Installing puppet version 2.7.3
I will be installing the package via ruby gems. I do not like it all but the packages available in the apt repository are to old.
Install ruby, rubygems and dependencies
apt-get install ruby rubygems libopenssl-ruby
Install puppet via gem
gem install puppet --version=2.7.3
Puppet executables
You have to options here:
Add the gem bin path to your .profile
echo export PATH="$PATH:/var/lib/gems/1.8/bin" >> /root/.profile cd /root && . .profile
or run the install.rb for puppet and facter:
/var/lib/gems/1.8/gems/puppet-2.7.3/install.rb /var/lib/gems/1.8/gems/facter-1.6.0/install.rb
Create puppet users
The no-daemonize option keeps puppet in the foreground. CTRL-c to exit once puppet is done adding users. The verbose option will help you see when it is done.
puppet master --mkusers --no-daemonize --verbose
Puppet configuration file
If you want a template puppet.conf use genconfig to make one:
puppet master --genconfig > /etc/puppet/puppet.conf
If you choose to use puppet to generate you configuration file be aware you will have to comment out the following the line /var/lib/puppet/facts/ in the puppet.conf configuration file. I have created a bug with puppet labs on this.
# factdest = /var/lib/puppet/facts/
Configuring puppet to use passenger
Edit the /etc/init.d/pupppet.conf and set the ssl_client_header and ssl_client_verify_header under the [master] section.
ssl_client_verify_header = SSL_CLIENT_VERIFY ssl_client_header = SSL_CLIENT_S_DN
Install and configure rack
gem install rack mkdir -p /etc/puppet/rack/public cp /var/lib/gems/1.8/gems/puppet-2.7.3/ext/rack/files/config.ru /etc/puppet/rack/ chown puppet /etc/puppet/rack/config.ru
Passenger dependencies
apt-get install build-essential libcurl4-openssl-dev libssl-dev zlib1g-dev apache2 apache2-prefork-dev libapr1-dev libaprutil1-dev ruby-dev
Install passenger
gem install passenger --version=3.0.9
Install Passenger Module
/var/lib/gems/1.8/bin/passenger-install-apache2-module --auto a2enmod ssl cat > /etc/apache2/mods-available/passenger.conf <<EOF PassengerHighPerformance on PassengerMaxPoolSize 12 PassengerPoolIdleTime 1500 PassengerStatThrottleRate 120 RackAutoDetect Off RailsAutoDetect Off EOF cat > /etc/apache2/mods-available/passenger.load <<EOF LoadModule passenger_module /var/lib/gems/1.8/gems/passenger-3.0.9/ext/apache2/mod_passenger.so PassengerRoot /var/lib/gems/1.8/gems/passenger-3.0.9 PassengerRuby /usr/bin/ruby1.8 EOF a2enmod passenger
Configure apache to listen on port 8140
cat >> /etc/apache2/ports.conf <<EOF
<IfModule passenger_module>
Listen 8140
</IfModule>
EOF
Setup puppetmaster virtual site
PUPPETHOST=`facter fqdn`
cat > /etc/apache2/sites-available/puppetmasterd <<EOF
<VirtualHost *:8140>
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateFile /etc/puppet/ssl/certs/$PUPPETHOST.pem
SSLCertificateKeyFile /etc/puppet/ssl/private_keys/$PUPPETHOST.pem
SSLCertificateChainFile /etc/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /etc/puppet/ssl/ca/ca_crt.pem
# If Apache complains about invalid signatures on the CRL, you can try disabling
# CRL checking by commenting the next line, but this is not recommended.
SSLCARevocationFile /etc/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
DocumentRoot /etc/puppet/rack/public/
RackBaseURI /
<Directory /etc/puppet/rack/>
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
EOF
a2ensite puppetmasterd
service apache2 restart