操作系统RHEL6.3 x64
一.安装puppet Server
1.配置yum源
[root@master ~]# cat /etc/yum.repos.d/yum.repo
[core]
name=rhel
baseurl=ftp://dhcp.clovem.com/pub/
enabled=1
gpgcheck=0
2.安装ruby
[root@master ~]# yum install ruby ruby-libs ruby-shadow -y
3.安装facter
[root@master ~]# tar zxvf facter-1.6.8.tgz ; cd facter-1.6.8
[root@master ~]# ruby install.rb
4.安装puppet master
[root@master ~]# tar zxvf puppet-3.2.0-rc1.tar.gz ; cd puppet-3.2.0-rc1
[root@master ~]# ruby install.rb
5.复制配置文件
[root@master puppet-3.2.0-rc1]# cp ext/redhat/puppet.conf /etc/puppet/puppet.conf
[root@master puppet-3.2.0-rc1]# cp ext/redhat/server.init /etc/init.d/puppetmaster
[root@master puppet-3.2.0-rc1]# useradd puppet
[root@master puppet-3.2.0-rc1]#chmod a+x /etc/init.d/puppetmaster
[root@master puppet-3.2.0-rc1]#chkconfig --add puppetmaster
[root@master puppet-3.2.0-rc1]#chkconfig puppetmaster on
[root@master puppet-3.2.0-rc1]#service puppetmaster start
二.安装puppet Agent
1.配置yum源
[root@rs1 ~]# cat /etc/yum.repos.d/yum.repo
[core]
name=rhel
baseurl=ftp://dhcp.clovem.com/pub/
enabled=1
gpgcheck=0
2.安装ruby
[root@rs1 ~]# yum install ruby ruby-libs ruby-shadow -y
3.安装facter
[root@rs1 ~]# tar zxvf facter-1.6.8.tgz ; cd facter-1.6.8
[root@rs1 ~]# ruby install.rb
4.安装puppet agent
[root@rs1 ~]# tar zxvf puppet-3.2.0-rc1.tar.gz ; cd puppet-3.2.0-rc1
[root@rs1 ~]# ruby install.rb
5.复制配置文件
[root@rs1 puppet-3.2.0-rc1]# cp ext/redhat/puppet.conf /etc/puppet/puppet.conf
[root@rs1 puppet-3.2.0-rc1]# cp ext/redhat/client.init /etc/init.d/puppet
[root@rs1 puppet-3.2.0-rc1]#chkconfig --add puppet
[root@rs1 puppet-3.2.0-rc1]#chkconfig puppet on
[root@rs1 puppet-3.2.0-rc1]#service puppet start
三. 配置认证
1.Agent端
(1)添加解析记录
[root@rs1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.24.40.23 master.clovem.com
172.24.40.25 rs1.clovem.com
在/etc/puppet/puppet.conf 的[main]中加入server=master.clovem.com
[root@rs1 ~]# cat /etc/puppet/puppet.conf |grep server
server=master.clovem.com
(2) 发送验证请求
[root@rs1 ~]# puppet agent --server=master.clovem.com --test
Info: Creating a new SSL key for rs1.clovem.com
Info: Caching certificate for ca
Info: Creating a new SSL certificate request for rs1.clovem.com
Info: Certificate Request fingerprint (SHA256): 51:95:52:65:05:BF:3D:C7:23:AA:2F:48:E7:42:B7:A5:83:58:25:E3:F2:7F:47:78:D6:30:F7:F9:6B:0C:F6:4E
Exiting; no certificate found and waitforcert is disabled
[root@rs1 ~]# ll /var/lib/puppet/ssl/certs/
total 4
-rw-r--r-- 1 root root 1887 May 7 23:14 ca.pem
2.服务端
(1) 添加解析记录
[root@master ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.24.40.10 dhcp.clovem.com
172.24.40.23 master.clovem.com
172.24.40.25 rs1.clovem.com
(2) 列出验证请求
[root@master ~]# puppet cert list
"rs1.clovem.com" (SHA256) 51:95:52:65:05:BF:3D:C7:23:AA:2F:48:E7:42:B7:A5:83:58:25:E3:F2:7F:47:78:D6:30:F7:F9:6B:0C:F6:4E
(3) 进行证书签名
[root@master ~]# puppet cert --sign rs1.clovem.com //如果需要签名所有,使用--sign --all
Notice: Signed certificate request for rs1.clovem.com
Notice: Removing file Puppet::SSL::CertificateRequest rs1.clovem.com at '/var/lib/puppet/ssl/ca/requests/rs1.clovem.com.pem'
3.客户端验证
[root@rs1 ~]# puppet agent --server=master.clovem.com --test
Info: Caching certificate for rs1.clovem.com
Info: Caching certificate_revocation_list for ca
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve information from environment production source(s) puppet://master.clovem.com/plugins
Info: Caching catalog for rs1.clovem.com
Info: Applying configuration version '1367939978'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.03 seconds
[root@rs1 ~]# ls /var/lib/puppet/ssl/certs/ //发现此时多出rs1.clovem.com.pem
ca.pem rs1.clovem.com.pem
三.简单测试
1.服务端配置:
[root@master ~]# cat /etc/puppet/manifests/site.pp //修改之后立即生效,无需重启puppetmaster服务
node default{
file { "/tmp/test.txt":
content=> "hello, this is firt puppet test\n";
}
}
2.客户端查看是否成功创建文件
由于puppet Agent端默认30分钟跟Master端进行同步配置文件,所以此处进行手动重启,查看是否成功
如果需要修改同步时间,在/etc/puppet/puppet.conf 的[agent]下加入runinterval = n ,表示n秒同步
[root@ts1 ~]# service puppet restart
[root@ts1 ~]# cat /tmp/test.txt
hello, this is firt puppet test
本文转自 暗黑魔君 51CTO博客,原文链接:http://blog.51cto.com/clovemfong/1197587,如需转载请自行联系原作者
