I build Puppet environments all the time, which means I need to set up Puppet Masters all the time. Here's what I do to get a Master running on CentOS 7 "hella quick-style."
Build a CentOS 7 machine and set its hostname. I'm going to call mine "kermit.localdomain."
hostnamectl set-hostname kermit.localdomain
Then add the official PuppetLabs yum repo to the system's sources.
rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
Now yum can install the Puppet Master for you.
yum -y install puppet-server
The easiest way to generate the Master's SSL keypair and self-sign its certificate is to just start up the Master in the foreground and then control-C out of it once it's done the SSL bits. (There must be a more elegant way to do this.)
puppet master --verbose --no-daemonize
[Ctrl-C]
Aim the Master's own Agent at itself. The last stanza in a stock Puppet install's puppet.conf is the [agent] section, so we can get away with just appending to it. (Again, using "kermit" in this example.)
echo 'server = kermit.localdomain' >> /etc/puppet/puppet.conf
Add a [master] stanza to the puppet.conf file. On a stock install, it's safe to just append to the file.
cat >> /etc/puppet/puppet.conf <<EOF
[master]
environmentpath = \$confdir/environments
basemodulepath = /etc/puppet/modules
reports = store,log
EOF
The Master won't start without a production environment, so make an empty one.
mkdir -p /etc/puppet/environments/production/{modules,manifests}
echo 'node default {}' > /etc/puppet/environments/production/manifests/site.pp
Copy the package-supplied Hiera configuration file to a place where the Master can find it. Later, you'll likely need to update the 'datadir' and your hierarchy, but for now the stock one is fine.
cp /etc/hiera.yaml /etc/puppet/hiera.yaml
Set up firewalld with a rule for Puppet traffic on port 8140.
cat > /etc/firewalld/services/puppetmaster.xml <<EOF
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>puppetmaster</short>
<description>Puppet Master</description>
<port protocol="tcp" port="8140"/>
</service>
EOF
Tell firewalld to use the rule.
firewall-cmd --permanent --add-service=puppetmaster # may take two tries
firewall-cmd --reload
And finally, start up the pieces.
puppet resource service puppetmaster ensure=running enable=true
puppet resource service puppet ensure=running enable=true
That's it! If you have to troubleshoot, tail /var/log/messages for clues. Remember, you can kick off Puppet runs manually with `puppet agent -t` to see what's going on during a run.
Build a CentOS 7 machine and set its hostname. I'm going to call mine "kermit.localdomain."
hostnamectl set-hostname kermit.localdomain
Then add the official PuppetLabs yum repo to the system's sources.
rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
Now yum can install the Puppet Master for you.
yum -y install puppet-server
The easiest way to generate the Master's SSL keypair and self-sign its certificate is to just start up the Master in the foreground and then control-C out of it once it's done the SSL bits. (There must be a more elegant way to do this.)
puppet master --verbose --no-daemonize
[Ctrl-C]
Aim the Master's own Agent at itself. The last stanza in a stock Puppet install's puppet.conf is the [agent] section, so we can get away with just appending to it. (Again, using "kermit" in this example.)
echo 'server = kermit.localdomain' >> /etc/puppet/puppet.conf
Add a [master] stanza to the puppet.conf file. On a stock install, it's safe to just append to the file.
cat >> /etc/puppet/puppet.conf <<EOF
[master]
environmentpath = \$confdir/environments
basemodulepath = /etc/puppet/modules
reports = store,log
EOF
The Master won't start without a production environment, so make an empty one.
mkdir -p /etc/puppet/environments/production/{modules,manifests}
echo 'node default {}' > /etc/puppet/environments/production/manifests/site.pp
Copy the package-supplied Hiera configuration file to a place where the Master can find it. Later, you'll likely need to update the 'datadir' and your hierarchy, but for now the stock one is fine.
cp /etc/hiera.yaml /etc/puppet/hiera.yaml
Set up firewalld with a rule for Puppet traffic on port 8140.
cat > /etc/firewalld/services/puppetmaster.xml <<EOF
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>puppetmaster</short>
<description>Puppet Master</description>
<port protocol="tcp" port="8140"/>
</service>
EOF
Tell firewalld to use the rule.
firewall-cmd --permanent --add-service=puppetmaster # may take two tries
firewall-cmd --reload
And finally, start up the pieces.
puppet resource service puppetmaster ensure=running enable=true
puppet resource service puppet ensure=running enable=true
That's it! If you have to troubleshoot, tail /var/log/messages for clues. Remember, you can kick off Puppet runs manually with `puppet agent -t` to see what's going on during a run.
