Mike Zupan’s blog has a nice how to on installing puppet’s dashboard on CentOS 5, following it I was able to get the dashboard up and running with ease. Since I have two puppet master’s that I’d like to report to the dashboard I found you can easily accomplish this without a full dashboard install on each master.
You just need to:
- Copy over ‘puppet_dashboard.rb’ with a modified HOST line to the other host.
- Modify /etc/sysconfig/puppetmaster.
- Turn on reporting on the clients.
- Restart puppetmaster.
Since the puppet_dashboard.rb is just making an HTTP post to the dashboard server, it can be coming from anywhere.
Being in a large corporate environment has positives and negatives, one of those negatives is that many companies use HTTP proxies to control and track internet usage from your work machines. While in most cases this is very important from the HR and workplace productivity side, it can become a headache if you actually need something outside your companies firewalls that is blocked. In my case I wanted to backup some configurations and code to my home machine. To do this I’d generally just rsync over ssh or scp the files over to an off site machine. Sadly with a full firewall up and all traffic required to go through HTTP proxies, I had to find a different solution. In my case, I decided to use ‘corkscrew’.
Read more…
Since I failed to find a good description of how to do this on the web, I thought I’d share my recipe for using puppet to manage tripwire. This method will take care of running the initialization on the first puppetd run on a new machine, and update the policy file if its changed. It also has puppet managing your site.key, twcfg.txt, twpol.txt, and the daily cron to run the checks. Its an extremely simple setup, but gets the job done.
I’ll start with the tripwire.pp file for puppet, in this file you’ll define your tripwire class and associated files and packages:
Read more…
I recently ran into an issue where my I had Xymon clients on a network which was unpingable from the Xymon server. The clients could could send data to the server, but they were hidden behind network address translation and only on a local network. I had one box (the gateway for the unreachable clients), that saw both networks. I played with the idea of running bbproxy on it, but didn’t really want an entire Xymon server and it really was not necessary since the other clients could get their data out. Looking at hobbitlaunch.cfg I noticed it was really just a larger clientlaunch.cfg, which gave me the idea of just copying over bbnet and using on a client install – which worked perfectly. Read more…