运维利器-puppet集中配置管理系统安装测试[转]
运维利器-puppet集中配置管理系统安装测试环境:
192.168.128.128 puppet-server
192.168.128.32 puppet-client
1,安装前准备工作
puppet是ruby写的程序,依赖ruby环境,rpm -qa|grep ruby检查是否安装,若没安装,可挂载本地光盘或者在线yum安装:
# yum install -y ruby-libs ruby ruby-irb ruby-rdoc
# hostname puppet-server #客户端为puppet-client
# vi /etc/hosts
127.0.0.1 localhost.localdomain localhost puppet-server #客户端为puppet-client
::1 localhost6.localdomain6 localhost6
192.168.128.32puppet-client #客户端为192.168.128.128puppet-server
# vi /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=puppet-server #客户端为puppet-client
# vi /etc/resolv.conf
; generated by /sbin/dhclient-script
#search localdomain #注释这行,大部分的文章都没写这一步,造成无法认证;
nameserver 192.168.128.2
修改完以上文件,退出重新登录。
2,puppet-server安装配置
# cd /usr/local/src/
# tar zxf facter-1.6.8.tar.gz
# tar zxf puppet-2.6.14.tar.gz
# cd facter-1.6.8
# ruby install.rb
# cd ../puppet-2.6.14
# ruby install.rb
# cp conf/redhat/fileserver.conf /etc/puppet/
# cp conf/redhat/puppet.conf /etc/puppet/
# cp conf/redhat/server.init /etc/init.d/puppetmaster
# chmod +x /etc/init.d/puppetmasterd
# chkconfig --add puppetmasterd
# chkconfig --level 35 puppetmasterd on
# mkdir /etc/puppet/manifests
# puppetmasterd --mkusers
# /etc/init.d/puppetmasterd start
3,puppet-client安装配置
# cd /usr/local/src/
# tar zxf facter-1.6.8.tar.gz
# tar zxf puppet-2.6.14.tar.gz
# cd facter-1.6.8
# ruby install.rb
# cd ../puppet-2.6.14
# ruby install.rb
# cp conf/namespaceauth.conf /etc/puppet/
# cp conf/redhat/puppet.conf /etc/puppet/
# cp conf/redhat/client.init /etc/init.d/puppetd
# chmod +x /etc/init.d/puppetd
# chkconfig --add puppetd
# chkconfig --level 35 puppetd on
# puppetd --mkusers #创建用户报错,以下手动创建
# groupadd puppet
# useradd -g puppet -M puppet
# /etc/init.d/puppetd start
4,签名认证
客户端发送请求:
# puppetd --test --server puppet-server
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for puppet-client
info: Certificate Request fingerprint (md5): FB:5F:4B:05:8E:56:7F:A0:71:B0:59:6C:19:E5:A8:C4
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled
服务器端查看认证请求:
# puppetca -l
puppet-client (FB:5F:4B:05:8E:56:7F:A0:71:B0:59:6C:19:E5:A8:C4)
认证单个客户端:
# puppetca -s puppet-client
notice: Signed certificate request for puppet-client
notice: Removing file Puppet::SSL::CertificateRequest puppet-client at '/var/lib/puppet/ssl/ca/requests/puppet-client.pem'
认证所有客户端:
# puppetca -s -a
客户端再次执行,已完成认证:
# puppetd --test --server puppet-server
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for puppet-client
info: Caching certificate_revocation_list for ca
info: Caching catalog for puppet-client
info: Applying configuration version '1337769948'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.01 seconds
5,最简单测试:修改客户端文件权限
服务器端添加主配置文件site.pp:
# vi /etc/puppet/manifests/site.pp
file
{ "/root/install.log":
owner => "puppet",
group => "puppet",
mode => 666,
}
客户端执行命令:
# puppetd --test --server puppet-server
客户端/root/install.log文件执行前后属主权限变化:
刚刚接触puppet,后续将深入配置实例演示……
ps
我与本文的作者安装的稍微有些出入,我添加了epel源之后,直接yum search puppet ,然后安装yum install puppet-server,后面的facter也是可以用yum安装的,node节点与server认证,以及测试的时候,我参考了本文的作者的例子!
页:
[1]