Skip to content

Deploying Puppet scripts to a new server

Jump to bottom
Glen Horton edited this page Apr 26, 2018 · 23 revisions

After UCIT has created a new server, the following steps must be completed manually before deploying the Puppet scripts.

  1. Get the latest updates:
    sudo yum update

  2. Install packages needed by Puppet:
    sudo yum install openssl-devel zlib-devel gcc gcc-c++ git

  3. Install ruby:
    cd ~
    wget http://digital.libraries.uc.edu/puppet/scholar/ruby-2.4.1.tar.gz
    tar -xzf ruby-2.4.1.tar.gz
    cd ruby
    ./configure --prefix=/usr
    make
    sudo /usr/bin/make install
    ruby -v

  4. Install Puppet:
    cd ~
    sudo gem install puppet -v 4.5.3
    puppet --version

  5. Relax restrictions for using sudo:
    sudo chmod u+w /etc/sudoers
    sudo vim /etc/sudoers (comment out this line: Defaults requiretty)
    sudo chmod u-w /etc/sudoers

  6. Stop and disable the firewall service:
    sudo systemctl stop firewalld.service
    sudo systemctl disable firewalld.service

  7. Set SELinux to permissive mode
    sudo vim /etc/selinux/config
    Set SELINUX=permissive

  8. Add the server's hostname to the hosts files
    sudo vim /etc/hosts
    Add the server's hostname to end of both the ipv4 and ipv6 lines

  9. Configure Postfix
    sudo vim /etc/postfix/main.cf
    Set inet_protocols = ipv4 and save
    sudo systemctl start postfix.service

  10. If users with specific UIDs or GIDs are needed, manually create them
    These are typically the tomcat or scholar users
    sudo useradd -u 498 tomcat
    sudo groupadd -g 500 tomcat

  11. Reboot
    sudo reboot

Deploying Puppet scripts

  1. cd ~

  2. Clone the scholar-puppet-vagrant repo:
    git clone https://git.uc.edu/UCLIBS/scholar-puppet-vagrant.git
    cd scholar-puppet-vagrant
    git checkout scholar-3-update

  3. Try a test deploy (this won't make any actual changes):

sudo puppet apply --modulepath=/home/hortongn/scholar-puppet-vagrant/modules --verbose --debug --noop /home/hortongn/scholar-puppet-vagrant/environments/test/manifests/default.pp
  1. If there are no errors, run the command again without the --noop option:
sudo puppet apply --modulepath=/home/hortongn/scholar-puppet-vagrant/modules --verbose --debug /home/hortongn/scholar-puppet-vagrant/environments/test/manifests/default.pp

After Puppet deploy

  • Configure Shibboleth

    • create /etc/httpd/conf.d/shib.conf
      • Contents: LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_24.so
    • Copy shibboleth2.xml and attribute-map.xml from old server to /etc/shibboleth
    • Copy sp-cert.pem and sp-key.pem from old server to /etc/shibboleth
    • Add the <Location /Shibboleth.sso> and <Location /users/auth/shibboleth/callback> sections to the /etc/httpd/conf.d/25-* files
    • sudo systemctl enable shibd.service

  • Customize the amount of RAM Solr uses (set SOLR_JAVA_MEM in /etc/default/solr.in.sh)

  • Set services to start at boot (if not already configured)

    • Fedora
    • Shibboleth
    • Solr
    • Redis
    • Apache

  • Configure Fedora logging location

  • Set up cron jobs

After Puppet UCIT changes

  • Enable monthly reboots and RedHat patches

  • Enable alerts for low disk space

  • Allow login for our department and UCIT staff

  • Delete any unneeded VM snapshots

  • Remove any older servers

Scholar 2.X docs

Clone this wiki locally