================================================================== Checklist to install puppet 4 server and initially attach clients: ================================================================== Server: ======= 1. Install the latest puppetlabs collection repo:: yum -y install \ http://yum.puppetlabs.com/puppetlabs-release-pc1-el-6.noarch.rpm 2. Install the puppet server:: yum install puppetserver 3. Update firewall as needed:: # iptables -I INPUT 5 -p tcp --dport 8140 -j ACCEPT # show input Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8140 6 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited 4. Configure the puppet server: * Config files: * Primary config file at /etc/puppetlabs/puppetserver/conf.d * Historic config file at /etc/puppetlabs/puppet/puppet.conf * Any config options available in the conf.d files will be ignored in puppet.conf. Another warning: a setting left undefined in config files will revert to default value rather than using the values from puppet.conf. Long story short: don't use puppet.conf for puppet server. ``puppet`` commands, though, **will** use this file so keep the parameters in sync. Options to keep in sync: +-----------------+-------------+------------------------------------------+ | puppet.server | puppet.conf | Default | +=================+=============+==========================================+ | master-conf-dir | confdir | /etc/puppetlabs/puppet | +-----------------+-------------+------------------------------------------+ | master-code-dir | codedir | /etc/puppetlabs/code | +-----------------+-------------+------------------------------------------+ | master-var-dir | vardir | /opt/puppetlabs/server/data/puppetserver | +-----------------+-------------+------------------------------------------+ | master-run-dir | rundir | /var/run/puppetlabs/puppetserver | +-----------------+-------------+------------------------------------------+ | master-log-dir | logdir | /var/log/puppetlabs/puppetserver | +-----------------+-------------+------------------------------------------+ * Update puppet.conf to put volatile files under /var in puppet.conf and puppetserver.conf. Update ownership and perms:: # /etc/puppetlabs/puppet/puppet.conf [agent] # req for puppet agent runs vardir = /var/opt/puppetlabs/puppetserver ssldir = $vardir/ssl [user] vardir = /var/opt/puppetlabs/puppetserver ssldir = $vardir/ssl [master] vardir = /var/opt/puppetlabs/puppetserver ssldir = $vardir/ssl # /etc/puppetlabs/puppetserver/conf.d/puppetserver.conf # (optional) path to puppet conf dir; if not specified, will use # /etc/puppetlabs/puppet master-var-dir: /var/opt/puppetlabs/puppetserver # mkdir -p -m 755 /var/opt/puppetlabs/puppetserver && \ chown puppet:puppet /var/opt/puppetlabs/puppetserver * Update memory usage in /etc/sysconfig/puppetserver. In test system, decrease to 512m. In production env, increase... How much? when? how to tell? * Update TLS cert info, if desired in /etc/puppetlabs/puppetserver/conf.d/webserver.conf. Book suggests not doing this as CA info is still in puppet.conf :: ssl-cert = /var/opt/puppetlabs/puppetserver/ssl/certs/osps.olearycomputers.com.pem ssl-key = /var/opt/puppetlabs/puppetserver/ssl/private_keys/osps.olearycomputers.com.pem ssl-ca-cert = /var/opt/puppetlabs/puppetserver/ssl/certs/ca.pem ssl-crl-cert = /var/opt/puppetlabs/puppetserver/ssl/certs/crl.pem * Update logging if so desired. Option to send logs to syslog. * Update authorization as needed. Book quite literally says:: If you are new to puppet, skip ahead to running puppet server and come back later. 5. Update hiera.yaml to reflect hiearchy of your choice and to change the datadir so that all environments share data. Client: =======