Installing Puppet in RHEL7/ Cent OS 7

Will see Installing Puppet in RHEL7/ Cent OS 7

Nowadays all the administration tasks are rapidly moving to automation and its reducing manpower, cost and time. It’s mandatory to learn any one of the scripting and anyone of automation tool for system administrators at this situation.  Automating tasks in server end is very critical and most important one.  There are lots of tools available for automation. Here we are going to see the puppet.

What is puppet?

It’s an open source tool and developed by puppet labs for Linux/Unix/Mac and Windows machines. Puppet is written in Ruby language and its mostly used for automating jobs in the server and automating the jobs from the server to clients.


To avoid duplication of work.

Powerful framework

Mature tool

System administrator tasks simplify.

To make speed and repeated changes automatically.

To maintain system consistency and integrity

Very easy to manage vm, cloud and physical machines.

Enabling EPEL repository and dependencies for installation:

System time should be set as accurately on server, which is going to act as master chef server. So, set the time in your server.

Make sure that both the master and agent server should resolev the hostnames. So, make an entry in /etc/hosts file.

once time fixed will enable EPEL repository by using below command.

RHEL7/ Cent OS 7:

[root@server init.d]# rpm -Uvh e-latest-7.noarch.rpm
warning: /var/tmp/rpm-tmp.yXngEr: Header V3 RSA/SHA256 Signature, key ID 352c64e 5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
 1:epel-release-7-10 ################################# [100%]

List the EPEL Repository Packages :

[root@server init.d]# yum --disablerepo=* --enablerepo=epel list

Now to have puppet ready setup, have to use apache with passanger. To get that, download and place the repo file in /etc/yum.repos.d/

[root@server init.d]# curl --fail -sSLo /etc/yum.repos.d/passenger.repo

To setup puppet master/node now we need to enable the puppet lab repository and dependencies and run it on both master and agent servers.

[root@server init.d]# rpm -ivh
Preparing... ################################# [100%]
 package puppetlabs-release-22.0-2.noarch is already installed


Installing Puppet:

Use the below command to install Puppet server. This will install init script (/etc/init.d/puppetmaster) to run a test-quality puppet master server.

[root@server ~]# yum install puppet-server

 puppet-server.noarch 0:3.8.7-1.el7

Dependency Installed:
 facter.x86_64 1:2.4.6-1.el7 hiera.noarch 0:1.3.4-1.el7 libselinux-ruby.x86_64 0:2.5-6.el7 libyaml.x86_64 0:0.1.4-11.el7_0
 puppet.noarch 0:3.8.7-1.el7 ruby.x86_64 0: ruby-augeas.x86_64 0:0.4.1-3.el7 ruby-irb.noarch 0:
 ruby-libs.x86_64 0: ruby-shadow.x86_64 1:2.2.0-2.el7 rubygem-bigdecimal.x86_64 0:1.2.0-29.el7 rubygem-io-console.x86_64 0:0.4.2-29.el7
 rubygem-json.x86_64 0:1.7.7-29.el7 rubygem-psych.x86_64 0:2.0.0-29.el7 rubygem-rdoc.noarch 0:4.0.0-29.el7 rubygems.noarch 0:


Now we need to configure the puppet master/agent architecture.  in our case this node going to work as master server. So, edit /etc/puppet/puppet.conf file and change the dns_alt_names.

[root@server ~]# vi /etc/puppet/puppet.conf

Save and exit from the file.

Run the below command to create puppet master certificate:

[root@server ~]# puppet master --verbose --no-daemonize

Once received “Notice: Starting Puppet master version 3.8.7” press ctrl+c to kill the process.

Now will configure Web server:

Puppet comes with basic web server. In production basically will not use this web server. Before managing nodes by puppet master server, will configure web server first.

[root@server ~]# yum -y install httpd httpd-devel mod_ssl ruby-devel rubygems gcc gcc-c++ pygpgme curl

Now install passenger and apache module:

[root@server ~]# yum install -y mod_passenger

create parent, public and tmp  directories for the application. Copy the ext/rack/ from the puppet source code into the parent directory and set ownership as puppet to the directory.

[root@server ~]# mkdir -p /usr/share/puppet/rack/puppetmasterd
[root@server ~]# mkdir /usr/share/puppet/rack/puppetmasterd/public /usr/share/puppet/rack/puppetmasterd/tmp
[root@server ~]# cp /usr/share/puppet/ext/rack/ /usr/share/puppet/rack/puppetmasterd/
[root@server ~]# chown puppet:puppet /usr/share/puppet/rack/puppetmasterd/

Create configuration file to add virtual host for puppet.

[root@server ~]# vi /etc/httpd/conf.d/puppetmaster.conf

make the below entries in virtual host file.

[root@server ~]# vi /etc/httpd/conf.d/puppetmaster.conf
# you probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120

Listen 8140

<VirtualHost *:8140>
        SSLEngine on
        SSLProtocol             ALL -SSLv2 -SSLv3
        SSLHonorCipherOrder     on

        SSLCertificateFile      /var/lib/puppet/ssl/certs/
        SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/
        SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
        SSLCACertificateFile   /var/lib/puppet/ssl/ca/ca_crt.pem
        # If Apache complains about invalid signatures on the CRL, you can try disabling
        # CRL checking by commenting the next line, but this is not recommended.
        SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
        # Apache 2.4 introduces the SSLCARevocationCheck directive and sets it to none
        # which effectively disables CRL checking; if you are using Apache 2.4+ you must
        # specify 'SSLCARevocationCheck chain' to actually use the CRL.
        # SSLCARevocationCheck chain
        SSLVerifyClient optional
        SSLVerifyDepth  1
        # The `ExportCertData` option is needed for agent certificate expiration warnings
        SSLOptions +StdEnvVars +ExportCertData

        # This header needs to be set if using a loadbalancer or proxy
        RequestHeader unset X-Forwarded-For

        RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
        RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
        RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

         DocumentRoot /usr/share/puppet/rack/puppetmasterd/public
        RackBaseURI /
        <Directory /usr/share/puppet/rack/puppetmasterd/>
                Options None
                AllowOverride None
                Order allow,deny
                allow from all

Now restart the apache service.

[root@server ~]# systemctl restart httpd

Enable apache and disable puppet to autostart while booting.

[root@server ~]# systemctl disable puppet.service
[root@server ~]# systemctl enable httpd.service

Now enable puppet listening port in firewall:

Port: 8140

[root@server ~]# firewall-cmd --zone=public --add-port=8140/tcp --permanent
[root@server ~]# firewall-cmd --reload


Now install puppet on Node machines:

before starting puppet agent installation have to configure yum repository same like master server.

Command to install puppet:

[root@client ~]# yum -y install puppet

Make master puppet server details in puppet configuration file like below.

[root@node ~]# vi /etc/puppet/puppet.conf

server =

Now start puppet service in node machine and enable it to start automatically while booting in this run level.

[root@client ~]# systemctl start puppet
[root@client ~]# systemctl enable puppet

Now signin puppet agent node machine certificate in puppet master server:

Agent node will request certificate on first time they attempt to run.

Login and execute the below command in master puppet server.

[root@server ~]# puppet cert list

"" (SHA256) D4:88:EC:C5:0A:F7:5D:4E:32:C5:B3:61:E0:51:7B:0C:CD:B3:49:9E:68:0B:E7:5D:75:19:1D:0B:92:8A:E7:C1

Run the below command to sign the cert sign

[root@server ~]# puppet cert sign

Notice: Signed certificate request for
Notice: Removing file Puppet::SSL::CertificateRequest at '/var/lib/puppet/ssl/ca/requests/'

Run below command in puppet agent node machine to verify the certificate.

[root@client ~]# puppet agent -t

Info: Caching certificate for
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for
Info: Applying configuration version '1445401911'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.09 seconds

Finally we completed puppet master and agent configuration successfully.


SSH Authentication in RHEL7/ Cent OS 7

In this post will see how  to enable SSH Authentication in RHEL7/ CentOS 7

SSH authentication will help us to log in a server/node without a password.
here we have two servers : :

Now we need to install the OpenSSH packages using the command on both the servers.

[root@server ~]# yum -y install openssh

Now we need to start and enable the service permanently in this run level.

[root@server ~]# systemctl enable sshd.service

[root@server ~]# systemctl start sshd.service

Then need to edit /etc/ssh/sshd_config file and change if Password authentication is set as No to yes

[root@server ~]# vi /etc/ssh/sshd-config

then change the below

PasswordAuthentication No

Then save and exit from the file.

This is the right time to generate the key pair using command

Press Enter to confirm the default path (/home/root/.ssh/id_rsa)and the file name for RSA keys.

Next, for passphrase press enter to leave it blank.

After that, you will receive a message that mentioned RSA key pairs details.

[root@server ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/root/.ssh/id_rsa):
Created directory '/home/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/root/.ssh/id_rsa.
Your public key has been saved in /home/root/.ssh/
The key fingerprint is:
d5:44:c4:ef:ef:49:ff:fe:e0:06:ed:d3:0e:71:e4:08 sshuser1@server
The key's randomart image is:
+--[ RSA 2048]----+
| ++ |
| o. |
| . E. .|
| . ..+ |
| S oo o|
| . oo |
| oo+ |
| .=o=|
| ..*X|

[sshuser1@server root]$ cd ~/.ssh/
[sshuser1@server .ssh]$ ls

We generated keys above and we should copy the public key to the remote server which we need to allow to access this server without password

use the command to copy the public key

#ssh-copy-id -i ~/.ssh/ [email protected]

Now open /etc/ssh/sshd_config file in node2 server and make the below changes.

PasswordAuthentication no

save and exit from the file.

Now restart the sshd service on both the servers

 systemctl restart sshd

service sshd restart

We almost completed the ssh authentication. To test this connection will try to log in from to server using ssh

#ssh [email protected]



Booting process in RHEL7/ Cent OS 7

Will see the Booting process in RHEL7/ CentOS 7 in this post. It’s very important to know the booting process for all operating system. It will help us to troubleshoot the booting issues.

We are going to see about RHEL / Cent OS 7 booting process.

Below are booting stages:


BIOS stands for basic input output system.

It will do a POST (Power on self-test) to check system hardware.

And it will search, load and execute MBR  in memory(Master Boot Recorder).


MBR Stands for Master boot recorder.

MBR will be available in first 512 bytes of the boot drive. In this 512 bytes 446 bytes contains boot loader information, in 64 bytes contains partition table information available and remaining 2 bytes for MBR validation check. Boot drive will be anything like Hard disk, Pendrive, Floppy.

MBR will search and load the GRUB2 boot loader in memory and control moved to the bootloader.

GRUB2 Bootloader:

GRUB stands for Grand Unified Bootloader.

GRUB will be the default boot loader in RHEL7.

GRUB configuration file is available in this path: /boot/grub2/grub.cfg. Editing this file directly is not advisable.

GRUB file configuration:

# cat /etc/default/grub
GRUB_CMDLINE_LINUX=" crashkernel=auto rhgb quiet net.ifnames=0"

To change these configuration settings will edit this /etc/default/grub file.

Once modified have to execute the below command to make this change affect in the main configuration file (/boot/grub2/grub.cfg).

# grub2-mkconfig –o /boot/grub2/grub.cfg

grub has kernel image(vmlinuz) and initramfs image details.

grub will search and load the kernel image into memory and it will extract the initramfs image contents into memory based filesystem which is called tmpfs.

initramfs stands for initial ramdisk

initial ramdisk will load the block devices (HDD, CD, Floppy, etc). So that it will find the exact root filesystem and will mount it. Till mounting this exact root filesystem, initramfs will act as a temporary root filesystem.

kernel mounts the initramfs image as two-stage boot process.

Will use the lsinitrd command to view initramfs content.


Kernel will start systemd process and PID is 1 for this, as this will be the first process.

root 1 0 0 02:10 ? 00:00:02 /usr/lib/systemd/systemd --switched-root --system --deserialize 23


Systemd will be the first process.

This process will read the /etc/systemd/system/ file to determine the default system target. The system target file defines the services which is started by systemd.

Systemd will bring the system based on the system target runlevel and perform system initialization process such as hostname, network settings, initializing SELinux, Printing welcome banner and mounting all filesystems.