GraphPing Installation on Debian 9

GraphPing Installation

You can reach the following link of the Source code of graphping; 

https://github.com/jaxxstorm/graphping

System upgrade
$sudo apt-get -y upgrade
$sudo apt-get -y install git curl

Nodejs Installation
$curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
$sudo apt-get update
$sudo apt-get install -y build-essential libssl-dev nodejs
$sudo npm install nodeunit

Graphping clone
$git clone https://github.com/jaxxstorm/graphping.git

Go installation
$wget https://dl.google.com/go/go1.10.1.linux-amd64.tar.gz
$sudo tar -xvfz go1.10.1.linux-amd64.tar.gz
$sudo mv go /usr/local
$export GOROOT=/usr/local/go
$export GOPATH=$HOME/graphping
$export PATH=$GOPATH/bin:$GOPATH/bin:$PATH

Check the Go version and env
$go version
$go env

Glide installation
$mkdir -p graphping/bin
$mkdir -p graphping/src
$cd graphping
$curl https://glide.sh/get | sh

Build and installing the graphping
$cd graphping
$go build main
If you get to any packet missing error you can get download like following commands
$go get github.com/Sirupsen/logrus
$go get github.com/cactus/go-statsd-client/statsd
$go get github.com/jaxxstorm/graphping/config
$go get github.com/jaxxstorm/graphping/ping
$go get gopkg.in/urfave/cli.v1
$sudo ln -s /home/arm/graphping/main /usr/local/bin/graphping
$graphping -h

$sudo nano /etc/systemd/system/graphping.service
[Unit]
After = network.target
[Service]
ExecStart = /usr/local/bin/graphping -c /home/arm/graphping/examples/example.json -s 127.0.0.1:8125
[Install]
WantedBy = multi-user.target
$sudo systemctl enable graphping.service


Statsd Installation
$sudo adduser statsd
$sudo git clone https://github.com/etsy/statsd.git
$sudo mkdir -p /etc/statsd
$sudo cp statsd/exampleConfig.js /etc/statsd/config.js
$sudo nano /etc/systemd/statsd.service
[Service]
ExecStart=/usr/bin/node /opt/statsd/stats.js /etc/statsd/config.js
Restart=always
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=statsd
User=statsd
Group=statsd
Environment=NODE_ENV=production</code>
[Install]
WantedBy=multi-user.target


$sudo nano /etc/statsd/config.js
{
influxdb: {
version: 0.9, // !!! we installed 0.9
host: '127.0.0.1', // InfluxDB host. (default 127.0.0.1)
port: 8086, // InfluxDB port. (default 8086)
database: 'graphping', // InfluxDB database instance. (required)
username: 'demo', // InfluxDB database username. (required)
password: 'demo', // InfluxDB database password. (required)
flush: {
enable: true // Enable regular flush strategy. (default true)
},
//proxy: {
//enable: false, // Enable the proxy strategy. (default false)
//suffix: 'raw', // Metric name suffix. (default 'raw')
//flushInterval: 1000 // Flush interval for the internal buffer.
// (default 1000)
//} packets should be "repeated" (duplicated to)..d process starts ['up' or 'down', default: 'up']
},
port: 8125, // StatsD port.
backends: ['./backends/console', 'statsd-influxdb-backend'],
debug: false,
legacyNamespace: false
}

$sudo systemctl enable statsd.service
$sudo systemctl start statsd.service
$sudo systemctl status statsd.service
$sudo journcalctl -f -u statsd
$ npm install statsd-influxdb-backend -d


Influxdb Installation
By the way statsd is only support version of 0.9 yet
$wget https://s3.amazonaws.com/influxdb/influxdb_0.9.5.1_amd64.deb
$sudo dpkg -i influxdb_0.9.5.1_amd64.deb
$sudo systemctl start influxdb.service
You have to create a database and user for connect to influxdb via statsd
You can reach via http://ip-of-the-influxdb::8083
Test the graphping following command
$sudo graphping -c graphping/examples/example.json -s 127.0.0.1:8125

Check the measurements via web ui of influxdb.
It has to be like the image.

Start the graphping
$sudo systemctl start graphping.service

Grafana Installation
$sudo nano /etc/apt/sources.list
deb https://packagecloud.io/grafana/stable/debian/ stretch main
$curl https://packagecloud.io/gpg.key | sudo apt-key add -
$sudo apt-get update
$sudo apt-get install grafana
$sudo systemctl enable grafana-server
$sudo systemctl start grafana-server
You can reach via http://ip-of-the-grafana:3000

PowerDNS Amazon Linux Installation

Standalone PowerDns & Poweradmin sqlite Installation notes;

Repository Configuration for Amazon Linux;

$ sudo curl -o /etc/yum.repos.d/powerdns-auth-40.repo https://repo.powerdns.com/repo-files/centos-auth-40.repo

$ sudo curl -o /etc/yum.repos.d/powerdns-rec-40.repo https://repo.powerdns.com/repo-files/centos-rec-40.repo

$ sudo vi /etc/yum.repos.d/powerdns-auth-40.repo

#baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/auth-40

Replace  above to bottom url

baseurl=https://repo.powerdns.com/centos/x86_64/6Server/auth-40/

$ sudo vi /etc/yum.repos.d/powerdns-rec-40.repo

#baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/rec-40

Replace  above to bottom url

baseurl=https://repo.powerdns.com/centos/x86_64/6Server/rec-40/

$sudo yum update

PowerDns Installation for Amazon Linux;

$sudo yum install pdns pdns-recursor pdns-tools pdns-backend-sqlite

$sudo mv /etc/pdns/pdns.conf /etc/pdns/pdns.conf.orig

$sudo mv /etc/pdns-recursor/recursor.conf /etc/pdns-recursor/recursor.conf.orig

$sudo vi /etc/pdns/pdns.conf

launch=gsqlite3

gsqlite3-database=/etc/pdns/pdns.sqlite3

allow-axfr-ips=0.0.0.0/0

disable-axfr=no

allow-recursion=0.0.0.0/0

recursor=127.0.0.1:5353

local-address=0.0.0.0

local-port=53

$sudo vi /etc/pdns-recursor/recursor.conf

local-address=127.0.0.1

local-port=5353

allow-from=0.0.0.0/0

$sudo sqlite3 /etc/pdns/pdns.sqlite3 < /usr/share/doc/pdns/schema.sqlite3.sql

$sudo chmod 0777 /etc/pdns/

$sudo chmod 0666 /etc/pdns/pdns.sqlite3

$sudo service pdns start

$sudo service pdns-recursor start

PowerAdmin Installation for Amazon Linux;

$sudo yum install httpd php php-pdo php-mcrypt

$wget https://netix.dl.sourceforge.net/project/poweradmin/poweradmin-2.1.7.tgz

$ tar xvfz poweradmin-2.1.7.tgz

$sudo mv poweradmin-2.1.7 /var/www/html/poweradmin

$sudo chown -R apache:apache /var/www/html/poweradmin/

$sudo service httpd start

Installation will complete via web browser

http://YOUR-IP-ADRR/poweradmin/install

Add to startup configuration;

$sudo chkconfig pdns on

$sudo chkconfig pdns-recursor on

$sudo chkconfig httpd on

$sudo chkconfig --list

How to create a SSL with Letsencrypt

Letsencrypt for Nginx

Your web server ports (443,80) must be open the public;

user@webserver:~$ git clone https://github.com/letsencrypt/letsencrypt
user@webserver:~$ cd letsencrypt
user@webserver:~/letsencrypt$ ./letsencrypt-auto --help

user@webserver:$./letsencrypt-auto certonly --standalone --agree-tos --redirect --duplicate --text --email your@mailaddress -d yourdomain.com

Open Nginx config file;

server {

listen 443 ssl;

    ssl_certificate         /etc/letsencrypt/live/helloworld.letsencrypt.org/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/helloworld.letsencrypt.org/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/helloworld.letsencrypt.org/fullchain.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;

ssl_dhparam /etc/nginx/dhparam.pem;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

ssl_prefer_server_ciphers on;

add_header Strict-Transport-Security max-age=15768000;

ssl_stapling on; ssl_stapling_verify on;

}

For more information ;

https://github.com/letsencrypt/letsencrypt 

Install Node.js with Standard Binary Packages

You can determine the CPU architecture of your server with these commands:

$ getconf LONG_BIT

64

$ uname -p

x86_64

You can download this file from the browser or from the console. The latter is shown below (Note: the specific Node.js version might be different for you):

$ wget http://nodejs.org/dist/v0.12.0/node-v0.12.0-linux-x64.tar.gz

From a console window, go to the directory to which the Node.js binary was downloaded, and then execute the following command to install the Node.js binary package in “/usr/local/” or "/usr/":

$ sudo tar -C /usr/local --strip-components 1 -xzf node-v0.12.7-linux-x86.tar.gz

You should now have both node and npm installed in “/usr/bin”. You can check this typing:

$ ls -l /usr/local/bin/node

$ ls -l /usr/local/bin/npm

Dtrace installation on Debian 7

When I install the dtrace via systemtap I had an error like this "could not load module build-3.2.0-4-amd64/driver/dtracedrv.ko: No such file or directory"

How I solved the problem;
$sudo apt-get install linux-headers-$(uname -r)

Dtrace installation;

$git clone "https://github.com/dtrace4linux/linux.git" dtrace
$sudo apt-get install linux-headers-$(uname -r)

$cd dtrace
$tools/get-deps.pl
$sudo make all 

$sudo make install

$sudo make load

$sudo dtrace -l

Haproxy Transparent Mode on Centos 7

Haproxy Transparent Mode on Centos 7

 HAProxy can’t do transparent binding or proxying alone. It must stand on a compiled and tuned Linux Kernel and operating system.

But Centos 7 supported haproxy transparent mode.

Step by step configuration; 

1. sysctl settings
2. iptables rules
3. ip route rules
4. HAProxy configuration

Step 1 is Sysctl serttings;

 – net.ipv4.ip_forward
  – net.ipv4.ip_nonlocal_bind

# echo 1 > /proc/sys/net/ipv4/ip_forward

# echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind

Step 2 is iptables rules;

#iptables -F -t mangle
#iptables -F
#iptables -F -t nat
#iptables -t mangle -N DIVERT
#iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
#iptables -t mangle -A DIVERT -j MARK --set-mark 1

#iptables -t mangle -A DIVERT -j ACCEPT

Step 3 is ip route rules;
tell the Operating System to forward packets marked by iptables to the loopback where HAProxy can catch them:
#ip rule add fwmark 1 lookup 100

#ip route add local 0.0.0.0/0 dev lo table 100

Step 4 is haproxy configuration;
Finally, you can configure HAProxy.
  * Transparent binding can be configured like this:
frontend App_in
        bind ipofhaproxy:10421 transparent

        mode tcp

backend App_out

        mode tcp

        log global

        source 0.0.0.0 usesrc clientip

        balance roundrobin

        server backend1 ipofbackend01:10421 check

        server backend2 ipofbackend02:10421 check

Note: When you reboot the server ,ip rules will be delete.

Bash script will help you ;)

#!/bin/bash

iptables -F

iptables -F -t nat

iptables -t mangle -N DIVERT

iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT

iptables -t mangle -A DIVERT -j MARK --set-mark 1

iptables -t mangle -A DIVERT -j ACCEPT

ip rule add fwmark 1 lookup 100

ip route add local 0.0.0.0/0 dev lo table 100

Nginx, Django, Gunicorn & Mysql Installation and Configuration on Debian 7

Nginx, Django, Gunicorn & Mysql Installation and Configuration

Step One;

Update packages

#apt-get update

#apt-get upgrade

Step Two;

Install and create virtualenv

#apt-get install python-virtualenv python-dev

#source virtualenv /opt/myenv

Notice that a new directory "myenv" was created in the "/opt" directory. This is where our virtualenv will live. Make sure to replace "/opt/myenv" with the path to where you want your virtualenv installed. I typically put my env's in /opt, but this is strictly preference. Some people create a directory named "webapps" at the root of the VPS. Choose whatever method makes the most sense to you.

Step Three ;

Install Django

#source /opt/myenv/bin/activate

You should now see that "(myenv)" has been appended to the beginning of your terminal prompt. This will help you to know when your virtualenv is active and which virtualenv is active should you have multiple virtualenv's on the VPS.

With your virtualenv active, we can now install Django. To do this, we will use pip, a Python package manager much like easy_install. Here is the command you will run:

(myenv)root@Django:/opt/myenv/bin#pip install django

You now have Django installed in your virtualenv! Now let's get our database server going.

Step Four ;

Install Mysql Server

Since we don't need our virtualenv active for this part, run the following command to deactivate:

(myenv)root@Django:/opt/myenv/bin#deactivate

This will always deactivate whatever virtualenv is active currently. Now we need to install dependencies for Mysql to work with Django with this command:

#apt-get install python-mysqldb libmysqlclient-dev mysql-server

Step Five;

Install Nginx

#apt-get install nginx

Step Six;

Install Gunicorn

Gunicorn is a very powerful Python WSGI HTTP Server. Since it is a Python package we need to first activate our virtualenv to install it. Here is how we do that:

#source /opt/myenv/bin/activate

Make sure you see the added "myenv" at the beginning of your terminal prompt. With your virtualenv now active, run this command:

(myenv)root@Django:/opt/myenv/bin# pip install gunicorn

Gunicorn is now installed within your virtualenv.

If all you wanted was to get everything installed, feel free to stop here. Otherwise, please continue for instructions on how to configure everything to work together and make your app accessible to others on the web.

(myenv)root@Django:/opt/myenv/bin#deactivate

Step Seven;

Configure Mysql

#mysql -u root -p 

>CREATE DATABASE djangodb;

>CREATE USER 'django'@'localhost' IDENTIFIED BY 'passwd';

>GRANT ALL PRIVILEGES ON djangodb . * TO 'django'@'localhost';

>FLUSH PRIVILEGES;

Step Eight;

Create a Django project

In order to go any further we need a Django project to test with. This will allow us to see if what we are doing is working or not. Change directories into the directory of your virtualenv (in my case /opt/myenv) like so:

#cd /opt/myenv

Now make sure your virtualenv is active. If you're unsure then just run the following command to ensure you're activated:

#source /opt/myenv/bin/activate

With your virtualenv now active, run the following command to start a new Django project:

(myenv)root@Django:/opt/myenv/bin#django-admin.py startproject myproject

You should see a new directory called "myproject" inside your virtualenv directory. This is where our new Django project files live.

In order for Django to be able to talk to our database we need to install a backend for Mysql. Make sure your virtualenv is active and run the following command in order to do this:

(myenv)root@Django:/opt/myenv/bin# pip install mysql-python
Change directories into the new "myproject" directory and then into it's subdirectory which is also called "myproject" like this:
(myenv)root@Django:/opt/myenv/bin#cd /opt/myenv/myproject/myproject
Edit the settings.py file with your editor of choice:
(myenv)root@Django:/opt/myenv/myproject/myproject#nano settings.py
Find the database settings and edit them to look like this:

DATABASES = {
        'default': {

'ENGINE': 'django.db.backends.mysql', 

'NAME': 'djangodb',

'USER': 'django',

'PASSWORD': 'passwd',

'HOST': 'localhost',   # Or an IP Address that your DB is hosted on



'PORT': '3306',
  }
}

Save and exit the file. Now move up one directory so your in your main Django project directory 
#cd /opt/myenv/myproject
Activate your virtualenv if you haven't already with the following command:
#source /opt/myenv/bin/activate
With your virtualenv active, run the following command so that Django can add it's initial configuration and other tables to your database:
(myenv)root@Django:/opt/myenv/myproject/#python manage.py syncdb
You should see some output describing what tables were installed, followed by a prompt asking if you want to create a superuser. This is optional and depends on if you will be using Django's auth system or the Django admin.

Step Nine;
Configure Gunicorn
First lets just go over running Gunicorn with default settings. Here is the command to just run default 
#gunicorn_django --bind yourdomainorip.com:8001
Be sure to replace "yourdomainorip.com" with your domain, or the IP address of your VPS if you prefer. Now go to your web browser and visit yourdomainorip.com:8001 and see what you get. You should get the Django welcome screen.
If you look closely at the output from the above command however, you will notice only one Gunicorn worker booted. What if you are launching a large-scale application on a large VPS? Have no fear! All we need to do is modify the command a bit like so:
#gunicorn_django --workers=3 --bind yourdomainorip.com:8001

Now you will notice that 3 workers were booted instead of just 1 worker. You can change this number to whatever suits your needs.

Since we ran the command to start Gunicorn as root, Gunicorn is now running as root. What if you don't want that? Again, we can alter the command above slightly to accomodate:

#gunicorn_django --workers=3 --user=nobody --bind yourdomainorip.com:8001

If you want to set more options for Gunicorn, then it is best to set up a config file that you can call when running Gunicorn. This will result in a much shorter and easier to read/configure Gunicorn command.

You can place the configuration file for gunicorn anywhere you would like. For simplicity, we will place it in our virtualenv directory. Navigate to the directory of your virtualenv like so:

#cd /opt/myenv
Now open your config file with your preferred editor (nano is used in the example below):
#nano gunicorn_config.py
Add the following contents to the file:

command = '/opt/myenv/bin/gunicorn'
pythonpath = '/opt/myenv/myproject'
bind = '127.0.0.1:8001'
workers = 3
user = 'nobody'

Save and exit the file. What these options do is to set the path to the gunicorn binary, add your project directory to your Python path, set the domain and port to bind Gunicorn to, set the number of gunicorn workers and set the user Gunicorn will run as.

In order to run the server, this time we need a bit longer command. Enter the following command into your prompt:

#/opt/myenv/bin/gunicorn -c /opt/myenv/gunicorn_config.py myproject.wsg

You will notice that in the above command we pass the "-c" flag. This tells gunicorn that we have a config file we want to use, which we pass in just after the "-c" flag. Lastly, we pass in a Python dotted notation reference to our WSGI file so that Gunicorn knows where our WSGI file is.

Running Gunicorn this way requires that you either run Gunicorn in its own screen session (if you're familiar with using screen), or that you background the process by hitting "ctrl + z" and then typing "bg" and "enter" all right after running the Gunicorn command. This will background the process so it continues running even after your current session is closed. This also poses the problem of needing to manually start or restart Gunicorn should your VPS gets rebooted or were it to crash for some reason. To solve this problem, most people use supervisord to manage Gunicorn and start/restart it as needed. Installing and configuring supervisord has been covered in another article which can be found here.

Lastly, this is by no means an exhaustive list of configuration options for Gunicorn. Please read the Gunicorn documentation found at gunicorn.org for more on this topic.

Step Ten;

Configure Nginx

#service nginx restart

Since we are only setting NGINX to handle static files we need to first decide where our static files will be stored. Open your settings.py file for your Django project and edit the STATIC_ROOT line to look like this:

STATIC_ROOT = "/opt/myenv/static/" 

Add to /opt/myenv/myproject/myproject/settings.py

#nano /etc/nginx/sites-available/myproject

server {
        server_name yourdomainorip.com;

        access_log off;

        location /static/ {
            alias /opt/myenv/static/;
        }

        location / {
                proxy_pass http://127.0.0.1:8001;
                proxy_set_header X-Forwarded-Host $server_name;
                proxy_set_header X-Real-IP $remote_addr;
                add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
        }
    }

#cd /etc/nginx/sites-enabled

#ln -s ../sites-available/myproject

#rm default

#service nginx restart

And that's it! You now have Django installed and working with Mysql and your app is web accessible with NGINX serving static content and Gunicorn serving as your app server. If you have any questions or further advice, be sure to leave it in the comments section.

Puppet kurulumu ve ayarları

Puppet

Puppet bir sistem otomasyon aracıdır.

Örnek vermek gerekirse 10 tane sunucuyu kurup yönetmek kolay ve zahmetsiz görülebilir, konfiurasyon dosyalarını tek tek düzenleyebilirsiniz .

Bu sayı artış göstermeye başladığı zaman bir süre sonra sorunlar ve zorluklar çekmeye başlayabilirsin Böyle durumlar da imdada  puppet yetişiyor ve bir çok külfetten kurtulmuş oluyorsunuz.

Kurulum için ihtiyaç listesi :))
VirtualBox,
Debian 7.6 netinstall,

Puppet master ve agent tarafında yapılması gerekenler;

Dns adlarını lokal de yaptığımız için hosts dosyası içine eklemek ve makina adları ile ping attığına emin olmak.
Puppet Master ;
#nano /etc/hosts
127.0.0.1       localhost
127.0.1.1       deb7.6  deb7
10.1.0.172      puppetagent

Puppet Agent;
#nano /etc/hosts
127.0.0.1       localhost
127.0.1.1       deb7.6  deb7
10.1.0.171      puppetmaster

Ntp kurmamız şart değil bu test için manual olarakta aynı nette ki ntp serverlardan eşitlersini fakat gerçek zamanlı olarak sisteminize entegre etmeniz gerekiyorsa bi time server şart ve master agent ilişkisin de zamanların birbirini tutması gerekli.

Puppet Master Kurulumu;

Puppet Master ;

# wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb

#dpkg -i puppetlabs-release-trusty.deb

#apt-get update

#apt-get install puppetmaster-passenger

Peki neden puppet passenger kurduk onu bir anlatayım.

Passenger kurduğumuz da processler apache tarafından kontrol ediliyor yani apache çalışıyorsa puppet da çalışıyor demektir.

Sertifikaları silelim.

#rm -rf /var/lib/puppet/ssl

Puppetın temel konfigurasyonunu yapalım;

#/etc/puppet/puppet.conf

[main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY

Buna ek olarak "certname = puppet" kısmını da main'in altına yazmamız gerekli ve fqdn girmemiz gerekli main altına "dns_alt_names = puppet, puppetmaster".

Kaydet ve çık.

Şimdi ssl cert generate edelim .
#puppet master --verbose --no-daemonize
Aşağıda ki gibi bir output vermesi gerekli;

Info: Creating a new SSL key for ca
Info: Creating a new SSL certificate request for ca
Info: Certificate Request fingerprint (SHA256): EC:7D:ED:15:DE:E3:F1:49:1A:1B:9C:D8:04:F5:46:EF:B4:33:91:91:B6:5D:19:AC:21:D6:40:46:4A:50:5A:29
Notice: Signed certificate request for ca
...
Notice: Signed certificate request for puppet
Notice: Removing file Puppet::SSL::CertificateRequest puppet at '/var/lib/puppet/ssl/ca/requests/puppet.pem'
Notice: Removing file Puppet::SSL::CertificateRequest puppet at '/var/lib/puppet/ssl/certificate_requests/puppet.pem'
Notice: Starting Puppet master version 3.6.2

Eğer bakmak isterseniz şöyle bir sertifikaya .
#puppet cert list -all

Aşağıda ki şekil de bir dosya oluşturalım , bu dosya hostların kurulum ve ayarlarını nasıl olacağını belirlediğimiz yer.

Son olarak ;
#service apache2 restart

Puppet Agent;

# wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb

#dpkg -i puppetlabs-release-trusty.deb

#apt-get update

#apt-get install puppet

Aşağıda açtığımız dosyada ki değeri "yes" olarak değiştiriyoruz.

#nano /etc/default/puppet

START = yes

Agentın ayarlarını yapalım.

#nano /etc/puppet/puppet.conf

Template ve master kısmını siliyoruz.

[Agent]

Server=puppetmaster

#service puppet start

Puppet master;

Agentdan gelen isteği onaylamak için puppet master da sertifikayı imzalıyoruz.

#puppet cert list

"puppetagent.local"(SHA256) B1:96:ED:1F:F7:1E:40:53:C1:D4:1B:3C:75:F4:7C:0B:A9:4C:1B:5D:95:2B:79:C0:08:DD:2B:F4:4A:36:EE:E3

#puppet cert sign puppetagent.local

sertifikayı kaldırmak için ;

#puppet cert clean "hostadı"

Puppet agenta geçip agent tarafını test etmek için ;

#puppet agent --test

Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb
Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
Info: Caching catalog for hostadı
Info: Applying configuration version '1407966707'

Sistem testi için ;

#nano /etc/puppet/manifests/site.pp
file {'/tmp/example-ip':                                            # resource type file and filename
  ensure  => present,                                               # make sure it exists
  mode    => 0644,                                                  # file permissions
  content => "Here is my Public IP Address: ${ipaddress_eth0}.\n",  # note the ipaddress_eth0 fact
}
Agent tarafını test ettiğimiz de;
#cat /tmp/example-ip
Here is my Public IP Address: 128.131.192.11.