How to install Puppet and Puppet Dashboard

I’ve been using a lot of time on puppet lately. I had to setup a Puppetmaster with Puppet Dashboard, all running on passenger. I didn’t find any good howtos on the subject, so i’ll write one myself. Here is a step by step guide for how to setup a puppetmaster-server with puppet dashboard on a Ubuntu Server. I’m using the latest version of puppet from gems (2.6.2) instead of the one that ships with ubuntu (0.25.4). I’m also using mysql for the databases.

Puppetmaster:

First of all install rubygems and libmysql:

apt-get install rubygems1.8 libopenssl-ruby1.8 mysql-server libmysql-ruby

Create the database:

mysql> create database puppet;
mysql> grant all privileges on puppet.* to puppet@localhost identified by ‘password’;

Install puppet:

gem install rubygems-update
/var/lib/gems/1.8/bin/update_rubygems
gem install puppet activerecord

Deploy /etc/puppet/puppet.conf with the following content (adapt for your needs, see the comments):

[main]
# Basic config:
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/etc/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
pluginsync=false
templatedir=$confdir/templates

#Puppetmaster-config:
[master]
storeconfigs = true
# MySQL-configuration:
dbadapter = mysql
dbuser = puppet
dbpassword = password
dbserver = localhost
dbsocket = /var/run/mysqld/mysqld.sock
# SSL-config:
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
# Reports to puppet-dashboard for each run:
reports = http, store
reporturl = http://localhost:3000/reports

# Puppet client config enables reporting from the client
# This HAS to be enabled on ALL clients you want reports from
[agent]
report = true

You should also deploy init-scripts for puppet (not puppetmaster, it will run through apache) if needed, and logrotate if needed, here is my /etc/logrotate.d/puppet:

/var/log/puppet/*log {
missingok
create 0644 puppet puppet
compress
rotate 4

postrotate
[ -e /etc/init.d/puppetmaster ] && /etc/init.d/puppetmaster restart >/dev/null 2>&1 || true
[ -e /etc/init.d/puppet ] && /etc/init.d/puppet reload > /dev/null 2>&1 || true
endscript
}

Start puppetmasterd with «–mkusers» the first time to create the puppet-group and user:

puppetmasterd –mkusers

Puppet Dashboard

Now it’s time to install Puppet Dashboard. We’ll install this using Puppetlabs’ apt-repo. This will install Puppet Dashboard to /usr/share/puppet-dashboard.

Add puppetlabs’ apt-repo by adding the following lines to your /etc/apt/sources.list:

deb http://apt.puppetlabs.com/ubuntu lucid main
deb-src http://apt.puppetlabs.com/ubuntu lucid main

Fetch puppetlabs’ GPG-key and import it into apt:

gpg –recv-key 4BD6EC30
gpg -a –export 4BD6EC30 | sudo apt-key add –

Run apt-get update and install puppet-dashboard:

apt-get update
apt-get install puppet-dashboard

Create the database:

mysql -p
mysql > create database dashboard;
mysql > GRANT ALL PRIVILEGES ON dashboard.* to ‘dashboard’@’localhost’ IDENTIFIED BY ‘password’;

Edit /etc/puppet-dashboard/database.yml with the proper settings, i will assume that you want to use the production enviroment for the rest of this howto:

production:
database: dashboard
username: dashboard
password: password
encoding: utf8
adapter: mysql

Initialize the database:

rake RAILS_ENV=production db:migrate

Passenger

Now we’ve finished the basic setup of the Puppetmaster and Puppet Dashboard. Now it’s time to install passenger and make everything run through apache.

First of all, install passenger (it will also install dependencies such as apache):

apt-get install libapache2-mod-passenger

Enable SSL:

a2enmod ssl

Change the ownership of /etc/puppet/rack/config.ru to puppet:puppet:

chown puppet:puppet /etc/puppet/rack/config.ru

Copy /usr/share/puppet-dashboard/vendor/rails/railties/dispatches/config.ru to /usr/share/puppet-dashboard/config.ru and set the proper ownership:

cp /usr/share/puppet-dashboard/vendor/rails/railties/dispatches/config.ru /usr/share/puppet-dashboard/config.ru
chown www-data:www-data /usr/share/puppet-dashboard/config.ru

Deploy /etc/apache2/sites-enabled/puppetmaster with the following content (remember to edit hostname, tune as you see fit):

# You probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120
RackAutoDetect Off
RailsAutoDetect Off

Listen 8140


SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

SSLCertificateFile /etc/puppet/ssl/certs/puppet.domain.tld.pem
SSLCertificateKeyFile /etc/puppet/ssl/private_keys/puppet.domain.tld.pem
SSLCertificateChainFile /etc/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /etc/puppet/ssl/ca/ca_crt.pem
# If Apache complains about invalid signatures on the CRL, you can try disabl$
# CRL checking by commenting the next line, but this is not recommended.
SSLCARevocationFile /etc/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars

DocumentRoot /etc/puppet/rack/public/
RackBaseURI /

Options None
AllowOverride None
Order allow,deny
allow from all

Then deploy /etc/apache2/sites-enabled/puppet-dashboard with the following content:

# Dashboard configuration
Listen 3000


DocumentRoot /usr/share/puppet-dashboard/public/

# Use the production-enviroment:
SetEnv RAILS_ENV production
RackBaseURI /

Options None
AllowOverride AuthConfig
Order allow,deny
Allow from all

ServerSignature On
# Logs
ErrorLog /var/log/apache2/dashboard.domain.tld_error.log
LogLevel warn
CustomLog /var/log/apache2/dashboard.domain.tld_access.log combined

Then you just restart apache2, make sure it starts at boot and you should be good to go.

Puppet Dashboard should then be accessible via http://puppet.domain.tld:3000 while puppet should run properly on port 8140 (Test with a client).

UFW

I’ll also add a quick set of commands for securing the server, i’m using Ubuntu’s uncomplicated firewall, edit the rules to fit your IP-series, these rules will close down all ports on the server except port 22, 3000 and 8140 which will be open for specific ip-ranges:

ufw default deny
ufw allow from 192.168.0.0/24 to any port 22
ufw allow from 192.168.0.0/24 to any port 8140
ufw allow from 192.168.0.0/24 to any port 3000
ufw enable

This concludes this howto, i hope you will find it useful.

-Eivind

Tags: , ,

8 Responses to “How to install Puppet and Puppet Dashboard”

  1. Dave sier:

    The ruby back-end to puppet-dashboard also creates its own set of log files.

    These are in /usr/share/puppet-dashboard/log/ by default and automatically rotate when they reach 10MB. They’re quite verbose so even with a small set of servers I saw them rotating more than once per day.

    These logs are configured in /usr/share/puppet-dashboard/config/environment.rb

    There is also a logrotate config installed with the Ubuntu package which looks for these logs in /var/log/puppet-dashboard/*/*.log
    There’s a bug about this: http://projects.puppetlabs.com/issues/6866 which suggests the log directory should be a symlink.

    Apparently you can also log to syslog with «config.logger = SyslogLogger.new» but I haven’t tried this.

  2. Eivind sier:

    Thank you Dave, appreciate the extra information. 🙂

  3. Seren sier:

    The gpg syntax was slightly different when I tried it on Lucid. This is what worked for me:

    gpg –recv-keys 4BD6EC30
    gpg -a –export 4BD6EC30 | sudo apt-key add –

  4. low end vps sier:

    low end vps…

    […]How to install Puppet and Puppet Dashboard « Host1-bloggen[…]…

  5. ankit sier:

    can we use some other database other than mysql in puppet dashboard

  6. I am new to building websites and I was wanting to
    know if having your blog title related to your articles
    and other content really that important? I see your title,
    «How to install Puppet and Puppet Dashboard

  7. watchseries sier:

    From the comic genius of the late David Kelly in Waking Ned Devine
    to the brilliant soundtrack in The Commitments, we have put collectively our alternative of the top Irish movies
    that you’re going to want to add to your Netflix list.

  8. Pearl sier:

    What You’ll Want To Know About Online Advertising Classes

Leave a Reply