to issue and sign client certificate:
puppetca --list
puppetca --sign clientname.pvalentino.lan

###############################################

In the /etc/puppet/manifests/classes folder create the following files:

sudo.pp containing:

class sudo {
file { sudoers:
path => $operatingsystem ? {
solaris => "/usr/local/etc/sudoers",
default => "/etc/sudoers"
},
owner => "root",
group => "root",
mode => 644,
source => "puppet://puppet.pvalentino.lan/dist/apps/sudo/sudoers"
}
}


-----------------------------------------
crontab.pp containing:

# /etc/puppet/manifests/classes/crontab.pp

class sudo {
file { "/etc/crontab":
owner => "root",
group => "root",
mode => 600,
}
}

------------------------------------------

# /etc/puppet/manifests/classes/login.pp

class sudo {
file { "/etc/login.defs":
owner => "root",
group => "root",
mode => 640,
}
}
-------------------------------------------
# /etc/puppet/manifests/classes/xinetd.pp

class sudo {
file { "/etc/xinetd.conf":
owner => "root",
group => "root",
mode => 640,
}
}

1 comment:

Anonymous said...

Hello Paul,

Well i have installed puppet and was unable to get the puppetd service. Your init script helped great deal !. Thank you!!.

Regards,
Gokul