So perhaps less than a ‘blog post’ this is more of a bash code-dump from my Veewee definition + postinstall.sh for this deployment. For anyone who needs a quick stack (especially if you are still on older releases of CentOS/Puppet or otherwise) take a run through this and see if you don’t have something useful pretty quickly! I recommend keeping tabs on my Veewee definitions on Github for updates to this or new ones.

If nothing else, hopefully someone finds this useful to fix a bug they may have been having in their own deployment. Note that I’ve taken out some Veewee/Vagrant/Virtual Box specific pieces of the original postinstall.sh. Cheers.

原文出处:http://www.uncompiled.com/centos-6-puppet-27-mcollective-foreman-rabbit

 
  
  1. # Configuration Parameters 
  2. MYSQL_PASSWORD="puppetized" 
  3. RABBIT_USER="mcollective" 
  4. RABBIT_PASSWORD="rabbitMCrabbit" 
  5. MCOLLECTIVE_PSK="mcollectivePSKmcollective" 
  6. FOREMAN_EMAIL="root@test.local" 
  7. DOMAIN="test.local" 
  8.  
  9. # Initial CentOS system clean-up + upgrades 
  10. yum -y erase wireless-tools gtk2 libX11 hicolor-icon-theme avahi freetype bitstream-vera-fonts 
  11. yum -y upgrade 
  12. yum -y clean all 
  13.  
  14. # Configure hostname 
  15. echo -e "127.0.0.1 puppet.${DOMAIN} puppet foreman.${DOMAIN} foreman localhost" > /etc/hosts 
  16. echo -e "NETWORKING=yes\nHOSTNAME=puppet.${DOMAIN}" > /etc/sysconfig/network 
  17. hostname puppet.${DOMAIN} 
  18.  
  19. # Puppet Labs repository 
  20. cat > /etc/yum.repos.d/puppetlabs.repo < < "EOF" 
  21. [puppetlabs] 
  22. name=Puppet Labs Packages 
  23. baseurl=http://yum.puppetlabs.com/ 
  24. gpgcheck=0 
  25. enabled=1 
  26. EOF 
  27.  
  28. # Foreman repository 
  29. cat > /etc/yum.repos.d/foreman.repo < < "EOF" 
  30. [foreman] 
  31. name=Foreman Repo 
  32. baseurl=http://yum.theforeman.org/stable 
  33. gpgcheck=0 
  34. enabled=1 
  35. EOF 
  36.  
  37. # Installation of majority of stack packages 
  38. yum -y install rubygems ruby-devel rubygem-stomp 
  39. yum -y install httpd httpd-devel mod_ssl 
  40. yum -y install mysql mysql-server mysql-devel 
  41. yum -y install libcurl-devel openssl-devel openssl098e tcl tk unixODBC unixODBC-devel augeas 
  42.  
  43. rpm -ivh http://download.fedora.redhat.com/pub/epel/6/x86_64/rubygem-rest-client-1.6.1-2.el6.noarch.rpm 
  44. rpm -ivh http://download.fedora.redhat.com/pub/epel/6/x86_64/rubygem-json-1.4.3-3.el6.x86_64.rpm 
  45. rpm -ivh http://download.fedora.redhat.com/pub/epel/6/x86_64/rubygem-mime-types-1.16-3.el6.noarch.rpm 
  46.  
  47. # Installation of stack gems 
  48. gem install --no-rdoc --no-ri puppet passenger rack mysql net-ping 
  49. gem install --no-rdoc --no-ri -v 3.0.10 rails activerecord 
  50.  
  51. # Deploy required Puppet user, files, and directories 
  52. adduser puppet 
  53.  
  54. mkdir -p /etc/puppet/{manifests,modules} 
  55. mkdir -p /usr/share/puppet/rack/puppetmasterd/{public,tmp} 
  56.  
  57. mkdir -p /var/lib/puppet/{bucket,yaml,rrd,server_data,reports} 
  58. chown puppet:puppet /var/lib/puppet/{bucket,yaml,rrd,server_data,reports} 
  59.  
  60. cp /usr/lib/ruby/gems/1.8/gems/puppet-2.7.3/ext/rack/files/config.ru /usr/share/puppet/rack/puppetmasterd/config.ru 
  61. chown puppet:puppet /usr/share/puppet/rack/puppetmasterd/config.ru 
  62.  
  63. # Install Foreman 
  64. rpm -ivh http://yum.theforeman.org/stable/RPMS/foreman-0.3-1.noarch.rpm --nodeps 
  65.  
  66. # mCollective & Plugins 
  67. yum -y install mcollective mcollective-common mcollective-client 
  68.  
  69. cd /usr/libexec/mcollective/mcollective/application 
  70. for i in filemgr nettest package puppetd service; do 
  71. wget https://raw.github.com/puppetlabs/mcollective-plugins/master/agent/$i/application/$i.rb 
  72. done 
  73. wget https://raw.github.com/phobos182/mcollective-plugins/master/agent/etcfacts/application/etcfacts.rb 
  74. wget https://raw.github.com/phobos182/mcollective-plugins/master/agent/shellcmd/application/shellcmd.rb 
  75. wget https://raw.github.com/phobos182/mcollective-plugins/master/agent/yum/application/yum.rb 
  76.  
  77. cd /usr/libexec/mcollective/mcollective/agent 
  78. for i in nettest filemgr puppetd puppetral puppetca; do 
  79. wget https://raw.github.com/puppetlabs/mcollective-plugins/master/agent/$i/agent/$i.rb 
  80. wget https://raw.github.com/puppetlabs/mcollective-plugins/master/agent/$i/agent/$i.ddl 
  81. done 
  82.  
  83. wget -O package.rb https://raw.github.com/puppetlabs/mcollective-plugins/master/agent/package/agent/puppet-package.rb 
  84. wget https://raw.github.com/puppetlabs/mcollective-plugins/master/agent/package/agent/package.ddl 
  85. wget -O service.rb https://raw.github.com/puppetlabs/mcollective-plugins/master/agent/service/agent/puppet-service.rb 
  86. wget https://raw.github.com/puppetlabs/mcollective-plugins/master/agent/service/agent/service.ddl 
  87. wget https://raw.github.com/phobos182/mcollective-plugins/master/agent/etcfacts/etc_facts.rb 
  88. wget https://raw.github.com/phobos182/mcollective-plugins/master/agent/etcfacts/etc_facts.ddl 
  89. wget https://raw.github.com/phobos182/mcollective-plugins/master/agent/shellcmd/shellcmd.rb 
  90. wget https://raw.github.com/phobos182/mcollective-plugins/master/agent/shellcmd/shellcmd.ddl 
  91. wget https://raw.github.com/phobos182/mcollective-plugins/master/agent/yum/yum.rb 
  92. wget https://raw.github.com/phobos182/mcollective-plugins/master/agent/yum/yum.ddl 
  93.  
  94. cd /usr/libexec/mcollective/mcollective/facts/ 
  95. wget https://raw.github.com/puppetlabs/mcollective-plugins/master/facts/facter/facter_facts.rb 
  96.  
  97. # Fix ODBC requirement for Erlang 
  98. ln -s /usr/lib64/libodbc.so.2 /usr/lib64/libodbc.so.1 
  99.  
  100. # Install Erlang 
  101. rpm -ivh http://yum.puppetlabs.com/prosvc/5/x86_64/erlang-R12B-5.10.el5.x86_64.rpm --nodeps 
  102.  
  103. # Install RabbitMQ & Plugins 
  104. rpm -ivh http://www.rabbitmq.com/releases/rabbitmq-server/v2.5.1/rabbitmq-server-2.5.1-1.noarch.rpm 
  105.  
  106. cd /usr/lib/rabbitmq/lib/rabbitmq_server-2.5.1/plugins 
  107. wget http://www.rabbitmq.com/releases/plugins/v2.5.1/amqp_client-2.5.1.ez 
  108. wget http://www.rabbitmq.com/releases/plugins/v2.5.1/rabbitmq_stomp-2.5.1.ez 
  109.  
  110. chkconfig rabbitmq-server on 
  111. service rabbitmq-server start 
  112.  
  113. # Configure RabbitMQ user/privileges 
  114. rabbitmqctl add_user ${RABBIT_USER} ${RABBIT_PASSWORD} 
  115. rabbitmqctl set_permissions ${RABBIT_USER} ".*" ".*" ".*" 
  116. rabbitmqctl delete_user guest 
  117.  
  118. # Install Apache Passenger module 
  119. passenger-install-apache2-module -a 
  120.  
  121. # Configuration files for mCollective 
  122. cat > /etc/mcollective/server.cfg < < "EOF" 
  123. topicprefix = /topic/ 
  124. main_collective = mcollective 
  125. collectives = mcollective 
  126. libdir = /usr/libexec/mcollective 
  127. logfile = /var/log/mcollective.log 
  128. loglevel = info 
  129. daemonize = 1 
  130.  
  131. securityprovider = psk 
  132. plugin.psk = MCOLLECTIVE_PSK_PH 
  133.  
  134. connector = stomp 
  135. plugin.stomp.host = localhost 
  136. plugin.stomp.port = 61613 
  137. plugin.stomp.user = RABBIT_USER_PH 
  138. plugin.stomp.password = RABBIT_PASSWORD_PH 
  139.  
  140. factsource = facter 
  141. EOF 
  142.  
  143. cat > /etc/mcollective/client.cfg < < "EOF" 
  144. topicprefix = /topic/ 
  145. main_collective = mcollective 
  146. collectives = mcollective 
  147. libdir = /usr/libexec/mcollective 
  148. logfile = /dev/null 
  149. loglevel = info 
  150.  
  151. securityprovider = psk 
  152. plugin.psk = MCOLLECTIVE_PSK_PH 
  153.  
  154. connector = stomp 
  155. plugin.stomp.host = localhost 
  156. plugin.stomp.port = 61613 
  157. plugin.stomp.user = RABBIT_USER_PH 
  158. plugin.stomp.password = RABBIT_PASSWORD_PH 
  159.  
  160. factsource = facter 
  161. EOF 
  162.  
  163. # Configure MySQL 
  164. chkconfig mysqld on && service mysqld start 
  165. mysql -u root -e "CREATE DATABASE puppet;" 
  166. mysql -u root -e "GRANT ALL PRIVILEGES ON puppet.* TO puppet@localhost IDENTIFIED BY '${MYSQL_PASSWORD}';" 
  167.  
  168. # Puppet configuration 
  169. cat > /etc/puppet/puppet.conf < < "EOF" 
  170. [main] 
  171. logdir = /var/log/puppet 
  172. rundir = /var/run/puppet 
  173. ssldir = $vardir/ssl 
  174. factpath = $vardir/lib/facter 
  175. templatedir = $confdir/templates 
  176. pluginsync = true 
  177. classfile = $vardir/classes.txt 
  178. localconfig = $vardir/localconfig 
  179. reportdir = /var/lib/puppet/reports 
  180.  
  181. [agent] 
  182. report = true 
  183. ignorecache = true 
  184.  
  185. [master] 
  186. reports = http,store,log,foreman 
  187. ssl_client_header = SSL_CLIENT_S_DN 
  188. ssl_client_verify_header = SSL_CLIENT_VERIFY 
  189. storeconfigs = true 
  190. dbadapter = mysql 
  191. dbuser = puppet 
  192. dbpassword = MYSQL_PASSWORD_PH 
  193. dbname = puppet 
  194. dbserver = localhost 
  195. dbsocket = /var/lib/mysql/mysql.sock 
  196. EOF 
  197.  
  198. # Foreman configuration files 
  199. cat > /usr/share/foreman/config/database.yml < < "EOF" 
  200. production: 
  201. adapter: mysql 
  202. database: puppet 
  203. username: puppet 
  204. password: MYSQL_PASSWORD_PH 
  205. host: localhost 
  206. socket: "/var/lib/mysql/mysql.sock" 
  207. EOF 
  208.  
  209. cat > /usr/share/foreman/config/settings.yaml < < "EOF" 
  210. --- 
  211. :modulepath: /etc/puppet/modules/ 
  212. :tftppath: tftp/ 
  213. :ldap: false 
  214. :puppet_server: puppet 
  215. :unattended: false 
  216. :puppet_interval: 30 
  217. :document_root: /usr/share/foreman/public 
  218. :administrator: FOREMAN_EMAIL_PH 
  219. :foreman_url: foreman.DOMAIN_PH 
  220. EOF 
  221.  
  222. cat > /usr/share/foreman/config/email.yaml < < "EOF" 
  223. production: 
  224. delivery_method: :smtp 
  225. smtp_settings: 
  226. address: localhost 
  227. port: 25 
  228. domain: DOMAIN_PH 
  229. authentication: :none 
  230. EOF 
  231.  
  232. # Foreman report for Puppet 
  233. cat > /usr/lib/ruby/gems/1.8/gems/puppet-2.7.3/lib/puppet/reports/foreman.rb < < "EOF" 
  234. $foreman_url="https://foreman.DOMAIN_PH:443" 
  235.  
  236. require 'puppet' 
  237. require 'net/http' 
  238. require 'uri' 
  239.  
  240. Puppet::Reports.register_report(:foreman) do 
  241. Puppet.settings.use(:reporting) 
  242. desc "Sends reports directly to Foreman" 
  243.  
  244. def process 
  245. begin 
  246. uri = URI.parse($foreman_url) 
  247. http = Net::HTTP.new(uri.host, uri.port) 
  248. if uri.scheme == 'https' then 
  249. http.use_ssl = true 
  250. http.verify_mode = OpenSSL::SSL::VERIFY_NONE 
  251. end 
  252. req = Net::HTTP::Post.new("/reports/create?format=yml") 
  253. req.set_form_data({'report' => to_yaml}) 
  254. response = http.request(req) 
  255. rescue Exception => e 
  256. raise Puppet::Error, "Could not send report to Foreman at #{$foreman_url}/reports/create?format=yml: #{e}" 
  257. end 
  258. end 
  259. end 
  260. EOF 
  261.  
  262. # Apache configuration files 
  263. cat > /etc/httpd/conf.d/puppet.conf < < "EOF" 
  264. Listen 8140 
  265.  
  266. SSLEngine on 
  267. SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA 
  268. SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.DOMAIN_PH.pem 
  269. SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.DOMAIN_PH.pem 
  270. SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem 
  271. SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem 
  272. SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem 
  273. SSLVerifyClient optional 
  274. SSLVerifyDepth 1 
  275. SSLOptions +StdEnvVars 
  276.  
  277. RackAutoDetect On 
  278. DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/ 
  279.  
  280. Options None 
  281. AllowOverride None 
  282. Order allow,deny 
  283. allow from all 
  284.  
  285. EOF 
  286.  
  287. cat > /etc/httpd/conf.d/passenger.conf < < "EOF" 
  288. LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-3.0.8/ext/apache2/mod_passenger.so 
  289. PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.8 
  290. PassengerRuby /usr/bin/ruby 
  291. EOF 
  292.  
  293. cat > /etc/httpd/conf.d/foreman.conf < < "EOF" 
  294. Listen 443 
  295. NameVirtualHost *:443 
  296. LoadModule ssl_module modules/mod_ssl.so 
  297. AddType application/x-x509-ca-cert .crt 
  298. AddType application/x-pkcs7-crl .crl 
  299.  
  300.  
  301. ServerName foreman.DOMAIN_PH 
  302.  
  303. RailsAutoDetect On 
  304. DocumentRoot /usr/share/foreman/public 
  305.  
  306.  
  307. Options FollowSymLinks 
  308. DirectoryIndex index.html 
  309. AllowOverride None 
  310. Order allow,deny 
  311. allow from all 
  312.  
  313. SSLEngine On 
  314. SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.DOMAIN_PH.pem 
  315. SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.DOMAIN_PH.pem 
  316.  
  317. EOF 
  318.  
  319. # Remove stock Apache configuration files 
  320. rm -f /etc/httpd/conf.d/ssl.conf 
  321. rm -f /etc/httpd/conf.d/welcome.conf 
  322.  
  323. # IPTables configuration 
  324. cat > /etc/sysconfig/iptables < < "EOF" 
  325. # Firewall configuration written by system-config-firewall 
  326. # Manual customization of this file is not recommended. 
  327. *filter 
  328. :INPUT ACCEPT [0:0] 
  329. :FORWARD ACCEPT [0:0] 
  330. :OUTPUT ACCEPT [0:0] 
  331. -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 
  332. -A INPUT -p icmp -j ACCEPT 
  333. -A INPUT -i lo -j ACCEPT 
  334. -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT 
  335. -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT 
  336. -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT 
  337. -A INPUT -m state --state NEW -m tcp -p tcp --dport 8140 -j ACCEPT 
  338. -A INPUT -m state --state NEW -m tcp -p tcp --dport 61613 -j ACCEPT 
  339. -A INPUT -j REJECT --reject-with icmp-host-prohibited 
  340. -A FORWARD -j REJECT --reject-with icmp-host-prohibited 
  341. COMMIT 
  342. EOF 
  343.  
  344. # Enable IPTables ruleset 
  345. service iptables restart 
  346.  
  347. # Replace placeholder values for configuration 
  348. sed -i "s/MYSQL_PASSWORD_PH/${MYSQL_PASSWORD}/g" /etc/puppet/puppet.conf /usr/share/foreman/config/database.yml 
  349. sed -i "s/MCOLLECTIVE_PSK_PH/${MCOLLECTIVE_PSK}/g" /etc/mcollective/server.cfg /etc/mcollective/client.cfg 
  350. sed -i "s/RABBIT_USER_PH/${RABBIT_USER}/g" /etc/mcollective/server.cfg /etc/mcollective/client.cfg 
  351. sed -i "s/RABBIT_PASSWORD_PH/${RABBIT_PASSWORD}/g" /etc/mcollective/server.cfg /etc/mcollective/client.cfg 
  352. sed -i "s/FOREMAN_EMAIL_PH/${FOREMAN_EMAIL}/g" /usr/share/foreman/config/settings.yaml 
  353. sed -i "s/DOMAIN_PH/${DOMAIN}/g" /etc/httpd/conf.d/puppet.conf 
  354. sed -i "s/DOMAIN_PH/${DOMAIN}/g" /etc/httpd/conf.d/foreman.conf 
  355. sed -i "s/DOMAIN_PH/${DOMAIN}/g" /usr/lib/ruby/gems/1.8/gems/puppet-2.7.3/lib/puppet/reports/foreman.rb 
  356. sed -i "s/DOMAIN_PH/${DOMAIN}/g" /usr/share/foreman/config/email.yaml 
  357. sed -i "s/DOMAIN_PH/${DOMAIN}/g"/usr/share/foreman/config/settings.yaml 
  358.  
  359. # Set Foreman symlinks 
  360. ln -sf /usr/share/foreman/config/database.yml /etc/foreman/database.yml 
  361. ln -sf /usr/share/foreman/config/settings.yaml /etc/foreman/settings.yaml 
  362. ln -sf /usr/share/foreman/config/email.yaml /etc/foreman/email.yaml 
  363.  
  364. # Enable mCollective 
  365. chkconfig mcollective on 
  366. service mcollective start 
  367.  
  368. # Generate Puppet master CA 
  369. puppet cert --generate puppet.${DOMAIN} 
  370.  
  371. # Enable Apache 
  372. chkconfig httpd on 
  373. service httpd start 
  374.  
  375. # Rake Foreman 
  376. cd /usr/share/foreman 
  377. RAILS_ENV=production rake db:migrate 
  378.  
  379. # Execute Puppet agent 
  380. puppet agent -t 
  381.  
  382. # Finished 
  383. exit 
  384.