Home > Linux, Puppet, Redhat/CentOS, Software > Howto install Puppet, Dashboard, Passenger, ActiveMQ and MCollective entirely from Repos on CentOS 6

Howto install Puppet, Dashboard, Passenger, ActiveMQ and MCollective entirely from Repos on CentOS 6

19. Oktober 2012

Since first using Linux I’m a big fan of honoring the given package-manager like dpkg or rpm, because of not doing so there will always be a point where you get in trouble when updating your installation. So it bothered me when seeing puppet installations messing up the system with downloads of random stuff and pasting it all over the filesystem. So I tried to figure out a way of only using software from repos and here is the result. Beware this will be a very lengthy post.

Given is a Centos 6 i386 minimal installation. First needed tools and repos:

yum install vim wget openssh-clients
rpm -Uvh http://ftp-stud.hs-esslingen.de/pub/epel/6/i386/epel-release-6-7.noarch.rpm
rpm -Uvh http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-6.noarch.rpm

Now puppetdb:

yum install puppet-server puppetdb-terminus puppetdb

First configure autosigning of cert-requests (don’t do this in production environments)

# /etc/puppet/autosign.conf
*

Configuration of puppetdb:

# /etc/puppet/puppetdb.conf
[main]
server = $FQDNofyourpuppetmaster
port = 8081

# /etc/puppet/routes.yaml
---
master:
facts:
terminus: puppetdb
cache: yaml

# /etc/puppet/puppet.conf
[master]
storeconfigs = true
storeconfigs_backend = puppetdb

Fire up the ssl configuration:

/usr/sbin/puppetdb-ssl-setup

Bring stuff to work:

service puppetdb start
chkconfig puppetdb on
service puppetmaster start
chkconfig puppetmaster on

Next we are configuring the fileserver.

# /etc/puppet/fileserver.conf
[files]
path /etc/puppet/files
allow *.$YOURDOMAIN

No IPs allowed! The following example is to see if everything works:

# /etc/puppet/manifests/side.pp
import "classes/*"
node default {
include test
}

# /etc/puppet/manifests/classes/test.pp
class test {
file { "/tmp/test.txt":
owner => root,
group => root,
mode => 644,
source => "puppet:///files/test.txt"
}
}

mkdir /etc/puppet/files
echo "It works!" > /etc/puppet/files/test.txt

Next is Dashboard:

yum install puppet-dashboard mysql mysql-server
chkconfig mysqld on && service mysqld start
mysql -u root -e "CREATE DATABASE dashboard";
mysql -u root -e "CREATE DATABASE dashboard_dev";
mysql -u root -e "GRANT ALL PRIVILEGES ON dashboard.* TO dashboard@localhost IDENTIFIED BY '$MYSQLPASSWORD';"
mysql -u root -e "GRANT ALL PRIVILEGES ON dashboard_dev.* TO dashboard_dev@localhost IDENTIFIED BY '$MYSQLPASSWORD';"

# /usr/share/puppet-dashboard/config/database.yml
production:
database: dashboard
username: dashboard
password: dashboard
encoding: utf8
adapter: mysql
development:
database: dashboard_dev
username: dashboard_dev
password: dashboard_dev
encoding: utf8
adapter: mysql

cd /usr/share/puppet-dashboard
rake RAILS_ENV=development db:migrate
rake RAILS_ENV=production db:migrate

This expands your puppet.conf and not replaces it:

# /etc/puppet/puppet.conf
[agent]
report = true
[master]
reports = store, http
reporturl = http://$FQDNofyourpuppetmaster:3000/reports/upload"

Here you have to change only the named items:

# /usr/share/puppet-dashboard/config/settings.yml
ca_server: '$FQDNofyourpuppetmaster'
enable_inventory_service: true
inventory_server: '$FQDNofyourpuppetmaster'
use_file_bucket_diffs: true
file_bucket_server: '$FQDNofyourpuppetmaster'

cd /usr/share/puppet-dashboard/
sudo -u puppet-dashboard rake cert:create_key_pair
sudo -u puppet-dashboard rake cert:request
sudo -u puppet-dashboard rake RAILS_ENV=production reports:import
sudo -u puppet-dashboard rake cert:retrieve

# /etc/puppet/auth.conf
path /facts
auth yes
method find, search
allow dashboard

Set the correct timezone:

# /usr/share/puppet-dashboard/config/environment.rb
config.time_zone = 'Berlin'

chkconfig puppet-dashboard on
chkconfig puppet-dashboard start
service puppet-dashboard-workers start
service puppet-dashboard-workers on

Passenger:

yum --enablerepo=epel-testing install httpd mod_ssl mod_passenger

cp /usr/share/puppet/ext/rack/files/apache2.conf /etc/httpd/conf.d/rack.conf

Replace cert paths/filenames with corrent values in rack.conf

mkdir -p /etc/puppet/rack/public
mkdir -p /etc/puppet/rack/tmp
cp /usr/share/puppet/ext/rack/files/config.ru /etc/puppet/rack
chown puppet /etc/puppet/rack/config.ru

Add this:

# /etc/puppet/puppet.conf
[master]
< ..>
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY

Do this:

service puppetmaster stop
chkconfig puppetmaster off
chkconfig httpd on
servive httpd start

ActiveMQ

yum install java-1.6.0-openjdk activemq
cd /etc/activemq
mv activemq.xml activemq.xml-org
wget https://raw.github.com/puppetlabs/marionette-collective/master/ext/activemq/examples/single-broker/activemq.xml

Here you have to change only the named items:

# /etc/activemq/activemq.xml
transportconnector name="openwire" uri="tcp://0.0.0.0:61616"/
transportconnector name="stomp" uri="stomp://0.0.0.0:61613"/

service activemq start
chkconfig activemq on

And finally MCollective with a bunch of plugins:

yum install mcollective mcollective-client mcollective-common rubygem-stomp

cd /usr/libexec/mcollective/mcollective/application
for i in filemgr package puppetd service; do
wget https://raw.github.com/puppetlabs/mcollective-plugins/master/agent/$i/application/$i.rb
done
wget https://raw.github.com/phobos182/mcollective-plugins/master/agent/shell/shell.rb
wget https://raw.github.com/phobos182/mcollective-plugins/master/agent/yum/application/yum.rb
wget https://raw.github.com/phobos182/mcollective-plugins/master/agent/etcfacts/application/etcfacts.rb

cd /usr/libexec/mcollective/mcollective/agent
for i in filemgr puppetd puppetral puppetca; do
wget https://raw.github.com/puppetlabs/mcollective-plugins/master/agent/$i/agent/$i.rb
wget https://raw.github.com/puppetlabs/mcollective-plugins/master/agent/$i/agent/$i.ddl
done
wget -O package.rb https://raw.github.com/puppetlabs/mcollective-plugins/master/agent/package/agent/puppet-package.rb
wget https://raw.github.com/puppetlabs/mcollective-plugins/master/agent/package/agent/package.ddl
wget -O service.rb https://raw.github.com/puppetlabs/mcollective-plugins/master/agent/service/agent/puppet-service.rb
wget https://raw.github.com/puppetlabs/mcollective-plugins/master/agent/service/agent/service.ddl
wget https://raw.github.com/phobos182/mcollective-plugins/master/agent/etcfacts/etc_facts.rb
wget https://raw.github.com/phobos182/mcollective-plugins/master/agent/etcfacts/etc_facts.ddl
wget https://raw.github.com/phobos182/mcollective-plugins/master/agent/shell/shell.rb
wget https://raw.github.com/phobos182/mcollective-plugins/master/agent/shell/shell.ddl
wget https://raw.github.com/phobos182/mcollective-plugins/master/agent/yum/yum.rb
wget https://raw.github.com/phobos182/mcollective-plugins/master/agent/yum/yum.ddl

cd /usr/libexec/mcollective/mcollective/facts/
wget https://raw.github.com/puppetlabs/mcollective-plugins/master/facts/facter/facter_facts.rb

# /etc/mcollective/client.cfg
# main config
libdir = /usr/libexec/mcollective
logfile = /dev/null
loglevel = error
# connector plugin config
connector = stomp
plugin.stomp.host = $FQDNofyourpuppetmaster
plugin.stomp.port = 61613
plugin.stomp.user = mcollective
plugin.stomp.password = marionette
# security plugin config
securityprovider = psk
plugin.psk = abcdefghj

# /etc/mcollective/server.cfg
# main config
libdir = /usr/libexec/mcollective
logfile = /var/log/mcollective.log
daemonize = 1
loglevel = info
# connector plugin config
connector = stomp
plugin.stomp.host = $FQDNofyourpuppetmaster
plugin.stomp.port = 61613
plugin.stomp.user = mcollective
plugin.stomp.password = marionette
# facts
factsource = yaml
plugin.yaml = /etc/mcollective/facts.yaml
# security plugin config
securityprovider = psk
plugin.psk = abcdefghj

# /etc/mcollective/facts.yaml
---
location: Datacenter1
country: de

service mcollective start
chkconfig mcollective on

Have fun!

  1. 22. Oktober 2012, 09:33 | #1

    nice howto – overlook how to get this working.

    did you know monigusto?

    https://github.com/monigusto/vagrant-monigusto

Kommentare sind geschlossen