Archive for november, 2010

Host1 tilbyr nå FreeBSD på VPS!

tirsdag, november 30th, 2010

Vi kan nå tilby FreeBSD på våre VPS’er. Vi har alt lagt til FreeBSD 8.1 som et alternativ i bestillingsskjemaet.

Såvidt vi vet er vi en av veldig få leverandører i Norge som tilbyr FreeBSD på sine VPS’er, og vi håper selvsagt på god respons på dette.

Bestill din VPS med FreeBSD her.

How to install Puppet and Puppet Dashboard

fredag, november 12th, 2010

I’ve been using a lot of time on puppet lately. I had to setup a Puppetmaster with Puppet Dashboard, all running on passenger. I didn’t find any good howtos on the subject, so i’ll write one myself. Here is a step by step guide for how to setup a puppetmaster-server with puppet dashboard on a Ubuntu Server. I’m using the latest version of puppet from gems (2.6.2) instead of the one that ships with ubuntu (0.25.4). I’m also using mysql for the databases.

Puppetmaster:

First of all install rubygems and libmysql:

apt-get install rubygems1.8 libopenssl-ruby1.8 mysql-server libmysql-ruby

Create the database:

mysql> create database puppet;
mysql> grant all privileges on puppet.* to puppet@localhost identified by ‘password’;

Install puppet:

gem install rubygems-update
/var/lib/gems/1.8/bin/update_rubygems
gem install puppet activerecord

Deploy /etc/puppet/puppet.conf with the following content (adapt for your needs, see the comments):

[main]
# Basic config:
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/etc/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
pluginsync=false
templatedir=$confdir/templates

#Puppetmaster-config:
[master]
storeconfigs = true
# MySQL-configuration:
dbadapter = mysql
dbuser = puppet
dbpassword = password
dbserver = localhost
dbsocket = /var/run/mysqld/mysqld.sock
# SSL-config:
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
# Reports to puppet-dashboard for each run:
reports = http, store
reporturl = http://localhost:3000/reports

# Puppet client config enables reporting from the client
# This HAS to be enabled on ALL clients you want reports from
[agent]
report = true

You should also deploy init-scripts for puppet (not puppetmaster, it will run through apache) if needed, and logrotate if needed, here is my /etc/logrotate.d/puppet:

/var/log/puppet/*log {
missingok
create 0644 puppet puppet
compress
rotate 4

postrotate
[ -e /etc/init.d/puppetmaster ] && /etc/init.d/puppetmaster restart >/dev/null 2>&1 || true
[ -e /etc/init.d/puppet ] && /etc/init.d/puppet reload > /dev/null 2>&1 || true
endscript
}

Start puppetmasterd with «–mkusers» the first time to create the puppet-group and user:

puppetmasterd –mkusers

Puppet Dashboard

Now it’s time to install Puppet Dashboard. We’ll install this using Puppetlabs’ apt-repo. This will install Puppet Dashboard to /usr/share/puppet-dashboard.

Add puppetlabs’ apt-repo by adding the following lines to your /etc/apt/sources.list:

deb http://apt.puppetlabs.com/ubuntu lucid main
deb-src http://apt.puppetlabs.com/ubuntu lucid main

Fetch puppetlabs’ GPG-key and import it into apt:

gpg –recv-key 4BD6EC30
gpg -a –export 4BD6EC30 | sudo apt-key add –

Run apt-get update and install puppet-dashboard:

apt-get update
apt-get install puppet-dashboard

Create the database:

mysql -p
mysql > create database dashboard;
mysql > GRANT ALL PRIVILEGES ON dashboard.* to ‘dashboard’@’localhost’ IDENTIFIED BY ‘password’;

Edit /etc/puppet-dashboard/database.yml with the proper settings, i will assume that you want to use the production enviroment for the rest of this howto:

production:
database: dashboard
username: dashboard
password: password
encoding: utf8
adapter: mysql

Initialize the database:

rake RAILS_ENV=production db:migrate

Passenger

Now we’ve finished the basic setup of the Puppetmaster and Puppet Dashboard. Now it’s time to install passenger and make everything run through apache.

First of all, install passenger (it will also install dependencies such as apache):

apt-get install libapache2-mod-passenger

Enable SSL:

a2enmod ssl

Change the ownership of /etc/puppet/rack/config.ru to puppet:puppet:

chown puppet:puppet /etc/puppet/rack/config.ru

Copy /usr/share/puppet-dashboard/vendor/rails/railties/dispatches/config.ru to /usr/share/puppet-dashboard/config.ru and set the proper ownership:

cp /usr/share/puppet-dashboard/vendor/rails/railties/dispatches/config.ru /usr/share/puppet-dashboard/config.ru
chown www-data:www-data /usr/share/puppet-dashboard/config.ru

Deploy /etc/apache2/sites-enabled/puppetmaster with the following content (remember to edit hostname, tune as you see fit):

# You probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120
RackAutoDetect Off
RailsAutoDetect Off

Listen 8140


SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

SSLCertificateFile /etc/puppet/ssl/certs/puppet.domain.tld.pem
SSLCertificateKeyFile /etc/puppet/ssl/private_keys/puppet.domain.tld.pem
SSLCertificateChainFile /etc/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /etc/puppet/ssl/ca/ca_crt.pem
# If Apache complains about invalid signatures on the CRL, you can try disabl$
# CRL checking by commenting the next line, but this is not recommended.
SSLCARevocationFile /etc/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars

DocumentRoot /etc/puppet/rack/public/
RackBaseURI /

Options None
AllowOverride None
Order allow,deny
allow from all

Then deploy /etc/apache2/sites-enabled/puppet-dashboard with the following content:

# Dashboard configuration
Listen 3000


DocumentRoot /usr/share/puppet-dashboard/public/

# Use the production-enviroment:
SetEnv RAILS_ENV production
RackBaseURI /

Options None
AllowOverride AuthConfig
Order allow,deny
Allow from all

ServerSignature On
# Logs
ErrorLog /var/log/apache2/dashboard.domain.tld_error.log
LogLevel warn
CustomLog /var/log/apache2/dashboard.domain.tld_access.log combined

Then you just restart apache2, make sure it starts at boot and you should be good to go.

Puppet Dashboard should then be accessible via http://puppet.domain.tld:3000 while puppet should run properly on port 8140 (Test with a client).

UFW

I’ll also add a quick set of commands for securing the server, i’m using Ubuntu’s uncomplicated firewall, edit the rules to fit your IP-series, these rules will close down all ports on the server except port 22, 3000 and 8140 which will be open for specific ip-ranges:

ufw default deny
ufw allow from 192.168.0.0/24 to any port 22
ufw allow from 192.168.0.0/24 to any port 8140
ufw allow from 192.168.0.0/24 to any port 3000
ufw enable

This concludes this howto, i hope you will find it useful.

-Eivind

Juju-framework

fredag, november 5th, 2010

En av våre kunder har nettopp releaset et lite minimalistisk PHP-rammeverk som kan være verdt å ta en titt på.

Dette kan hentes på github: https://github.com/bond/juju-framework

Eksempler på bruk:

Bond Consulting