Monday, January 7, 2013

Basic puppet installation on each client

I can have autosign on for self signed certificates.  On the server edit /etc/puppet/autosign.conf putting in the one line:

*.example.com

Where example.com is the domain running Puppet.

On the client:

Linux: apt-get install puppet
OpenBSD: pkg_add ruby-facter && pkg_add ruby-puppet
OpenBSD5.5: pkg_add -v ftp://ftp.openbsd.org/pub/OpenBSD/5.5/packages/amd64/facter
        pkg_add -v ftp://ftp.openbsd.org/pub/OpenBSD/5.5/packages/amd64/puppet
Solaris: pkgadd -d http://get.opencsw.org/now (turn off http_proxy), /opt/csw/bin/pkgutil -i -y puppet3 - puppet goes into /opt/csw/bin/puppet

edit /etc/puppet/puppet.conf, adding:

[main]
server=server.fqdn

[master]
certname=server.fqdn

On the server:

[optional] amend /etc/puppet/manifests/nodes.pp

On the client:

Ensure the client.fqdn is listed as the first entry in the /etc/hosts in the 127.0.0.1 entry.

puppet agent --enable
puppet agent --server=server.fqdn --no-daemonize --verbose

On the server:

 puppet cert --list
puppet cert --sign client.fqdn

On the client: wait for two minutes, or interrupt and run the puppet agent command again.

You will then most likely see an error message such as this, even though you've done nothing wrong:
err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
On the client:

cd /var/lib/puppet/ssl (/var/puppet/ssl on FreeBSD; /etc/puppet/ssl on OpenBSD; /var/opt/csw/puppet/ssl on Solaris)
find . -type f | xargs rm -f

On the server:

puppet cert --clean client.fqdn

Repeat the above puppet agent call and subsequent steps a few times.  Eventually it will work.

On the client:

Amend /etc/default/puppet: START=yes
Add puppet agent --test to /etc/rc.local and ensure it's started in /etc/init.d.
On Solaris 11 run "/usr/sbin/svcadm enable puppet:agent"

Solaris - check  http://projects.puppetlabs.com/projects/1/wiki/Puppet_Solaris looking for CSW

Older Linux clients when talking to a new server may fail with WEBrick::HTTPStatus::RequestURITooLarge.  If that fails, find webrick/httprequest.rb on the server and change:

MAX_URI_LENGTH = 2083 # :nodoc:


to


MAX_URI_LENGTH = 4096 # :nodoc: 


 


Then restart the puppetmaster. 






On Darwin you may need to set LANG=en_US.UTF-8


 


To test the manifest:


 


cd /etc/puppet/manifests; puppet apply nodes.pp 


 


If the server complains with 404 errors loading the puppet stuff run:


 


passenger-install-apache2-module 


 


If you delete the certificates on the server by mistake, run this on the server to regenerate its certificate:


 


  puppet cert generate server.fqdn










Posted by



at











































No comments:















Post a Comment
























        

      









Subscribe to:
Post Comments (Atom)