Configure Puppetmaster
For installing puppetmaster 2.4.1 on CentOS please click here for Part 1
In Part 1 we covered installing the Puppetmaster and Puppetd packages on Centos 5.5. We will now configure a very basic client/server model to serve the /etc/resolv.conf file to our client. Simple enough!
Create your first module
Our first module will be called networking::resolver, it’s job will be to push out a resolve.conf file to clients.
Create the directory structure under /etc/puppet
punch# cd /etc/puppet punch# mkdir modules punch# mkdir modules/networking punch# mkdir modules/networking/files punch# mkdir modules/networking/manifests punch# mkdir files
Create your resolv.conf file
punch# vi modules/networking/files/resolv.conf
Create your module manifest
punch# vi modules/networking/manifests/init.pp
class networking {
# Here you can add stuff to be inhereted by your networking classes
# We won't bother for this demonstration, but just for show!
}
class networking::resolver inherits networking {
file { "/etc/resolv.conf":
ensure => present,
source => "puppet:///modules/networking/resolv.conf",
group => "root",
owner => "root",
mode => "0755"
}
}Configure your site and nodes
Create a minimal site.pp
punch# vi manifests/site.pp
import "nodes"
import "templates"
filebucket { main: server => puppet }
Create a tempates file
punch# vi manifests/templates.pp
class baseclass {
include networking::resolver
}
node default {
include baseclass
}Create your node file
Don’t forget to replace judy.craigdunn.org with the fqdn of your client server
punch# vi manifests/nodes.pp
node 'basenode' {
include baseclass
}
node 'judy.craigdunn.org' inherits basenode {
}Set up puppetmaster parameters
Create default configuration
This is a minimal puppet.conf file, a more detailed file can be produced with puppetmasterd –genconfig
The autosign will automatically sign certs for new clients, this is discouraged in a production environment but useful for testing. For information on running puppetmaster without autosign see the puppetca documentation.
punch# vi puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
report = true
[master]
autosign = true Set permissions for your fileserver.
Note that this allows everything, you should restrict this in a production environment.
punch# vi fileserver.conf
[files] path /etc/puppet/files allow * [modules] allow * [plugins] allow *
Start puppetmaster
punch# service puppetmaster start Starting puppetmaster: [ OK ]
The puppet client
Configure puppetd
On your client, edit puppet.conf and add the following in the [agent] section, remembering to change punch.craigdunn.org to the fqdn of your Puppetmaster.
judy# vi /etc/puppet/puppet.conf
[agent]
server = punch.craigdunn.org
report = true
listen = trueAllow puppetrunner
Create a file called namespaceauth.conf and add the following, note in a production environment this should be restricted to the fqdn of your puppet master
judy# vi /etc/puppet/namespaceauth.conf
[puppetrunner] allow *
Start puppetd
judy# service puppet start
View pending changes
Use –test along with –noop to do a dry run to view the changes that puppetd will make
judy# puppetd --noop --test
[...]
notice: /Stage[main]/Networking::Resolver/File[/etc/resolv.conf]/content: is {md5}e71a913327efa3ec8dae8c1a6df09b43, should be {md5}24b6444365e7e012e8fdc5f302b56e9c (noop)
[...]
Now you can run puppetd without –noop to pull in your new resolv.conf file
This is a very basic demonstration of creating a server/client pair with puppet. There is much more documentation on configuring and managing puppet here