RHEL 7でPuppet Master/Agent

テスト、勉強の為、出来るだけ簡単にPuppetのMaster/Agent構成を作る方法をまとめました。

前提条件

• RHEL 7.2
• Puppet 4.4.2
• Masterのhostname rhel7, rhel7.localで見つかる
• Agentのhostname rhel7agent, rhel7agent.localで見つかる

Master設定

rpm -Uvh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
yum install -y puppet
yum install -y puppetserver
export PATH=/opt/puppetlabs/bin:$PATH
/opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true
puppet apply -e "user { 'jargyle': ensure => present, }"
puppet apply -e "group { 'web': ensure => present, }"
puppet resource group web > /etc/puppetlabs/code/environments/production/manifests/site.pp
puppet resource user jargyle | sed -e 's/gid.*/comment          => '\''Judy Argyle'\'',\n  groups           => '\''web'\'',/' >> /etc/puppetlabs/code/environments/production/manifests/site.pp
echo "" >> /etc/puppetlabs/puppet/puppet.conf
echo "[main]" >> /etc/puppetlabs/puppet/puppet.conf
echo "dns_alt_names = rhel7,rhel7.local" >> /etc/puppetlabs/puppet/puppet.conf
echo "certname = rhel7.local" >> /etc/puppetlabs/puppet/puppet.conf
firewall-cmd --zone=public --add-port=8140/tcp --permanent
systemctl restart firewalld
puppet master --verbose  # This command daemonize puppet

Agent設定

• インストール

rpm -Uvh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
yum install -y puppet
export PATH=/opt/puppetlabs/bin:$PATH
echo "" >> /etc/puppetlabs/puppet/puppet.conf
echo "[agent]" >> /etc/puppetlabs/puppet/puppet.conf
echo "server = rhel7.local" >> /etc/puppetlabs/puppet/puppet.conf

* テスト
CertificateがMasterに登録されていないので必ず失敗します。

    ```
# puppet agent -t
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for rhel7agent
Info: Certificate Request fingerprint (SHA256): 92:91:97:A5:2B:9D:C8:3C:51:20:2F:66:11:01:70:46:8F:70:C9:E6:3F:E7:E6:96:57:31:93:A3:1A:1A:85:8B
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled

MaterでAgentをサイン

• 申請を確認

puppet cert list

"rhel7agent" (SHA256) 92:91:97:A5:2B:9D:C8:3C:51:20:2F:66:11:01:70:46:8F:70:C9:E6:3F:E7:E6:96:57:31:93:A3:1A:1A:85:8B

* サイン

    ```
# puppet cert sign rhel7agent
Notice: Signed certificate request for rhel7agent
Notice: Removing file Puppet::SSL::CertificateRequest rhel7agent at '/etc/puppetlabs/puppet/ssl/ca/requests/rhel7agent.pem'

MaterにAgentの定義(manifests)登録

• apacheのインストール

  /etc/puppetlabs/code/environments/production/manifests/site.pp

group { 'web':
ensure => 'present',
gid => '1002',
}
user { 'jargyle':
ensure => 'present',
comment => 'Judy Argyle',
groups => 'web',
home => '/home/jargyle',
password => '!!',
password_max_age => '99999',
password_min_age => '0',
shell => '/bin/bash',
uid => '1001',
}
node 'rhel7agent' {
package { 'httpd' :
ensure => installed,
}
}

# Agentで取り込む
* 適用

    ```
# puppet agent --onetime --no-daemonize --verbose
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for rhel7agent
Info: Applying configuration version '1462547748'
Notice: /Stage[main]/Main/Group[web]/ensure: created
Notice: /Stage[main]/Main/User[jargyle]/ensure: created
Notice: /Stage[main]/Main/Node[rhel7agent]/Package[httpd]/ensure: created
Info: Creating state file /opt/puppetlabs/puppet/cache/state/state.yaml
Notice: Applied catalog in 32.74 seconds

この後

Puppetを使ったLinuxシステムの設定自動管理を読んでいけば上手く行く筈、、、

参考

• IT'z Geek Install and Configure Puppet on CentOS 7 / RHEL 7
• Puppet公式 Installing Puppet: Red Hat Enterprise Linux (and Derivatives)
• Puppetを使ったLinuxシステムの設定自動管理