Installing Puppet in RHEL7/ Cent OS 7

Will see Installing Puppet in RHEL7/ Cent OS 7

Nowadays all the administration tasks are rapidly moving to automation and its reducing manpower, cost and time. It’s mandatory to learn any one of the scripting and anyone of automation tool for system administrators at this situation.  Automating tasks in server end is very critical and most important one.  There are lots of tools available for automation. Here we are going to see the puppet.

What is puppet?

It’s an open source tool and developed by puppet labs for Linux/Unix/Mac and Windows machines. Puppet is written in Ruby language and its mostly used for automating jobs in the server and automating the jobs from the server to clients.

Features:

To avoid duplication of work.

Powerful framework

Mature tool

System administrator tasks simplify.

To make speed and repeated changes automatically.

To maintain system consistency and integrity

Very easy to manage vm, cloud and physical machines.

Enabling EPEL repository and dependencies for installation:

System time should be set as accurately on server, which is going to act as master chef server. So, set the time in your server.

Make sure that both the master and agent server should resolev the hostnames. So, make an entry in /etc/hosts file.

once time fixed will enable EPEL repository by using below command.

RHEL7/ Cent OS 7:

[[email protected] init.d]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-releas e-latest-7.noarch.rpm
Retrieving https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
warning: /var/tmp/rpm-tmp.yXngEr: Header V3 RSA/SHA256 Signature, key ID 352c64e 5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
 1:epel-release-7-10 ################################# [100%]

List the EPEL Repository Packages :

[[email protected] init.d]# yum --disablerepo=* --enablerepo=epel list

Now to have puppet ready setup, have to use apache with passanger. To get that, download and place the repo file in /etc/yum.repos.d/

[[email protected] init.d]# curl --fail -sSLo /etc/yum.repos.d/passenger.repo https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo

To setup puppet master/node now we need to enable the puppet lab repository and dependencies and run it on both master and agent servers.

[[email protected] init.d]# rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
Retrieving https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
Preparing... ################################# [100%]
 package puppetlabs-release-22.0-2.noarch is already installed

 

Installing Puppet:

Use the below command to install Puppet server. This will install init script (/etc/init.d/puppetmaster) to run a test-quality puppet master server.

[[email protected] ~]# yum install puppet-server

Installed:
 puppet-server.noarch 0:3.8.7-1.el7

Dependency Installed:
 facter.x86_64 1:2.4.6-1.el7 hiera.noarch 0:1.3.4-1.el7 libselinux-ruby.x86_64 0:2.5-6.el7 libyaml.x86_64 0:0.1.4-11.el7_0
 puppet.noarch 0:3.8.7-1.el7 ruby.x86_64 0:2.0.0.648-29.el7 ruby-augeas.x86_64 0:0.4.1-3.el7 ruby-irb.noarch 0:2.0.0.648-29.el7
 ruby-libs.x86_64 0:2.0.0.648-29.el7 ruby-shadow.x86_64 1:2.2.0-2.el7 rubygem-bigdecimal.x86_64 0:1.2.0-29.el7 rubygem-io-console.x86_64 0:0.4.2-29.el7
 rubygem-json.x86_64 0:1.7.7-29.el7 rubygem-psych.x86_64 0:2.0.0-29.el7 rubygem-rdoc.noarch 0:4.0.0-29.el7 rubygems.noarch 0:2.0.14.1-29.el7

Complete!

Now we need to configure the puppet master/agent architecture.  in our case this node going to work as master server. So, edit /etc/puppet/puppet.conf file and change the dns_alt_names.

[[email protected] ~]# vi /etc/puppet/puppet.conf
[main]
 dns_alt_names=server,server.lbcdomain.com
 certname=server.lbcdomain.com

Save and exit from the file.

Run the below command to create puppet master certificate:

[[email protected] ~]# puppet master --verbose --no-daemonize

Once received “Notice: Starting Puppet master version 3.8.7” press ctrl+c to kill the process.

Now will configure Web server:

Puppet comes with basic web server. In production basically will not use this web server. Before managing nodes by puppet master server, will configure web server first.

[[email protected] ~]# yum -y install httpd httpd-devel mod_ssl ruby-devel rubygems gcc gcc-c++ pygpgme curl

Now install passenger and apache module:

[[email protected] ~]# yum install -y mod_passenger

create parent, public and tmp  directories for the application. Copy the ext/rack/config.ru from the puppet source code into the parent directory and set ownership as puppet to the directory.

[[email protected] ~]# mkdir -p /usr/share/puppet/rack/puppetmasterd
[[email protected] ~]# mkdir /usr/share/puppet/rack/puppetmasterd/public /usr/share/puppet/rack/puppetmasterd/tmp
[[email protected] ~]# cp /usr/share/puppet/ext/rack/config.ru /usr/share/puppet/rack/puppetmasterd/
[[email protected] ~]# chown puppet:puppet /usr/share/puppet/rack/puppetmasterd/config.ru

Create configuration file to add virtual host for puppet.

[[email protected] ~]# vi /etc/httpd/conf.d/puppetmaster.conf

make the below entries in virtual host file.

[[email protected] ~]# vi /etc/httpd/conf.d/puppetmaster.conf
# you probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120

Listen 8140

<VirtualHost *:8140>
        SSLEngine on
        SSLProtocol             ALL -SSLv2 -SSLv3
        SSLCipherSuite          EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
        SSLHonorCipherOrder     on

        SSLCertificateFile      /var/lib/puppet/ssl/certs/server.lbcdomain.com.pem
        SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/server.lbcdomain.com.pem
        SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
        SSLCACertificateFile   /var/lib/puppet/ssl/ca/ca_crt.pem
        # If Apache complains about invalid signatures on the CRL, you can try disabling
        # CRL checking by commenting the next line, but this is not recommended.
        SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
        # Apache 2.4 introduces the SSLCARevocationCheck directive and sets it to none
        # which effectively disables CRL checking; if you are using Apache 2.4+ you must
        # specify 'SSLCARevocationCheck chain' to actually use the CRL.
        # SSLCARevocationCheck chain
        SSLVerifyClient optional
        SSLVerifyDepth  1
        # The `ExportCertData` option is needed for agent certificate expiration warnings
        SSLOptions +StdEnvVars +ExportCertData

        # This header needs to be set if using a loadbalancer or proxy
        RequestHeader unset X-Forwarded-For

        RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
        RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
        RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

         DocumentRoot /usr/share/puppet/rack/puppetmasterd/public
        RackBaseURI /
        <Directory /usr/share/puppet/rack/puppetmasterd/>
                Options None
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>
</VirtualHost>  

Now restart the apache service.

[[email protected] ~]# systemctl restart httpd

Enable apache and disable puppet to autostart while booting.

[[email protected] ~]# systemctl disable puppet.service
[[email protected] ~]# systemctl enable httpd.service

Now enable puppet listening port in firewall:

Port: 8140

[[email protected] ~]# firewall-cmd --zone=public --add-port=8140/tcp --permanent
[[email protected] ~]# firewall-cmd --reload

 

Now install puppet on Node machines:

before starting puppet agent installation have to configure yum repository same like master server.

Command to install puppet:

[[email protected] ~]# yum -y install puppet

Make master puppet server details in puppet configuration file like below.

[[email protected] ~]# vi /etc/puppet/puppet.conf

[agent]
server = server.lbcdomain.com

Now start puppet service in node machine and enable it to start automatically while booting in this run level.

[[email protected] ~]# systemctl start puppet
[[email protected] ~]# systemctl enable puppet

Now signin puppet agent node machine certificate in puppet master server:

Agent node will request certificate on first time they attempt to run.

Login and execute the below command in master puppet server.

[[email protected] ~]# puppet cert list

"node.lbcdomain.com" (SHA256) D4:88:EC:C5:0A:F7:5D:4E:32:C5:B3:61:E0:51:7B:0C:CD:B3:49:9E:68:0B:E7:5D:75:19:1D:0B:92:8A:E7:C1

Run the below command to sign the cert sign

[[email protected] ~]# puppet cert sign node.lbcdomain.com

Notice: Signed certificate request for node.lbcdomain.com
Notice: Removing file Puppet::SSL::CertificateRequest node.lbcdomain.com at '/var/lib/puppet/ssl/ca/requests/node.lbcdomain.com.pem'

Run below command in puppet agent node machine to verify the certificate.

[[email protected] ~]# puppet agent -t

Info: Caching certificate for node.lbcdomain.com
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for node.lbcdomain.com
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node.lbcdomain.com
Info: Applying configuration version '1445401911'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.09 seconds

Finally we completed puppet master and agent configuration successfully.

 

Docker installation in RHEL7/ Cent OS 7

We are going to see Docker installation in RHEL7/ Cent OS 7.

Docker packages are available for RedHat Servers and RHEL Atomic Host editions alone not for other workstations or other variants of RHEL.

In this installation method internet is mandatory.

Docker installation using native docker script is straight forward method. Using “curl”  will install the docker.  Before installing docker, first check curl  package is installed on your system.

#curl –version

[[email protected] ~]# curl --version
curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.21 Basic ECC zlib/1.2.7 libidn/1.28 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz unix-sockets
 Installing Docker using curl command
 
  Use the below command to install the docker.
 
#curl -SSL https://get.docker.com/ | sh
 
Now will enable the docker permanently in this runlevel and will start docker.
Command to enable the docker in this runlevel
#systemctl enable docker
 
 
 
Command to start the docker
#systemctl start docker
 
 
command to check the docker status
#systemctl status docker
 
 
Command to restart the docker
#systemctl restart docker
 
 
 
 
Docker has been installed and now will check the docker installation here.
#docker run hello-world
 
 



Will list the new containers with below command

#docker ps -a


Failed to start docker.service: Unit not found / Installation of docker in RHEL7.x / CentOS 7.x

Failed to start docker.service: Unit not found / Installation of  docker in RHEL7.x / CentOS 7.x

Will see how to fix Failed to start docker.service: Unit not found / Installation of docker in RHEL7.x / CentOS 7.x.

Docker is open source and it will help us to deploy applications over the Linux containers.
Docker CLI command line tool will help to manage the lifecycle management of  image based containers.

Linux container will enable fast application deployment, simplest testing, troubleshooting and maintenance.

Check for the installed docker details and remove the docker which is already installed.

Again install docker using below command:

#curl -fsSL https://get.docker.com/ | sh



Enable the docker service permanently in this runlevel

Start the docker service

Now docker has been installed started successfully.

To check docker installed correctly or not issue the below command

Chef server installation on linux

We are going to see Chef server installation on linux

Configuration options in Chef:

 

1. Standalone
2. High Availability
3. Tiered

Requirements:

1. Machine with RedHat server operating system with FQDN.
2. Mail agent which will help chef server to send notification.
3. Should know to work with cron jobs to schedule jobs

We are going to see Standalone chef server in this post.

In this method will use single machine for chef server installation.
1. Download “chef-server-core-<ver>” and kept under /tmp directory on a server which will run the server.
2. Install the package as root user using below commands.

#rpm -ivh chef-server-core-xxx.rpm

It will take some minutes to install it.

Execute the following server to start all services.

#chef-server-ctl reconfigure

Now we should create a user to manage the chef server

#chef-server-ctl user-create <username> <firstname> <lastname> <email> ‘Password’ –filename /path/uname.pem

Now we should create organization

 

#chef-server-ctl org-create short_name ‘full_organization_name’ –association_user user_name –filename ORGANIZATION-validator.pem

Download and install additional packages:
We can use Chef management console to manage the data bags, attributes, run-lists, roles, environments, and cookbooks from a web user interface.

Run below commands on chef server.

#chef-server-ctl install chef-manage
#chef-server-ctl reconfigure
#chef-manage-ctl reconfigure

We can use Chef push jobs to execute the jobs

Run the below commands on chef server.

#chef-server-ctl install opscode-push-jobs-server
#chef-server-ctl reconfigure
#opscode-push-jobs-server-ctl reconfigure

Use reporting will keep track while every client run on full infra.

Run the below commands on chef server:

#chef-server-ctl install opscode-reporting
#chef-server-ctl reconfigure
#opscode-reporting-ctl reconfigure

Update purchase for nodes:

While using more than 25 nodes, configuration should be updated by us for license.
for that, need to edit chef-server.rb file. follow the below steps to edit

#mkdir /etc/opscode && sudo touch /etc/opscode/chef-server.rb

open new chef-server.rb file
#vi /etc/opscode/chef-server.rb

append the below line on that file

#license[‘nodes’] = N (number of licensed nodes you have purchased)


save and exit from the file using :wq


run below command to update the modified changes on chef server

#chef-server-ctl reconfigure