We use cookies to ensure you get the best experience on our website.
Master Server
# Krok 1: Pobieranie i Instalacja Puppet Server
# źródło : https://www.puppet.com/docs/puppet/7/install_puppet.html
echo "puppetmaster.local" > /etc/hostname
REBOOT VM
sudo wget https://apt.puppet.com/puppet7-release-jammy.deb
sudo dpkg -i puppet7-release-jammy.deb
sudo apt-get update
sudo apt-get install puppetserver
sudo systemctl enable puppetserver
# Konfiguracja Puppet Mastera : /etc/puppetlabs/puppet/puppet.conf
[server]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
# auto accept PEM from Agent
autosign = true
[main]
certname = puppetmaster.local
server = puppetmaster.local
environment = production
# instalacja dodatkowego modulu do line
sudo su -
export PATH=/opt/puppetlabs/bin:$PATH
puppet module install puppetlabs-stdlib
# Tworzenie certyfikatu serwera master
systemctl stop puppetserver
rm -rf /etc/puppetlabs/puppet/ssl/*
rm -rf /etc/puppetlabs/puppetserver/ca/*
puppetserver ca setup
systemctl start puppetserver
puppet agent --test
Restart Server
# Weryfikacja Instalacji Puppet Server
puppet --version
sudo systemctl status puppetserver
Proxy Settings 4
/etc/puppetlabs/code/environments/production/manifests/proxy.pp
file { '/etc/environment':
content => "http_proxy=http://proxy.example.com:8080\nhttps_proxy=http://proxy.example.com:8080\n",
notify => Exec['apply_proxy_environment'],
}
exec { 'apply_proxy_environment':
command => '/bin/systemctl --system daemon-reload',
refreshonly => true,
}
User Settings
/etc/puppetlabs/code/environments/production/manifests/users.pp
node 'default' {
$root_password = '$y$j9T$HFuii0vsSG9YIwZr2W8vk/$SHtitxKd03ENytE5GCY76ttSW9dFlE/pglUjqNJTCi1' # Wartość to zaszyfrowane hasło
user { 'root':
ensure => present,
password => $root_password,
}
}
Custom User
# Define variables for the new user and allowed command
/etc/puppetlabs/code/environments/production/manifests/user_kowal.pp
$new_username = 'jkowal'
$allowed_command = '!/usr/bin/apt-get, !/usr/bin/apt dist-upgrade,!/usr/bin/wget *, !/usr/bin/ssh ,!/usr/bin/curl'
# Create the new user
user { $new_username:
ensure => present,
managehome => true, # Create home directory
shell => '/bin/bash', # Specify the shell
password => '$y$j9T$HFuii0vsSG9YIwZr2W8vk/$SHtitxKd03ENytE5GCY76ttSW9dFlE/pglUjqNJTCi1',
}
# Grant sudo privileges to the new user for the allowed command
file { "/etc/sudoers.d/${new_username}_sudoers":
ensure => present,
content => "Defaults:${new_username} !requiretty\n${new_username} ALL=(ALL) NOPASSWD: ${allowed_command}\n",
mode => '0440', # Set the correct permissions
}
SSH settings
/etc/puppetlabs/code/environments/production/manifests/ssh.pp
# Install OpenSSH package
package { 'openssh-server':
ensure => installed,
}
# Ensure SSH service is running and enabled
service { 'sshd':
ensure => running,
enable => true,
}
# root login disable
file_line { 'replace_line_PermitRootLogin':
path => '/etc/ssh/sshd_config',
line => 'PermitRootLogin=no',
match => '^PermitRootLogin=yes$',
replace => true,
}
Install VIM
/etc/puppetlabs/code/environments/production/manifests/vim.pp
package { 'vim':
ensure => installed,
}
NODE
# Konfiguracja Agentów Puppet
# Instalacja Puppet Agent na node
echo "192.168.1.109 puppetmaster.local" | sudo tee -a /etc/hosts
sudo wget https://apt.puppet.com/puppet7-release-jammy.deb
sudo dpkg -i puppet7-release-jammy.deb
sudo apt-get update
sudo apt-get install puppet-agent
# Restart ssh console
# Run puppet at boot
sudo puppet resource service puppet ensure=running enable=true
# Run puppet every 30 minutes
sudo puppet resource cron puppet-agent ensure=present user=root minute=30 command='/opt/puppetlabs/bin/puppet agent --onetime --no-daemonize --splay --splaylimit 60'
# Konfiguracja agenta do mastera
/etc/puppetlabs/puppet/puppet.conf
[main]
server = puppetmaster.local
environment = production
# Not needed bellow
certname = puppetagent.local
Manulane Uruchomienie Agenta
sudo puppet agent --testCześć Podróżniku!
Ta strona ma nie być typowym poradnikiem w IT, Głównym jej cel to zapisanie krótkich notatek, które mogą się przydać w codziennym życiu podczas korzystania/konfiguracji różnych urządzeń np. Ustawienia DHCP na Routerze Cisco, Ustawieniu Karty sieciowej na Linuxie itp.
Wszelkie prawa zastrzeżone
Dodaj komentarz