Introduction
This procedure describes how Alexis Huxley set up a Puppet server.
Procedure
- Ensure that the hostname ‘puppet’ resolves to your puppet server (the default client configuration expects this).
- Run:
apt-get install puppetmaster
- Edit /etc/puppet/fileserver.conf and set:
[files] path /etc/puppet/files allow 192.168.0.0/24 # adjust to suit local requirements ...
and then run:
mkdir /etc/puppet/files
- Create a stub manifest (that will just create an empty hushlogin file for root) by editing /etc/puppet/manifests/site.pp containing:
class hushlogin { file { "/root/.hushlogin": owner => root, group => root, mode => 644, } } node default { include hushlogin }
- Install some modules by running:
puppet module install ericsson-nisclient puppet module install jonnyx-resolv_conf puppet module install trlinkin-nsswitch
- Note that after installing new modules or making changes to site.pp, you do not need to restart the puppet server process.
Client-side procedure
This section will moved or entirely removed, once encoded elsewhere.
- On the client run:
apt-get install puppet
- If the puppet server is not accessible simply by using the name ‘puppet’ then add the following to /etc/puppet/puppet.conf:
[main] ... server = <hostname-or-ip-address-of-puppet-server>
- On Debian wheezy systems edit /etc/default/puppet and set:
... START=yes ...
and then run:
service puppet start
- On the server you should be able to see the client’s request for authentication by running:
puppet ca list
- If you want to reissue a certificate request (e.g. when switching to a different puppet server) then run:
service puppet stop cd /var/lib/puppet mv ssl ssl.delete-me-soon mkdir ssl chown puppet:puppet ssl chmod 771 ssl service puppet start
- On the server accept the request and sign the request by running:
puppet ca sign <client-id>
- On Ubuntu 14.10 allow it to do runs by running:
puppet agent --enable
- On the client run:
service puppet restart