EL 6.2 RHEL6.2 Puppet 2.7.9 The Foreman Mcollective RabbitMQ

This How to will walk you thru the steps of installing Pupppet, The Foreman, RabbitMQ, and MCollective:

1. Add your hostname to /etc/hosts.conf and /etc/sysconfig/network

[root@puppet ~]# echo -e “127.0.0.1 puppet.${DOMAIN} puppet foreman.yourdomain.com foreman localhost” > /etc/hosts
[root@puppet ~]# echo -e “NETWORKING=yes\nHOSTNAME=puppet.yourdomain.com” > /etc/sysconfig/network
[root@puppet ~]# hostname foreman.yourdomain.com

2. First we need to add the repositories for the installation (you need to be root or have sudo permissions to do this:

[root@puppet ~]# cat > /etc/yum.repos.d/puppetlabs.repo << “EOF”
[puppetlabsproduct]
name=Puppet Labs Packages
baseurl=http://yum.puppetlabs.com/el/6/products/x86_64/
gpgcheck=0
enabled=1

[puppetlabsdeps]
name=Puppet Labs Packages
baseurl=http://yum.puppetlabs.com/el/6/dependencies/x86_64/
gpgcheck=0
enabled=1
EOF

# Foreman repository
cat > /etc/yum.repos.d/foreman.repo << “EOF”
[foreman]
name=Foreman Repo
baseurl=http://yum.theforeman.org/stable
gpgcheck=0
enabled=1
EOF

# Epel Repo
cat > /etc/yum.repos.d/epel.repo << “EOF”
[epel]
name=Extra Packages for Enterprise Linux 6 – $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 6 – $basearch – Debug
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1

[epel-source]
name=Extra Packages for Enterprise Linux 6 – $basearch – Source
#baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1
EOF

3. Now we have to install all the packages

[root@puppet ~]# yum -y install rubygems ruby-devel rubygem-stomp httpd httpd-devel mod_ssl mysql mysql-server mysql-devel libcurl-devel openssl-devel openssl098e tcl tk unixODBC unixODBC-devel augeas gcc gcc-c++ zlib-devel rubygem-mime-types rubygem-json rubygem-rest-client

4. Install the rubygems. This is done with the ruby package manager

[root@puppet ~]# gem install –no-rdoc –no-ri puppet passenger rack mysql net-ping
[root@puppet ~]# gem install –no-rdoc –no-ri -v 3.0.10 rails activerecord

5. After a successful install we can add the user puppet to the system and create the main directories for it

[root@puppet ~]# useradd puppet
[root@puppet ~]# mkdir -p /etc/puppet/{manifests,modules}
[root@puppet ~]# mkdir -p /usr/share/puppet/rack/puppetmasterd/{public,tmp}
[root@puppet ~]# mkdir -p /var/lib/puppet/{bucket,yaml,rrd,server_data,reports}
[root@puppet ~]# chown -R puppet:puppet /etc/puppet/
[root@puppet ~]# chown -R puppet:puppet /var/lib/puppet/
[root@puppet ~]# chown -R puppet:puppet /usr/share/puppet/rack/puppetmasterd/

6. Copy the puppet RACK config to the puppetmasterd directory

[root@puppet ~]# cp /usr/lib/ruby/gems/1.8/gems/puppet-2.7.9/ext/rack/files/config.ru /usr/share/puppet/rack/puppetmasterd/config.ru
[root@puppet ~]# chown puppet:puppet /usr/share/puppet/rack/puppetmasterd/config.ru

7. Installing Foreman and MCollective

[root@puppet ~]# yum -y install foreman mcollective mcollective-common mcollective-client

8. Install latest mcollective plugins for puppet

[root@puppet ~]# cd /usr/libexec/mcollective/mcollective/agent
[root@puppet ~]# for i in nettest filemgr puppetd puppetral puppetca; do
wget https://raw.github.com/puppetlabs/mcollective-plugins/master/agent/$i/agent/$i.rb
wget https://raw.github.com/puppetlabs/mcollective-plugins/master/agent/$i/agent/$i.ddl
done

[root@puppet ~]# wget -O package.rb https://raw.github.com/puppetlabs/mcollective-plugins/master/agent/package/agent/puppet-package.rb
[root@puppet ~]# wget https://raw.github.com/puppetlabs/mcollective-plugins/master/agent/package/agent/package.ddl
[root@puppet ~]# wget -O service.rb https://raw.github.com/puppetlabs/mcollective-plugins/master/agent/service/agent/puppet-service.rb
[root@puppet ~]# wget https://raw.github.com/puppetlabs/mcollective-plugins/master/agent/service/agent/service.ddl
[root@puppet ~]# wget https://raw.github.com/phobos182/mcollective-plugins/master/agent/etcfacts/etc_facts.rb
[root@puppet ~]# wget https://raw.github.com/phobos182/mcollective-plugins/master/agent/etcfacts/etc_facts.ddl
[root@puppet ~]# wget https://raw.github.com/phobos182/mcollective-plugins/master/agent/shellcmd/shellcmd.rb
[root@puppet ~]# wget https://raw.github.com/phobos182/mcollective-plugins/master/agent/shellcmd/shellcmd.ddl
[root@puppet ~]# wget https://raw.github.com/phobos182/mcollective-plugins/master/agent/yum/yum.rb
[root@puppet ~]# wget https://raw.github.com/phobos182/mcollective-plugins/master/agent/yum/yum.ddl
[root@puppet ~]# cd /usr/libexec/mcollective/mcollective/facts/
[root@puppet ~]# wget https://raw.github.com/puppetlabs/mcollective-plugins/master/facts/facter/facter_facts.rb

9. Install erlang

[root@puppet ~]# ln -s /usr/lib64/libodbc.so.2 /usr/lib64/libodbc.so.1 ### ODBC fix
[root@puppet ~]# rpm -ivh http://rbel.frameos.org/stable/el6/x86_64/erlang-R12B-5.10.el6.x86_64.rpm –nodeps #this version runs with puppet!

10. Installing RabbitMQ

[root@puppet ~]# rpm -ivh http://www.rabbitmq.com/releases/rabbitmq-server/v2.5.1/rabbitmq-server-2.5.1-1.noarch.rpm
[root@puppet ~]# cd /usr/lib/rabbitmq/lib/rabbitmq_server-2.5.1/plugins
[root@puppet ~]# wget http://www.rabbitmq.com/releases/plugins/v2.5.1/amqp_client-2.5.1.ez
[root@puppet ~]# wget http://www.rabbitmq.com/releases/plugins/v2.5.1/rabbitmq_stomp-2.5.1.ez
[root@puppet ~]# /etc/init.d/qpidd stop #Very important
[root@puppet ~]# chkconfig qpidd off
[root@puppet ~]# chkconfig rabbitmq-server on
[root@puppet ~]# service rabbitmq-server start

# Configure RabbitMQ User/Privs

Export these vars first
[root@puppet ~]# MYSQL_PASSWORD=”puppet2012″
[root@puppet ~]# RABBIT_USER=”mcollective”
[root@puppet ~]# RABBIT_PASSWORD=”rabbitmq”
[root@puppet ~]# MCOLLECTIVE_PSK=”mcollectivePSKmcollective”
[root@puppet ~]# FOREMAN_EMAIL=”root@mydomain.com”
[root@puppet ~]# DOMAIN=”mydomain.com”

# Configure RabbitMQ user/privileges
[root@puppet ~]# rabbitmqctl add_user ${RABBIT_USER} ${RABBIT_PASSWORD}
[root@puppet ~]# rabbitmqctl set_permissions ${RABBIT_USER} “.*” “.*” “.*”
[root@puppet ~]# rabbitmqctl delete_user guest

11. Installing the Apache Passenger module

[root@puppet ~]# passenger-install-apache2-module -a

12. We are ready to apply the configuration for MCollective

# Configuration files for mCollective
[root@puppet ~]# cat > /etc/mcollective/server.cfg << “EOF”
topicprefix = /topic/
main_collective = mcollective
collectives = mcollective
libdir = /usr/libexec/mcollective
logfile = /var/log/mcollective.log
loglevel = info
daemonize = 1

securityprovider = psk
plugin.psk = MCOLLECTIVE_PSK_PH

connector = stomp
plugin.stomp.host = localhost
plugin.stomp.port = 61613
plugin.stomp.user = RABBIT_USER_PH
plugin.stomp.password = RABBIT_PASSWORD_PH

factsource = facter
EOF

[root@puppet ~]# cat > /etc/mcollective/client.cfg << “EOF”
topicprefix = /topic/
main_collective = mcollective
collectives = mcollective
libdir = /usr/libexec/mcollective
logfile = /dev/null
loglevel = info

securityprovider = psk
plugin.psk = MCOLLECTIVE_PSK_PH

connector = stomp
plugin.stomp.host = localhost
plugin.stomp.port = 61613
plugin.stomp.user = RABBIT_USER_PH
plugin.stomp.password = RABBIT_PASSWORD_PH

factsource = facter
EOF

13. Lets create the MyDQL database for puppet and foreman

[root@puppet ~]# chkconfig mysqld on && service mysqld start
[root@puppet ~]# mysql -u root -e “CREATE DATABASE puppet;”
[root@puppet ~]# mysql -u root -e “GRANT ALL PRIVILEGES ON puppet.* TO puppet@localhost IDENTIFIED BY ‘${MYSQL_PASSWORD}’;”

14. Puppet and Foreman Main configuration

[root@puppet ~]# cat > /etc/puppet/puppet.conf << “EOF”
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
factpath = $vardir/lib/facter
templatedir = $confdir/templates
pluginsync = false
classfile = $vardir/classes.txt
environment = production
reportdir = /var/lib/puppet/reports
modulepath = /etc/puppet/modules
certname = puppet.domb.com

[agent]
report = true
ignorecache = true
localconfig = $vardir/localconfig
server = puppet.domb.com

[master]
reports = http,store,log,foreman
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
storeconfigs = true
dbadapter = mysql
dbuser = puppet
dbpassword = puppet2012
dbname = puppet
dbserver = localhost
dbsocket = /var/lib/mysql/mysql.sock
EOF

[root@puppet ~]# cat > /etc/httpd/conf.d/puppet.conf << “EOF”
Listen 8140

<VirtualHost *:8140>
SSLEngine on
SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.domb.com.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.domb.com.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars

RackAutoDetect On
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/

<Directory /usr/share/puppet/rack/puppetmasterd/public/>
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
EOF
[root@puppet ~]# cat > /etc/httpd/conf.d/passenger.conf << “EOF”
LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-3.0.11/ext/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.11
PassengerRuby /usr/bin/ruby
EOF

[root@puppet ~]# cat > /etc/httpd/conf.d/foreman.conf << “EOF”
Listen 443
NameVirtualHost *:443
LoadModule ssl_module modules/mod_ssl.so
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

<VirtualHost *:443>
ServerName foreman.domb.com

RailsAutoDetect On
DocumentRoot /usr/share/foreman/public

<Directory /usr/share/foreman/public>
Options FollowSymLinks
DirectoryIndex index.html
AllowOverride None
Order allow,deny
allow from all
</Directory>

SSLEngine On
SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.domb.com.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.domb.com.pem
</VirtualHost>
EOF

# Foreman configuration files (the are Whitespace sensitive!!!)

[root@puppet ~]#  ln -sf /usr/share/foreman/config/database.yml /etc/foreman/database.yml
[root@puppet ~]#  ln -sf /usr/share/foreman/config/settings.yaml /etc/foreman/settings.yaml
[root@puppet ~]#  ln -sf /usr/share/foreman/config/email.yaml /etc/foreman/email.yaml
15. Remove stock apache config

[root@puppet ~]# rm -f /etc/httpd/conf.d/ssl.conf
[root@puppet ~]# rm -f /etc/httpd/conf.d/welcome.conf

16. Configure IpTables

[root@puppet ~]# cat > /etc/sysconfig/iptables << “EOF”
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 443 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 8140 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 61613 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
EOF

[root@puppet ~]# service iptables restart

17. Replace placeholder values:

[root@puppet ~]# sed -i “s/MYSQL_PASSWORD_PH/${MYSQL_PASSWORD}/g” /etc/puppet/puppet.conf /usr/share/foreman/config/database.yml
[root@puppet ~]# sed -i “s/MCOLLECTIVE_PSK_PH/${MCOLLECTIVE_PSK}/g” /etc/mcollective/server.cfg /etc/mcollective/client.cfg
[root@puppet ~]# sed -i “s/RABBIT_USER_PH/${RABBIT_USER}/g” /etc/mcollective/server.cfg /etc/mcollective/client.cfg
[root@puppet ~]# sed -i “s/RABBIT_PASSWORD_PH/${RABBIT_PASSWORD}/g” /etc/mcollective/server.cfg /etc/mcollective/client.cfg
[root@puppet ~]# sed -i “s/FOREMAN_EMAIL_PH/${FOREMAN_EMAIL}/g” /usr/share/foreman/config/settings.yaml
[root@puppet ~]# sed -i “s/DOMAIN_PH/${DOMAIN}/g” /etc/httpd/conf.d/puppet.conf
[root@puppet ~]# sed -i “s/DOMAIN_PH/${DOMAIN}/g” /etc/httpd/conf.d/foreman.conf
[root@puppet ~]# sed -i “s/DOMAIN_PH/${DOMAIN}/g” /usr/lib/ruby/gems/1.8/gems/puppet-2.7.9/lib/puppet/reports/foreman.rb
[root@puppet ~]# sed -i “s/DOMAIN_PH/${DOMAIN}/g” /usr/share/foreman/config/email.yaml
[root@puppet ~]# sed -i “s/DOMAIN_PH/${DOMAIN}/g” /usr/share/foreman/config/settings.yaml

18. Start Services and create puppet Cert

[root@puppet ~]# chkconfig mcollective on
[root@puppet ~]# service mcollective start
[root@puppet ~]# chkconfig httpd on
[root@puppet ~]# service httpd start
[root@puppet ~]# puppet cert –generate puppet.${DOMAIN}

19. Migrate DB to Forman. You will need the add this to a Cronjob later

[root@puppet ~]#  cd /usr/share/foreman
[root@puppet ~]#  RAILS_ENV=production rake db:migrate

20. Your Done

4 thoughts on “EL 6.2 RHEL6.2 Puppet 2.7.9 The Foreman Mcollective RabbitMQ

Leave a Reply

Your email address will not be published. Required fields are marked *

*


Hit Counter provided by laptop reviews