The manual installation provides:
- Puppet Master
- HTTP service with Webrick
- Foreman Proxy (Smart-proxy) and Foreman
- SELinux
Before starting, make sure the Common Core definitions described earlier have been applied.
Puppet Master
Once the core components must have prepared, the we can install the Puppet master and Git. Git will be used to get the Puppet modules specific for OpenStack:
yum install -y git puppet-server policycoreutils-python
Initial Puppet Master configuration
We need to customise the Puppet Master configuration file /etc/puppet/puppet.conf.
First we activate puppet plugins (modules custom types & facts)
augtool -s set /files/etc/puppet/puppet.conf/main/pluginsync true
Then we add Puppet a default Production environment. You might want to extend it by adding other environments such as development, test, staging.
mkdir -p /etc/puppet/modules/production mkdir /etc/puppet/modules/common augtool -s set /files/etc/puppet/puppet.conf/production/modulepath \ /etc/puppet/modules/production:/etc/puppet/modules/common
The Puppet autosign feature allows to filter whose certificate requests will automatically be signed:
augtool -s set /files/etc/puppet/puppet.conf/master/autosign \$confdir/autosign.conf { mode = 664 }
SELinux
In order to have SELinux enforced on the Management host, we need to:
- Set the SELinux type for /etc/puppet:
semanage fcontext -a -t puppet_etc_t '/etc/puppet(/.*)?'
- Make sure the configuration files type gets applied when file are touched:
echo “/etc/puppet/*” >> /etc/selinux/restorecond.conf
- Allow Puppet Master to use the Database:
setsebool -P puppetmaster_use_db true
Foreman Installation
Get Foreman packages from the yum repo:
yum install -y http://yum.theforeman.org/rc/el6/x86_64/foreman-release-1.1RC5-1.el6.noarch.rpm yum install -y foreman foreman-proxy foreman-mysql foreman-mysql2 rubygem-redcarpet
External Node Classification
For Puppet ENC we rely on github.com/theforeman project and fetch the node.rb script from it:
git clone git://github.com/theforeman/puppet-foreman.git /tmp/puppet-foreman cp /tmp/puppet-foreman/templates/external_node.rb.erb /etc/puppet/node.rb
We need to edit the variables defined at the head of the file, /etc/puppet/node.rb.
We are doing this using “sed” command in order to script it for later:
sed -i "s/<%= @foreman_url %>/http:\/\/$(hostname):3000/" \ /etc/puppet/node.rb sed -i 's/<%= @puppet_home %>/\/var\/lib\/puppet/' /etc/puppet/node.rb sed -i 's/<%= @facts %>/true/' /etc/puppet/node.rb sed -i 's/<%= @storeconfigs %>/false/' /etc/puppet/node.rb chmod 755 /etc/puppet/node.rb
Anyway the result should look like this (extract of the modified section):
SETTINGS = {
:url => "http://host1.example.org:3000",
:puppetdir => "/var/lib/puppet",
:facts => true,
:storeconfigs => true,
:timeout => 3,
Finally we tell Puppet Master to use ENC:
augtool -s set /files/etc/puppet/puppet.conf/master/external_nodes /etc/puppet/node.rb augtool -s set /files/etc/puppet/puppet.conf/master/node_terminus exec
Foreman Reports
We use the foreman report form github.com/theforeman project downloaded earlier:
cp /tmp/puppet-foreman/templates/foreman-report.rb.erb \ /usr/lib/ruby/site_ruby/1.8/puppet/reports/foreman.rb augtool -s set /files/etc/puppet/puppet.conf/master/reports foreman
Enable Foreman-proxy features
sed -i -r 's/(:puppetca:).*/\1 true/' /etc/foreman-proxy/settings.yml sed -i -r 's/(:puppet:).*/\1 true/' /etc/foreman-proxy/settings.yml
Activate & run services
chkconfig foreman-proxy on service foreman-proxy start chkconfig foreman on service foreman start
Foreman should be accessible at http://host1.example.org:3000.
The default user is “admin” and with the password “changeme”.