1. Install NTP
yum install ntp
2. Install the puppet repository on the server
* CentOS 5
rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm
* CentOS 6
rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
* CentOS 7
rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
3. Ensure that the repository is enabled.
vim /etc/yum.repos.d/puppetlabs.repo
[puppetlabs-products]
name=Puppet Labs Products El 6 - $basearch
baseurl=http://yum.puppetlabs.com/el/6/products/$basearch
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs
enabled=1
gpgcheck=1
[puppetlabs-deps]
name=Puppet Labs Dependencies El 6 - $basearch
baseurl=http://yum.puppetlabs.com/el/6/dependencies/$basearch
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs
enabled=1
gpgcheck=1
[puppetlabs-devel]
name=Puppet Labs Devel El 6 - $basearch
baseurl=http://yum.puppetlabs.com/el/6/devel/$basearch
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs
enabled=1
gpgcheck=1
[puppetlabs-products-source]
name=Puppet Labs Products El 6 - $basearch - Source
baseurl=http://yum.puppetlabs.com/el/6/products/SRPMS
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs
failovermethod=priority
enabled=0
gpgcheck=1
[puppetlabs-deps-source]
name=Puppet Labs Source Dependencies El 6 - $basearch - Source
baseurl=http://yum.puppetlabs.com/el/6/dependencies/SRPMS
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs
enabled=0
gpgcheck=1
[puppetlabs-devel-source]
name=Puppet Labs Devel El 6 - $basearch - Source
baseurl=http://yum.puppetlabs.com/el/6/devel/SRPMS
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs
enabled=0
gpgcheck=1
4. Install Puppet Master server
yum install puppet-server
5. Set up the Pupper Masters Certificates
* Edit the main puppet config file to add DNS response entries
vim /etc/puppet/puppet.conf
* Add the dns_alt_names directive with any DNS name that the puppet master can respond to (Use your domain in liu of yourdomain.com).
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
# Set up DNS Names that the server will respond to.
dns_alt_names = puppet,puppet.yourdomain.com,svrpuppet,svrpuppet.yourdomain.com
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
6. Generate the certificates
puppet master --verbose --no-daemonize
* When you see Notice: Starting Puppet master version {VERSION}, hit ctrl-C to kill the startup process.
[root@SVRPUPPET ~]# puppet master --verbose --no-daemonize
Info: Creating a new SSL key for ca
Info: Creating a new SSL certificate request for ca
Info: Certificate Request fingerprint (SHA256): D1:33:5F:2F:AB:66:51:3C:43:FB:B5:72:08:00:02:A1:7C:06:28:4A:4A:A9:4D:98:68:F3:C2:27:AB:C5:AB:C7
Notice: Signed certificate request for ca
Info: Creating a new certificate revocation list
Info: Creating a new SSL key for svrpuppet
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for svrpuppet
Info: Certificate Request fingerprint (SHA256): 4B:00:C5:FA:E3:4B:44:5B:3A:C8:67:8E:37:9E:2E:64:7E:33:C5:CD:B3:65:6C:39:26:2D:1A:45:AD:76:58:0B
Notice: svrpuppet has a waiting certificate request
Notice: Signed certificate request for svrpuppet
Notice: Removing file Puppet::SSL::CertificateRequest svrpuppet at '/var/lib/puppet/ssl/ca/requests/svrpuppet.pem'
Notice: Removing file Puppet::SSL::CertificateRequest svrpuppet at '/var/lib/puppet/ssl/certificate_requests/svrpuppet.pem'
Notice: Starting Puppet master version 3.6.2
^CNotice: Caught INT; calling stop
7. Set up manifests and modules
* The main manifest and module directories are as follows
** Main Site Manifest – Applied to ALL servers – /etc/puppet/manifests/site.pp
** Manifest – /etc/puppet/manifests/
** Modules – /etc/puppet/modules/
** Environments – /etc/puppet/environments/
* Create environment directories in the environments main directory for each of your environments. This will allow us to apply different configurations to different environments.
mkdir -p /etc/puppet/environments/production/manifests
mkdir -p /etc/puppet/environments/development/manifests
mkdir -p /etc/puppet/environments/internal/manifests
mkdir -p /etc/puppet/environments/dmz/manifests
mkdir -p /etc/puppet/environments/production/modules
mkdir -p /etc/puppet/environments/development/modules
mkdir -p /etc/puppet/environments/internal/modules
mkdir -p /etc/puppet/environments/dmz/modules
* You can create folders for whatever type of environments you would like such as web_servers, haproxy_servers, centos6_servers, etc..
* Enable Directory Environments
vim /etc/puppet/puppet.conf
* Add the following to the [Main] section of the config file under the DNS names
# Enable Directory Environments
environmentpath = $confdir/environments
8. Configure Apache with Passenger to server requests to the puppet master.
* Start and then stop the puppet master. This will set certificates up properly and initilize the installation.
service puppetmaster start
service puppetmaster stop
* Install Apache
yum install httpd httpd-devel mod_ssl ruby-devel rubygems gcc
* Set apache to start on boot
chkconfig httpd on
* Install Rack/Passenger
gem install rack passenger
[root@SVRPUPPET puppet]# gem install rack passenger
Successfully installed rack-1.5.2
Building native extensions. This could take a while...
Successfully installed rake-10.3.2
Successfully installed daemon_controller-1.2.0
Successfully installed passenger-4.0.46
4 gems installed
Installing ri documentation for rack-1.5.2...
Installing ri documentation for rake-10.3.2...
Installing ri documentation for daemon_controller-1.2.0...
Installing ri documentation for passenger-4.0.46...
Installing RDoc documentation for rack-1.5.2...
Installing RDoc documentation for rake-10.3.2...
Installing RDoc documentation for daemon_controller-1.2.0...
Installing RDoc documentation for passenger-4.0.46...
9. Run the passenger installer
* Install passenger dependencies
yum install gcc-c++ curl-devel openssl-devel zlib-devel
passenger-install-apache2-module
* Select the languages you want to install passenger for and clear up any dependencies that the installer finds
[root@SVRPUPPET puppet]# passenger-install-apache2-module
Welcome to the Phusion Passenger Apache 2 module installer, v4.0.46.
This installer will guide you through the entire installation process. It
shouldn't take more than 3 minutes in total.
Here's what you can expect from the installation process:
1. The Apache 2 module will be installed for you.
2. You'll learn how to configure Apache.
3. You'll learn how to deploy a Ruby on Rails application.
Don't worry if anything goes wrong. This installer will advise you on how to
solve any problems.
Press Enter to continue, or Ctrl-C to abort.
--------------------------------------------
Which languages are you interested in?
Use to select.
If the menu doesn't display correctly, press '!'
⬢ Ruby
⬢ Python
‣ ⬢ Node.js
⬡ Meteor
--------------------------------------------
Checking for required software...
* Checking for C compiler...
Found: yes
Location: /usr/bin/cc
* Checking for C++ compiler...
Found: yes
Location: /usr/bin/c++
* Checking for Curl development headers with SSL support...
Found: yes
curl-config location: /usr/bin/curl-config
Supports SSL: yes
Header location: /usr/include/curl/curl.h
Version: libcurl 7.19.7
Usable: yes
* Checking for OpenSSL development headers...
Found: yes
Location: /usr/include/openssl/ssl.h
* Checking for Zlib development headers...
Found: yes
Location: /usr/include/zlib.h
* Checking for Apache 2...
Found: yes
Location of httpd: /usr/sbin/httpd
Apache version: 2.2.15
* Checking for Apache 2 development headers...
Found: yes
Location of apxs2: /usr/sbin/apxs
* Checking for Rake (associated with /usr/bin/ruby)...
Found: yes
Location: /usr/bin/ruby /usr/bin/rake
* Checking for OpenSSL support for Ruby...
Found: yes
* Checking for RubyGems...
Found: yes
* Checking for Ruby development headers...
Found: yes
Location: /usr/lib64/ruby/1.8/x86_64-linux/ruby.h
* Checking for rack...
Found: yes
* Checking for Apache Portable Runtime (APR) development headers...
Found: yes
Location: /usr/bin/apr-1-config
Version: 1.3.9
* Checking for Apache Portable Runtime Utility (APU) development headers...
Found: yes
Location: /usr/bin/apu-1-config
Version: 1.3.9
--------------------------------------------
Sanity checking Apache installation...
All good!
--------------------------------------------
Compiling and installing Apache 2 module...
{ LOTS OF COMPILING }
--------------------------------------------
Almost there!
Please edit your Apache configuration file, and add these lines:
LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.46/buildout/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.46
PassengerDefaultRuby /usr/bin/ruby
After you restart Apache, you are ready to deploy any number of web
applications on Apache, with a minimum amount of configuration!
Press ENTER to continue.
--------------------------------------------
Deploying a web application: an example
Suppose you have a web application in /somewhere. Add a virtual host to your
Apache configuration file and set its DocumentRoot to /somewhere/public:
ServerName www.yourhost.com
# !!! Be sure to point DocumentRoot to 'public'!
DocumentRoot /somewhere/public
# This relaxes Apache security settings.
AllowOverride all
# MultiViews must be turned off.
Options -MultiViews
# Uncomment this if you're on Apache >= 2.4:
#Require all granted
And that's it! You may also want to check the Users Guide for security and
optimization tips, troubleshooting and other useful information:
/usr/lib/ruby/gems/1.8/gems/passenger-4.0.46/doc/Users guide Apache.html
https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html
Enjoy Phusion Passenger, a product of Phusion (www.phusion.nl) :-)
https://www.phusionpassenger.com
Phusion Passenger is a trademark of Hongli Lai & Ninh Bui.
10. Configure Apache
* Make the Rack Applicaton directory and point apache to it
mkdir -p /usr/share/puppet/rack/puppetmasterd
mkdir /usr/share/puppet/rack/puppetmasterd/public
mkdir /usr/share/puppet/rack/puppetmasterd/tmp
cp /usr/share/puppet/ext/rack/config.ru /usr/share/puppet/rack/puppetmasterd/
chown puppet:puppet /usr/share/puppet/rack/puppetmasterd/config.ru
11. Configure the Apache VHost File
* Create an Apache config file for apache
vim /etc/httpd/conf.d/puppetmaster.conf
# You'll need to adjust the paths in the Passenger config depending on which OS
# you're using, as well as the installed version of Passenger.
# Debian/Ubuntu:
#LoadModule passenger_module /var/lib/gems/1.8/gems/passenger-4.0.x/ext/apache2/mod_passenger.so
#PassengerRoot /var/lib/gems/1.8/gems/passenger-4.0.x
#PassengerRuby /usr/bin/ruby1.8
# RHEL/CentOS:
LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.46/buildout/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.46
PassengerRuby /usr/bin/ruby
# And the passenger performance tuning settings:
PassengerHighPerformance On
# Set this to about 1.5 times the number of CPU cores in your master:
PassengerMaxPoolSize 12
# Recycle master processes after they service 1000 requests
PassengerMaxRequests 1000
# Stop processes if they sit idle for 10 minutes
PassengerPoolIdleTime 600
Listen 8140
SSLEngine On
# Only allow high security cryptography. Alter if needed for compatibility.
SSLProtocol ALL -SSLv2 -SSLv3
SSLCipherSuite EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
SSLCertificateFile /var/lib/puppet/ssl/certs/puppet-server.example.com.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet-server.example.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
#SSLCARevocationCheck chain
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
# Apache 2.4 introduces the SSLCARevocationCheck directive and sets it to none
# which effectively disables CRL checking. If you are using Apache 2.4+ you must
# specify 'SSLCARevocationCheck chain' to actually use the CRL.
# These request headers are used to pass the client certificate
# authentication information on to the puppet master process
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public
Options None
AllowOverride None
# Apply the right behavior depending on Apache version.
Order allow,deny
Allow from all
= 2.4>
Require all granted
ErrorLog /var/log/httpd/puppet-server.example.com_ssl_error.log
CustomLog /var/log/httpd/puppet-server.example.com_ssl_access.log combined
* Check your version of the ruby gem file, and your certificate names and edit accordingly.
yum install mlocate
updatedb
* The value returned is the value that needs to be in the LoadModule directive in the puppetmaster.conf apache config file.
[root@SVRPUPPET puppet]# locate mod_passenger.so
/usr/lib/ruby/gems/1.8/gems/passenger-4.0.46/buildout/apache2/mod_passenger.so
# RHEL/CentOS:
LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.46/buildout/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.46
PassengerRuby /usr/bin/ruby
* Check certificate names as well
[root@SVRPUPPET puppet]# ls /var/lib/puppet/ssl/certs/
ca.pem svrpuppet.pem
SSLCertificateFile /var/lib/puppet/ssl/certs/puppet-server.example.com.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet-server.example.pem
should be:
SSLCertificateFile /var/lib/puppet/ssl/certs/svrpuppet.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/svrpuppet.pem
12. Set the apache ServerName directive and then start the apache server
vim /etc/httpd/conf/httpd.conf
ServerName puppet.yourdomain.com:80
service httpd start
13. Ensure that the default puppetmaster webserver (default no load one) is turned off
chkconfig puppetmaster off
If Apache Started Properly, then Puppet should now be installed.
yum install ntp
2. Install the puppet repository on the server
* CentOS 5
rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm
* CentOS 6
rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
* CentOS 7
rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
3. Ensure that the repository is enabled.
vim /etc/yum.repos.d/puppetlabs.repo
[puppetlabs-products]
name=Puppet Labs Products El 6 - $basearch
baseurl=http://yum.puppetlabs.com/el/6/products/$basearch
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs
enabled=1
gpgcheck=1
[puppetlabs-deps]
name=Puppet Labs Dependencies El 6 - $basearch
baseurl=http://yum.puppetlabs.com/el/6/dependencies/$basearch
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs
enabled=1
gpgcheck=1
[puppetlabs-devel]
name=Puppet Labs Devel El 6 - $basearch
baseurl=http://yum.puppetlabs.com/el/6/devel/$basearch
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs
enabled=1
gpgcheck=1
[puppetlabs-products-source]
name=Puppet Labs Products El 6 - $basearch - Source
baseurl=http://yum.puppetlabs.com/el/6/products/SRPMS
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs
failovermethod=priority
enabled=0
gpgcheck=1
[puppetlabs-deps-source]
name=Puppet Labs Source Dependencies El 6 - $basearch - Source
baseurl=http://yum.puppetlabs.com/el/6/dependencies/SRPMS
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs
enabled=0
gpgcheck=1
[puppetlabs-devel-source]
name=Puppet Labs Devel El 6 - $basearch - Source
baseurl=http://yum.puppetlabs.com/el/6/devel/SRPMS
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs
enabled=0
gpgcheck=1
4. Install Puppet Master server
yum install puppet-server
5. Set up the Pupper Masters Certificates
* Edit the main puppet config file to add DNS response entries
vim /etc/puppet/puppet.conf
* Add the dns_alt_names directive with any DNS name that the puppet master can respond to (Use your domain in liu of yourdomain.com).
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
# Set up DNS Names that the server will respond to.
dns_alt_names = puppet,puppet.yourdomain.com,svrpuppet,svrpuppet.yourdomain.com
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
6. Generate the certificates
puppet master --verbose --no-daemonize
* When you see Notice: Starting Puppet master version {VERSION}, hit ctrl-C to kill the startup process.
[root@SVRPUPPET ~]# puppet master --verbose --no-daemonize
Info: Creating a new SSL key for ca
Info: Creating a new SSL certificate request for ca
Info: Certificate Request fingerprint (SHA256): D1:33:5F:2F:AB:66:51:3C:43:FB:B5:72:08:00:02:A1:7C:06:28:4A:4A:A9:4D:98:68:F3:C2:27:AB:C5:AB:C7
Notice: Signed certificate request for ca
Info: Creating a new certificate revocation list
Info: Creating a new SSL key for svrpuppet
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for svrpuppet
Info: Certificate Request fingerprint (SHA256): 4B:00:C5:FA:E3:4B:44:5B:3A:C8:67:8E:37:9E:2E:64:7E:33:C5:CD:B3:65:6C:39:26:2D:1A:45:AD:76:58:0B
Notice: svrpuppet has a waiting certificate request
Notice: Signed certificate request for svrpuppet
Notice: Removing file Puppet::SSL::CertificateRequest svrpuppet at '/var/lib/puppet/ssl/ca/requests/svrpuppet.pem'
Notice: Removing file Puppet::SSL::CertificateRequest svrpuppet at '/var/lib/puppet/ssl/certificate_requests/svrpuppet.pem'
Notice: Starting Puppet master version 3.6.2
^CNotice: Caught INT; calling stop
7. Set up manifests and modules
* The main manifest and module directories are as follows
** Main Site Manifest – Applied to ALL servers – /etc/puppet/manifests/site.pp
** Manifest – /etc/puppet/manifests/
** Modules – /etc/puppet/modules/
** Environments – /etc/puppet/environments/
* Create environment directories in the environments main directory for each of your environments. This will allow us to apply different configurations to different environments.
mkdir -p /etc/puppet/environments/production/manifests
mkdir -p /etc/puppet/environments/development/manifests
mkdir -p /etc/puppet/environments/internal/manifests
mkdir -p /etc/puppet/environments/dmz/manifests
mkdir -p /etc/puppet/environments/production/modules
mkdir -p /etc/puppet/environments/development/modules
mkdir -p /etc/puppet/environments/internal/modules
mkdir -p /etc/puppet/environments/dmz/modules
* You can create folders for whatever type of environments you would like such as web_servers, haproxy_servers, centos6_servers, etc..
* Enable Directory Environments
vim /etc/puppet/puppet.conf
* Add the following to the [Main] section of the config file under the DNS names
# Enable Directory Environments
environmentpath = $confdir/environments
8. Configure Apache with Passenger to server requests to the puppet master.
* Start and then stop the puppet master. This will set certificates up properly and initilize the installation.
service puppetmaster start
service puppetmaster stop
* Install Apache
yum install httpd httpd-devel mod_ssl ruby-devel rubygems gcc
* Set apache to start on boot
chkconfig httpd on
* Install Rack/Passenger
gem install rack passenger
[root@SVRPUPPET puppet]# gem install rack passenger
Successfully installed rack-1.5.2
Building native extensions. This could take a while...
Successfully installed rake-10.3.2
Successfully installed daemon_controller-1.2.0
Successfully installed passenger-4.0.46
4 gems installed
Installing ri documentation for rack-1.5.2...
Installing ri documentation for rake-10.3.2...
Installing ri documentation for daemon_controller-1.2.0...
Installing ri documentation for passenger-4.0.46...
Installing RDoc documentation for rack-1.5.2...
Installing RDoc documentation for rake-10.3.2...
Installing RDoc documentation for daemon_controller-1.2.0...
Installing RDoc documentation for passenger-4.0.46...
9. Run the passenger installer
* Install passenger dependencies
yum install gcc-c++ curl-devel openssl-devel zlib-devel
passenger-install-apache2-module
* Select the languages you want to install passenger for and clear up any dependencies that the installer finds
[root@SVRPUPPET puppet]# passenger-install-apache2-module
Welcome to the Phusion Passenger Apache 2 module installer, v4.0.46.
This installer will guide you through the entire installation process. It
shouldn't take more than 3 minutes in total.
Here's what you can expect from the installation process:
1. The Apache 2 module will be installed for you.
2. You'll learn how to configure Apache.
3. You'll learn how to deploy a Ruby on Rails application.
Don't worry if anything goes wrong. This installer will advise you on how to
solve any problems.
Press Enter to continue, or Ctrl-C to abort.
--------------------------------------------
Which languages are you interested in?
Use to select.
If the menu doesn't display correctly, press '!'
⬢ Ruby
⬢ Python
‣ ⬢ Node.js
⬡ Meteor
--------------------------------------------
Checking for required software...
* Checking for C compiler...
Found: yes
Location: /usr/bin/cc
* Checking for C++ compiler...
Found: yes
Location: /usr/bin/c++
* Checking for Curl development headers with SSL support...
Found: yes
curl-config location: /usr/bin/curl-config
Supports SSL: yes
Header location: /usr/include/curl/curl.h
Version: libcurl 7.19.7
Usable: yes
* Checking for OpenSSL development headers...
Found: yes
Location: /usr/include/openssl/ssl.h
* Checking for Zlib development headers...
Found: yes
Location: /usr/include/zlib.h
* Checking for Apache 2...
Found: yes
Location of httpd: /usr/sbin/httpd
Apache version: 2.2.15
* Checking for Apache 2 development headers...
Found: yes
Location of apxs2: /usr/sbin/apxs
* Checking for Rake (associated with /usr/bin/ruby)...
Found: yes
Location: /usr/bin/ruby /usr/bin/rake
* Checking for OpenSSL support for Ruby...
Found: yes
* Checking for RubyGems...
Found: yes
* Checking for Ruby development headers...
Found: yes
Location: /usr/lib64/ruby/1.8/x86_64-linux/ruby.h
* Checking for rack...
Found: yes
* Checking for Apache Portable Runtime (APR) development headers...
Found: yes
Location: /usr/bin/apr-1-config
Version: 1.3.9
* Checking for Apache Portable Runtime Utility (APU) development headers...
Found: yes
Location: /usr/bin/apu-1-config
Version: 1.3.9
--------------------------------------------
Sanity checking Apache installation...
All good!
--------------------------------------------
Compiling and installing Apache 2 module...
{ LOTS OF COMPILING }
--------------------------------------------
Almost there!
Please edit your Apache configuration file, and add these lines:
LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.46/buildout/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.46
PassengerDefaultRuby /usr/bin/ruby
After you restart Apache, you are ready to deploy any number of web
applications on Apache, with a minimum amount of configuration!
Press ENTER to continue.
--------------------------------------------
Deploying a web application: an example
Suppose you have a web application in /somewhere. Add a virtual host to your
Apache configuration file and set its DocumentRoot to /somewhere/public:
ServerName www.yourhost.com
# !!! Be sure to point DocumentRoot to 'public'!
DocumentRoot /somewhere/public
# This relaxes Apache security settings.
AllowOverride all
# MultiViews must be turned off.
Options -MultiViews
# Uncomment this if you're on Apache >= 2.4:
#Require all granted
And that's it! You may also want to check the Users Guide for security and
optimization tips, troubleshooting and other useful information:
/usr/lib/ruby/gems/1.8/gems/passenger-4.0.46/doc/Users guide Apache.html
https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html
Enjoy Phusion Passenger, a product of Phusion (www.phusion.nl) :-)
https://www.phusionpassenger.com
Phusion Passenger is a trademark of Hongli Lai & Ninh Bui.
10. Configure Apache
* Make the Rack Applicaton directory and point apache to it
mkdir -p /usr/share/puppet/rack/puppetmasterd
mkdir /usr/share/puppet/rack/puppetmasterd/public
mkdir /usr/share/puppet/rack/puppetmasterd/tmp
cp /usr/share/puppet/ext/rack/config.ru /usr/share/puppet/rack/puppetmasterd/
chown puppet:puppet /usr/share/puppet/rack/puppetmasterd/config.ru
11. Configure the Apache VHost File
* Create an Apache config file for apache
vim /etc/httpd/conf.d/puppetmaster.conf
# You'll need to adjust the paths in the Passenger config depending on which OS
# you're using, as well as the installed version of Passenger.
# Debian/Ubuntu:
#LoadModule passenger_module /var/lib/gems/1.8/gems/passenger-4.0.x/ext/apache2/mod_passenger.so
#PassengerRoot /var/lib/gems/1.8/gems/passenger-4.0.x
#PassengerRuby /usr/bin/ruby1.8
# RHEL/CentOS:
LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.46/buildout/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.46
PassengerRuby /usr/bin/ruby
# And the passenger performance tuning settings:
PassengerHighPerformance On
# Set this to about 1.5 times the number of CPU cores in your master:
PassengerMaxPoolSize 12
# Recycle master processes after they service 1000 requests
PassengerMaxRequests 1000
# Stop processes if they sit idle for 10 minutes
PassengerPoolIdleTime 600
Listen 8140
SSLEngine On
# Only allow high security cryptography. Alter if needed for compatibility.
SSLProtocol ALL -SSLv2 -SSLv3
SSLCipherSuite EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
SSLCertificateFile /var/lib/puppet/ssl/certs/puppet-server.example.com.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet-server.example.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
#SSLCARevocationCheck chain
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
# Apache 2.4 introduces the SSLCARevocationCheck directive and sets it to none
# which effectively disables CRL checking. If you are using Apache 2.4+ you must
# specify 'SSLCARevocationCheck chain' to actually use the CRL.
# These request headers are used to pass the client certificate
# authentication information on to the puppet master process
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public
Options None
AllowOverride None
# Apply the right behavior depending on Apache version.
Order allow,deny
Allow from all
= 2.4>
Require all granted
ErrorLog /var/log/httpd/puppet-server.example.com_ssl_error.log
CustomLog /var/log/httpd/puppet-server.example.com_ssl_access.log combined
* Check your version of the ruby gem file, and your certificate names and edit accordingly.
yum install mlocate
updatedb
* The value returned is the value that needs to be in the LoadModule directive in the puppetmaster.conf apache config file.
[root@SVRPUPPET puppet]# locate mod_passenger.so
/usr/lib/ruby/gems/1.8/gems/passenger-4.0.46/buildout/apache2/mod_passenger.so
# RHEL/CentOS:
LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.46/buildout/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.46
PassengerRuby /usr/bin/ruby
* Check certificate names as well
[root@SVRPUPPET puppet]# ls /var/lib/puppet/ssl/certs/
ca.pem svrpuppet.pem
SSLCertificateFile /var/lib/puppet/ssl/certs/puppet-server.example.com.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet-server.example.pem
should be:
SSLCertificateFile /var/lib/puppet/ssl/certs/svrpuppet.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/svrpuppet.pem
12. Set the apache ServerName directive and then start the apache server
vim /etc/httpd/conf/httpd.conf
ServerName puppet.yourdomain.com:80
service httpd start
13. Ensure that the default puppetmaster webserver (default no load one) is turned off
chkconfig puppetmaster off
If Apache Started Properly, then Puppet should now be installed.
No comments:
Post a Comment