Home > Linux > Installing and Configuring Puppet on CentOS Linux

Installing and Configuring Puppet on CentOS Linux

Puppet is a configuration management tool that allows you to centralize the management of your Linux and UNIX systems.  Windows admins can think of it like group policy but for Linux/UNIX.  It is not the first management tool  available for Linux/UNIX but it is robust and relatively easy to get a basic configuration set up.  It operates with a master server called the Puppetmaster that is responsible for registering clients with the Puppet service and contains the configuration information that will be distributed out to the clients.  In this tutorial I will configure a basic Puppetmaster server with a single client that are both running CentOS Linux 5.5.  scfb.info

One item to note is that you should make sure that the time on your Puppetmaster server and Puppet client are synchronized properly.  On my first attempt I received an error message pertaining to certificates that Puppet uses not be verified.  Turned out that the system clock on the client was off by a few hours.  So word to the wise, have your clocks synced!

In addition now is a good time to configure your DNS settings for Puppet.  By default Puppet clients will attempt to a Puppetmaster server named “puppet”.  You can specify a different Puppetmaster server name in the Puppet configuration file.  You don’t need to change the actual hostname of the Puppetmaster server, you can just add a “puppet” CNAME record linking to your Puppetmaster server’s A record within DNS.  You will also want to make sure that the domain that the Puppet record is listed in is in the search domain of the Puppet client.

First off we need to configure on both servers the Extra Packages for Enterprise Linux (EPEL) yum repository, which maintains a compiled copy of the Puppet software.

server&client# rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm

Configuring Puppetmaster Server

Now install the Puppetmaster daemon on the server, it several dependencies will be included including the Puppet client software.

server# yum install puppet-server

The Puppetmaster server also needs to be configured with a firewall access rule to permit listening for Puppet client requests.  By default this is TCP port 8140.  Add this line to the Puppetmaster server’s “/etc/sysconfig/iptables” file:

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 8140 -j ACCEPT

Restart the iptables firewall to activate the new configuration:

server# service iptables restart

Now to test Puppet’s functionality you should set up a sample Puppet site manifest.  Manifests are one or more files where Puppet stores configuration information, and a site manifest is the central hub where the Puppetmaster daemon looks for initial configuration info and links to other manifest files.

server# nano /etc/puppet/manifests/site.pp

Copy this into the “site.pp” file:

file { "/etc/resolv.conf":
        owner => "root",
        group => "root",
        mode  => 644,
}

Basically what this configuration does is identify a file on the Puppet client and sets file security permissions on it.  The information should be self explanatory, the mode parameter corresponds to the file access permissions set with the “chmod” utility.

Now we’ll start up the Puppetmaster daemon in no-daemonize mode which will keep it running in the foreground on the console screen so that we can view output as it is generated.

server# puppetmasterd --verbose --no-daemonize

Advertisements

Pages: 1 2

Categories: Linux Tags:
  1. fooologist
    December 9, 2010 at 5:29 pm

    It seems that this post cuts off half way through … is there more describing client setup?

    • December 9, 2010 at 7:32 pm

      Hi Fooologist,

      You did see the 2nd page, right? In this article I was basically concerned with getting the initial configuration of the server and client talking with each other, and confirmed that the Puppetmaster was pushing out a policy setting by setting the access permissions of a file on the client.

      For a more in depth discussion on what configuration settings and policies you can apply to clients I would recommended venturing over to the Puppet Labs website and browse the various “recipes” people have made available. Also the book Pulling Strings with Puppet has a very good detailed example scenario.

      BW,
      Aaron

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: