Mainly Linux


Install Puppet with Passenger on Centos 6 – Part Three

Today we will get Puppet Dashboard working. We'll configure this on the same server as Passenger.

So let's get started.

Getting stored configs working with MySQL

Install Rails:

[root@puppet]# gem install rails -v 2.2.2

Install MySQL server and the MySQL gem:

[root@puppet]# yum install mysql mysql-devel mysql-server

[root@puppet]# gem install mysql -- --with-mysql-config=/usr/bin/mysql_config

Create the puppet database:

[root@puppet]# mysql -u root -p

mysql> create database puppet;
mysql> grant all privileges on puppet.* to puppet@localhost
identified by 'password';

Add table index:

mysql> create index exported_restype_title on resources (exported,
restype, title(50));

Edit your puppet.conf:

storeconfigs = true
dbadapter = mysql
dbname = puppet
dbuser = puppet
dbpassword = password
dbserver = localhost
dbsocket = /var/lib/mysql/mysql.sock

To check it's working:

mysql -u puppet -p -D puppet -e 'select name,last_compile from hosts;'

This should output hosts and last compile time. You may need to run a Puppet agent against the server to see this updating.

Getting Puppet Dashboard working

Install the Puppet Dashboard rpm:

[root@puppet]# rpm -ivf

Now, let's configure Dashboard:

[root@puppet]# cd /usr/share/puppet-dashboard/config

Configure settings.yml with your favourite text editor:

a_server: ''

Then configure database.yml, keeping the database details the same as above:

database: puppet
username: puppet
password: password
encoding: utf8
adapter: mysql

database: puppet
username: puppet
password: password
encoding: utf8
adapter: mysql

database: puppet
username: puppet
password: password
encoding: utf8
adapter: mysql

Create the Dashboard database schema, so go up a level to here (/usr/share/puppet-dashboard)

Then run:

[root@puppet]# rake db:migrate

Copy the Apache vhost config file from the example Puppet Dashboard gives you:

[root@puppet]# cp /usr/share/puppet-dashboard/ext/passenger/dashboard-vhost.conf /etc/httpd/conf.d/puppetdashboard.conf

You will need to alter a few things inside that conf file. Mine is like this but you may want to tune some parameters, depending on your needs.

PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
PassengerStatThrottleRate 120
RailsAutoDetect On
DocumentRoot /usr/share/puppet-dashboard/public/
#SetEnv RAILS_ENV production

Options None
AllowOverride AuthConfig
Order allow,deny
allow from all

ErrorLog /var/log/httpd/dashboard.example.com_error.log
LogLevel warn
CustomLog /var/log/httpd/dashboard.example.com_access.log combined

Check the Apache config reports no errors by checking the config:

[root@puppet]# apachectl -t -f /etc/httpd/conf.d/puppetdashboard.conf

Any problems you will obviously need to fix before you restart Apache.

Create logs for Dashboard:

[root@puppet]# touch /usr/share/ puppet-dashboard/log/production.log

[root@puppet]# chmod 0666 /usr/share/ puppet-dashboard/log/production.log

To enable inventory support, first check what you need to do at Puppetlabs.

In a nutshell, you need to change just a few settings. Go to settings.yml and change:

enable_inventory_service: true

Create the SSL certificates:

[root@puppet]# rake cert:create_key_pair RAILS_ENV=production

[root@puppet]# rake cert:request RAILS_ENV=production

Then sign it:

[root@puppet]# puppetca -s dashboard

A little mistake I ran into was the certificates need to be owned by the dashboard user. So, change the ownership of the certs directory so that the puppet-dashboard user can access them:

[root@puppet]# chown puppet-dashboard:puppet-dashboard -R certs/

Add this to /etc/puppet/auth.conf

path /facts
auth any
method find, search
allow *

Then, restart Apache:

[root@puppet]# apachectl restart

Start the Dashboard workers:

[root@puppet]# /etc/init.d/puppet-dashboard-workers start

You may need to run the puppet agent on a node first to see puppet Facts appear on the Puppet Dashboard.

That's it!

Filed under: Linux 3 Comments

Install Puppet with Passenger on Centos 6 – Part Two

Last time we got our Puppet server embedded in a WEBrick server. Today I'll show how to go one step further by installing Passenger (mod_rails). By enabling Apache to serve our Puppet clients we will benefit from performance gains like being able to handle concurrent connections.

Getting Passenger working

Add the following into your puppet.conf:

ssl_client_header = SSL_CLIENT_S_D
ssl_client_verify_header = SSL_CLIENT_VERIFY

Install the following on our Puppet server:

[root@puppet]# yum install gcc-c++ httpd-devel apr-devel ruby-devel ruby-rdoc

Install some gems:

[root@puppet]# gem install -v=1.0.1 rack

[root@puppet]# gem install -v=2.3.5 activerecord

And Passenger:

[root@puppet]# gem install -v=2.2.11 passenger


[root@puppet]# passenger-install-apache2-module

If this final install of Passenger fails it will tell you where it went wrong so fix as and if needed.

Install mod_ssl:

[root@puppet]# yum install mod_ssl

Create the document root:

[root@puppet]# mkdir -p /usr/share/puppet/rack/puppetmasterd/public

Now we need to create the Apache configuration in /etc/httpd/conf.d/puppet.conf:

LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-2.2.11/ext/apache2/
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-2.2.11
PassengerRuby /usr/bin/ruby

Listen 8140

SSLEngine on
SSLCertificateFile /var/lib/puppet/ssl/certs/
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
# CRL checking should be enabled; if you have problems withApache complaining about the CRL, disable the next line
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars

# The following client headers allow the same configuration to work with Pound.
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

RackAutoDetect On
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/

Options None
AllowOverride None
Order allow,deny
allow from all

Check the Apache configuration with an apachectl configtest and again fix any errors you encounter.

Now, copy the Rack config:

[root@puppet]# cp /usr/share/puppet/ext/rack/files/ /usr/share/puppet/rack/puppetmasterd/

Give Puppet correct permission to access the Rack config:

[root@puppet]# chown puppet:puppet /usr/share/puppet/rack/puppetmasterd/

Stop the Puppet server with a service puppetmaster stop so it won't interfere with Passenger. Remember to deactivate the puppetmaster service via chkconfig too. Then start Apache and you should have Passenger working.

To check from our Puppet client:

[root@pclient]# puppetd --noop --test --server --port 8140

In part three we will get stored configurations working and also Puppet Dashboard. I hope this has helped and if you run into any problems let me know and I'll try and give you a hand.

Filed under: Linux 12 Comments

Install Puppet with Passenger on Centos 6 – Part One

This is part one on how to install a Puppet 2.76 Server using Passenger (mod_passenger) with MySQL (for stored configurations) on Centos 6 or Red Hat Enterprise 6.  In this first part we will get a Puppet/WEBrick server serving a single Puppet client.

Firstly, ensure the FQDN (i.e. is set up properly on the server otherwise your Puppet clients will not be able to connect.

In this example, we're going to have the following setup: = Puppet server = Puppet client

Next, add a puppet.repo to /etc/yum.repos.d/ on both server and client:

name=Puppet Labs Packages
name=Puppet Labs Packages Deps

Also, add the EPEL repository.

Now, install Puppet server on the server:

[root@puppet]# yum install puppet-server

And install the Puppet client on the client:

[root@pclient]# yum install puppet

Start the Puppet server to generate the SSL certificates:

[root@puppet]# service puppetmaster start

Check the SSL certificates have been generated by verifying their existence in /var/lib/puppet/ssl.

Let's see if the Puppet server and client can communicate with each other.  Note, you may need to open up your firewall for this to work, so open port 8140 on the Puppet server to allow the Puppet client access.   For iptables:

[root@puppet]# iptables -I INPUT -s -m tcp -p tcp --dport 8140 -j ACCEPT

Save the iptables and restart the service.

Next, on the client, generate a SSL certificate request:

[root@pclient]# puppetd --waitforcert 30 --server -v

On the server check whether it has received the request:

[root@puppet]# puppetca -l

If it has worked, the output should be similar to: xxxxxxxxxxxxxxxx

Then sign the request:

[root@puppet]# puppetca -s

If you run into any problems with generating or signing the certificates, check in the /var/lib/puppet/ssl directory and remove them if necessary.  You can also run puppetca -c which revokes the certificate.

Check if everything is working by running this on the client:

[root@pclient]# puppetd  --debug --server

This will output any errors if there are any.

Now you should have a working Puppet server communicating with a Puppet client, in part two we will get Passenger installed.

Filed under: Linux No Comments

Yum install packages from text file

If you want to install packages from a text file using YUM, from server1 to server2, follow the steps below.

Let's create the text file with the listed packages on server1:

[root@server1]# rpm -qa > installed.txt

Then let's copy installed.txt from server1 using scp to server2, like this:

[root@server1]# scp installed.txt tom@server2:/home/tom

Now ssh to server2 and do this:

[root@server2 tom]# yum -y install $(cat installed.txt)

This will now install all the packages listed in installed.txt on server2. This has helped me out a few times and hope it helps anyone else out there too.

(N.B. This example was carried out on two Centos 5.6 servers but could easily work on other distributions. However, it goes without saying that each server will need to have the same architecture and distribution for this to work properly.)

Filed under: Linux 3 Comments

How to mount NTFS partition in Ubuntu

If you need read and write access to a NTFS partition from Ubuntu you can add an entry into /etc/fstab so that every time you boot up, the NTFS partition automatically mounts for you.

First, create a directory where the partition will be mounted:

mkdir /media/ntfs

Find the UUID of the NTFS partition:

sudo blkid

This will output something similar to:

/dev/sda1: UUID="B070ED7770DD452A" TYPE="ntfs"

If you have multiple NTFS partitions you will need to work out which one you want to automatically mount each time you boot.

Backup your fstab configuration (just in case you break something):

cp /etc/fstab /home/you/backup

Then add this line to /etc/fstab changing the UUID:

UUID=B070ED7770DD452A /media/ntfs ntfs rw,auto, uid=1234, umask=0027, nls=utf8 0 0

You can also set the "uid" to your own user id (uid=1234 is the example used here) and you can find this out by issuing id -u at the command line. Mounting file systems with specific user (or group) ids can be useful for the security of your system.
Umask = 0027 means you can read, write, or execute any files in the NTFS partition.

Check if it works:

sudo mount /media/ntfs && df

This should output various file systems including your newly mounted NTFS partition:

/dev/sda1 1 70226940 58935140 11291800 84% /media/ntfs

The next time you reboot the NTFS partition will automatically mount. To add more than one partition (or disk) just repeat the steps above, adding a new line for every additional partition into the fstab configuration file.

Hope this helps.

Filed under: Linux No Comments