Master server setup

Add the Puppet repository and install the 'puppet-server' package:

# rpm -Uvh
# yum install puppet-server

Create the SSL certifications on the master:

# puppet master --verbose --no-daemonize

Set the name of the master server:

    dns_alt_names = master,
    server =

Install the necessary modules:

# puppet module install camptocamp-postfix
# puppet module install petems-swap_file
# puppet module install ssm-munin
# mkdir /etc/puppet/files/

 Add to the bottom of the 'fileserver.conf':

    path /etc/puppet/files
    allow *

Set the hostname, enable, start the 'puppet' and/or the 'puppetmaster':

# hostnamectl set-hostname
# puppet resource service puppetmaster ensure=running enable=true
# puppet resource service puppet ensure=running enable=true

Add 'site.pp':

import 'commons/*.pp'
import 'nodes/*.pp'

Add 'commons/firewalld.pp':

exec { "000 firewall open ssh port":
    command => "firewall-cmd --permanent --zone=public --add-service=ssh",
    path    => "/usr/bin/",

exec { "001 firewall open http port":
    command => "firewall-cmd --permanent --zone=public --add-service=http",
    path    => "/usr/bin/",
exec { "002 firewall open https port":
    command => "firewall-cmd --permanent --zone=public --add-service=https",
    path    => "/usr/bin/",

exec { "010 firewall open munin-node port":
    command => "firewall-cmd --permanent --zone=public --add-port=4949/tcp",
    path    => "/usr/bin/",

exec { "011 firewall open puppet port":
    command => "firewall-cmd --permanent --zone=public --add-port=8140/tcp",
    path    => "/usr/bin/",

exec { "999 firewall reload":
    command => "firewall-cmd --reload",
    path    => "/usr/bin/",

Add 'commons/munin-node.pp':

class { 'munin::node':
    allow => [ '', '::1', '', '2001:19f0:5000:8904:5400:ff:fe08:d42a' ],

munin::plugin { 'apache_accesses':
    ensure => link,
munin::plugin { 'apache_processes':
    ensure => link,
munin::plugin { 'apache_volume':
    ensure => link,
munin::plugin { 'cpu':
    ensure => link,
munin::plugin { 'df':
    ensure => link,
munin::plugin { 'df_inode':
    ensure => link,
munin::plugin { 'diskstats':
    ensure => link,
munin::plugin { 'entropy':
    ensure => link,
munin::plugin { 'forks':
    ensure => link,
munin::plugin { 'fw_conntrack':
    ensure => link,
munin::plugin { 'fw_forwarded_local':
    ensure => link,
munin::plugin { 'fw_packets':
    ensure => link,
munin::plugin { 'http_loadtime':
    ensure => link,
munin::plugin { 'if_err_eth0':
    ensure => link,
    target => 'if_err_',
munin::plugin { 'if_err_eth1':
    ensure => link,
    target => 'if_err_',
munin::plugin { 'if_eth0':
    ensure => link,
    target => 'if_',
munin::plugin { 'if_eth1':
    ensure => link,
    target => 'if_',
munin::plugin { 'interrupts':
    ensure => link,
munin::plugin { 'iostat':
    ensure => link,
munin::plugin { 'iostat_ios':
    ensure => link,
munin::plugin { 'irqstats':
    ensure => link,
munin::plugin { 'load':
    ensure => link,
munin::plugin { 'memory':
    ensure => link,
munin::plugin { 'munin_stats':
    ensure => link,
munin::plugin { 'munin_update':
    ensure => link,
munin::plugin { 'netstat':
    ensure => link,
munin::plugin { 'open_files':
    ensure => link,
munin::plugin { 'open_inodes':
    ensure => link,
munin::plugin { 'postfix_mailqueue':
    ensure => link,
munin::plugin { 'postfix_mailstats':
    ensure => link,
munin::plugin { 'postfix_mailvolume':
    ensure => link,
munin::plugin { 'processes':
    ensure => link,
munin::plugin { 'proc_pri':
    ensure => link,
munin::plugin { 'selinux_avcstat':
    ensure => link,
munin::plugin { 'swap':
    ensure => link,
munin::plugin { 'threads':
    ensure => link,
munin::plugin { 'uptime':
    ensure => link,
munin::plugin { 'users':
    ensure => link,
munin::plugin { 'vmstat':
    ensure => link,

Add 'commons/packages.pp':

package { 'bzip2':
    ensure => installed
package { 'etckeeper':
    ensure => installed
package { 'java-1.8.0-openjdk':
    ensure => installed
package { 'java-1.8.0-openjdk-devel':
    ensure => installed
package { 'mc':
    ensure => installed
package { 'net-tools':
    ensure => installed
package { 'rsync':
    ensure => installed
package { 'screen':
    ensure => installed
package { 'unzip':
    ensure => installed
package { 'wget':
    ensure => installed

Add 'commons/ssh-keys.pp':

file { '/root/.ssh':
    ensure => directory,
    path   => '/root/.ssh',
    owner  => 'root',
    group  => 'root',
    mode   => '0700',
file { '/root/.ssh/authorized_keys':
    ensure => file,
    owner  => 'root',
    group  => 'root',
    mode   => '0600',
    source => 'puppet:///files/authorized_keys',

Add 'nodes/info.gacivs.master.pp':

node '' {
    munin::master::node_definition { ';':
        address => ''
    munin::master::node_definition { ';':
        address => ''
    class { 'munin::master':
        html_strategy => 'cron',
        graph_strategy => 'cron'
    file { '/etc/munin/munin-htpasswd':
        ensure => file,
        owner  => 'root',
        group  => 'root',
        mode   => '0644',
        source => 'puppet:///files/munin-htpasswd',
    include munin::master

    package { 'httpd':
        ensure => installed
    package { 'mod_ssl':
        ensure => installed
    service { "httpd":
        enable => true,
        ensure => running

Test the configuration:

# puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for
Info: Applying configuration version '1430989052'
Notice: Finished catalog run in 42.09 seconds

OK! (smile)

Agent setup

Set the hostname:

# hostnamectl set-hostname

Install the 'puppet' to the node:

# rpm -Uvh
# yum install puppet

Set the name of the master server:

    server =

Check the agent's certification:

# puppet agent --test --waitforcert 60
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for
Info: Certificate Request fingerprint (SHA256): 94:1A:AF:41:DF:EB:BE:DC:40:58:76:24:4C:04:C8:DF:EC:5B:44:07:C5:8E:5E:A0:69:FE:ED:4A:6B:87:BD:40
Info: Caching certificate for
Info: Caching certificate_revocation_list for ca
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for
Info: Applying configuration version '1430933156'
Notice: Finished catalog run in 0.01 seconds
# puppet resource service puppet ensure=running enable=true

Accept the certification on the master:

# puppet cert --list
  "" (SHA256) 94:1A:AF:41:DF:EB:BE:DC:40:58:76:24:4C:04:C8:DF:EC:5B:44:07:C5:8E:5E:A0:69:FE:ED:4A:6B:87:BD:40
# puppet cert sign
Notice: Signed certificate request for
Notice: Removing file Puppet::SSL::CertificateRequest at '/var/lib/puppet/ssl/ca/requests/'

OK! (smile)
