Monday, June 3, 2013

Production Class Puppet Master Server


Running puppetmaster with the built in webserver from Ruby is not exactly scalable and puppet will suffer from performance issues. After researching, I've come across the following solution,
  • nginx, with ruby passenger.
More robust and can scale easily to a couple of hundred hosts. I have not personally run this on a environment of more that 40 servers. So lets start with the setup.


  1. Using latest Centos 6.4
  2. Puppet repo added to yum (# rpm -ivh
  3. Remove any nginx installations (# yum remove nginx)
Once your server virtual machine is updated, lets get ready for the installation.


  1. # yum install -y ruby rubygems ruby-devel.x86_64 puppet puppet-server gcc make pcre-devel zlib-devel openssl-devel pam-devel curl-devel gcc-c++
  2. # gem install rack passenger
  3. # /usr/lib/ruby/gems/1.8/gems/passenger-4.0.5/bin/passenger-install-nginx-module 
    • Follow the onscreen instructions. This script will install the passenger module, as well as getting the latest nginx and compiling it under /opt/nginx.
    • This will take a while :)
  4. A couple of links are required
    • # ln -s /opt/nginx/conf /etc/nginx
    • # ln -s /opt/nginx/logs /var/log/nginx
  5. Lets install the start up script and sysconfig,
    • # curl -L -o /etc/init.d/nginx; chmod +x /etc/init.d/nginx
    • # curl -L -o /etc/sysconfig/nginx
  6. nginx configuration setup
    • # mkdir -p /etc/nginx/conf.d
    • We will be placing the puppet master virtual host under the conf.d directory. This keeps things neat and tidy!
    • # curl -L -o /etc/nginx/nginx.conf
    • # curl -L /etc/nginx/conf.d/puppet.conf
    • Edit the puppet.conf file and replace with your FQDN servername!
  7. Now we run puppet in master mode to create all the certificates required.
    • # puppet master --no-daemonize --verbose
    • Once all certs are created press CTRL+c to quit.
    • View that the certs where created, # ls -l /var/lib/puppet/ssl/*/*
  8. Next we setup the Rack.
    • # mkdir -p /etc/puppet/rack/public
    • # curl -L -o /etc/puppet/rack/
    • # chown -R puppet:puppet /etc/puppet/rack
  9. Add nginx to startup,
    • # chkconfig --add nginx; chkconfig nginx on; chkconfig puppetmaster off
If everything went to plan you should be running puppet master thru nginx and passenger on port 8140 (ssl).

Please ensure that all the setting are correct on the files.

Feel free to comment :)


No comments:

Post a Comment