This thread was very helpful and got me most of the way there. I started with bare-bones legacy RHEL4 vms and had to add a couple steps to get things working properly. Here's the complete procedure from start to finish:
*RHEL4 Client Installation:* Set up some repos: cd /etc/yum.repos.d wget http://public-yum.oracle.com/public-yum-el4.repo Install some packages: yum install gcc yum install zlib yum install zlib-devel Install Ruby: cd /opt wget ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p72.tar.gz tar -xzvf ruby-1.8.7-p72.tar.gz cd ruby-1.8.7-p72 ./configure make make install Install ruby gems: cd /opt wget http://pkgs.fedoraproject.org/repo/pkgs/rubygems/rubygems-1.3.7.tgz/e85cfadd025ff6ab689375adbf344bbe/rubygems-1.3.7.tgz tar -xvzf rubygems-1.3.7.tgz cd rubygems-1.3.7 /usr/local/bin/ruby setup.rb Install/Upgrade openssl and openssl-devel: yum install openssl yum install openssl-devel Install openssl support for ruby: cd /opt/ruby-1.8.7-p72/ext/openssl /usr/local/bin/ruby extconf.rb make make install Install Puppet: gem install puppet Configure Puppet: mkdir /etc/puppet cp /usr/local/lib/ruby/gems/1.8/gems/puppet-3.7.3/ext/redhat/puppet.conf /etc/puppet/. Add your changes to puppet.conf *Oracle Enterprise Linux 7 Server Install Changes:* If you did a yum install puppet-server from the puppetlabs repo already: This procedure won't blow away changes to config files, but let's back them up anyway: cp -rp /etc/puppet /root/. Remove the package and clear the ssl directory. yum remove puppet-server rm -rf /etc/puppet/ssl/* Download puppet source tarball and fixup the code: cd /opt wget http://downloads.puppetlabs.com/puppet/puppet-3.7.2.tar.gz tar -xvzf puppet-3.7.2.tar.gz cd /opt/puppet-3.7.2/lib/puppet/ssl vi certificate_signer.rb swap all instances of SHA256 for SHA1, swap SHA1 for SHA256 see upthread for details Install Puppet: cd /opt/puppet-3.7.2 ruby install.rb Start the Puppet Master and generate new SSL CA certs: puppet master --verbose --no-daemonize You should see the ca cert being generated with SHA1 fingerprint like this: Info: Creating a new SSL key for ca Info: Creating a new SSL certificate request for ca Info: Certificate Request fingerprint (SHA1): 33:81:E5:BF:A2:E4:57:86:17:B2:2F:DC:AB:BA:2D:6E:0F:D6:C3:7E Notice: Signed certificate request for ca Info: Creating a new certificate revocation list Info: Creating a new SSL key for puppet.my.domain.com Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for puppet.my.domain.com Info: Certificate Request fingerprint (SHA1): AB:B1:A7:21:F0:AA:0A:CB:E4:76:2D:5C:B4:87:38:69:BB:70:23:DF Notice: puppet.my.domain.com has a waiting certificate request Info: Autosigning puppet.my.domain.com Notice: Signed certificate request for puppet.my.domain.com Notice: Removing file Puppet::SSL::CertificateRequest puppet.my.domain.com at '/var/puppet/ssl/ca/requests/puppet.sba.select.com.pem' Notice: Removing file Puppet::SSL::CertificateRequest puppet.my.domain.com at '/var/puppet/ssl/certificate_requests/puppet.my.domain.pem' Notice: Starting Puppet master version 3.7.2 ^CNotice: Caught INT; calling stop Hit ctrl-C when you see the line that says: Notice: Starting Puppet master version 3.7.2 You can now start your apache/rack application and you are good to go. Make sure to get rid of existing certs on any non-RHEL4 clients so they can regenerate them from the altered master. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c352a139-b350-4ef6-8c56-176fcd887d73%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
