From Fedora Project Wiki

Revision as of 06:21, 17 April 2013 by Gdubreui (talk | contribs) (Created page with "The manual installation provides: * Puppet Master * HTTP service with Webrick * Foreman Proxy (Smart-proxy) and Foreman * SELinux Before starting, make sure the Common Core ...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

The manual installation provides:

  • Puppet Master
  • HTTP service with Webrick
  • Foreman Proxy (Smart-proxy) and Foreman
  • SELinux

Before starting, make sure the Common Core definitions described earlier have been applied.

Puppet Master

Once the core components must have prepared, the we can install the Puppet master and Git. Git will be used to get the Puppet modules specific for OpenStack:

yum install -y git puppet-server policycoreutils-python
Initial Puppet Master configuration

We need to customise the Puppet Master configuration file /etc/puppet/puppet.conf.

First we activate puppet plugins (modules custom types & facts)

augtool -s set /files/etc/puppet/puppet.conf/main/pluginsync true

Then we add Puppet a default Production environment. You might want to extend it by adding other environments such as development, test, staging.

mkdir -p /etc/puppet/modules/production
mkdir /etc/puppet/modules/common
augtool -s set /files/etc/puppet/puppet.conf/production/modulepath \ /etc/puppet/modules/production:/etc/puppet/modules/common

The Puppet autosign feature allows to filter whose certificate requests will automatically be signed:

augtool -s set /files/etc/puppet/puppet.conf/master/autosign \$confdir/autosign.conf { mode = 664 }
SELinux

In order to have SELinux enforced on the Management host, we need to:

  • Set the SELinux type for /etc/puppet:
semanage fcontext -a -t puppet_etc_t '/etc/puppet(/.*)?'
  • Make sure the configuration files type gets applied when file are touched:
echo “/etc/puppet/*” >> /etc/selinux/restorecond.conf
  • Allow Puppet Master to use the Database:
setsebool -P puppetmaster_use_db true

Foreman Installation

Get Foreman packages from the yum repo:

yum install -y http://yum.theforeman.org/rc/el6/x86_64/foreman-release-1.1RC5-1.el6.noarch.rpm
yum install -y foreman foreman-proxy foreman-mysql foreman-mysql2 rubygem-redcarpet
External Node Classification

For Puppet ENC we rely on github.com/theforeman project and fetch the node.rb script from it:

git clone git://github.com/theforeman/puppet-foreman.git /tmp/puppet-foreman
cp /tmp/puppet-foreman/templates/external_node.rb.erb /etc/puppet/node.rb

We need to edit the variables defined at the head of the file, /etc/puppet/node.rb.

We are doing this using “sed” command in order to script it for later:

sed -i "s/<%= @foreman_url %>/http:\/\/$(hostname):3000/" \ /etc/puppet/node.rb
sed -i 's/<%= @puppet_home %>/\/var\/lib\/puppet/' /etc/puppet/node.rb
sed -i 's/<%= @facts %>/true/' /etc/puppet/node.rb
sed -i 's/<%= @storeconfigs %>/false/' /etc/puppet/node.rb
chmod 755 /etc/puppet/node.rb


Anyway the result should look like this (extract of the modified section):

SETTINGS = {
:url => "http://host1.example.org:3000",
:puppetdir => "/var/lib/puppet",
:facts => true,
:storeconfigs => true,
:timeout => 3,

Finally we tell Puppet Master to use ENC:

augtool -s set /files/etc/puppet/puppet.conf/master/external_nodes /etc/puppet/node.rb
augtool -s set /files/etc/puppet/puppet.conf/master/node_terminus exec

Foreman Reports

We use the foreman report form github.com/theforeman project downloaded earlier:

cp /tmp/puppet-foreman/templates/foreman-report.rb.erb \ /usr/lib/ruby/site_ruby/1.8/puppet/reports/foreman.rb
augtool -s set /files/etc/puppet/puppet.conf/master/reports foreman
Enable Foreman-proxy features
sed -i -r 's/(:puppetca:).*/\1 true/' /etc/foreman-proxy/settings.yml
sed -i -r 's/(:puppet:).*/\1 true/' /etc/foreman-proxy/settings.yml
Activate & run services
chkconfig foreman-proxy on
service foreman-proxy start
chkconfig foreman on
service foreman start

Foreman should be accessible at http://host1.example.org:3000.

Note
The default user is “admin” and with the password “changeme”.