puppet安装和部署
环境# cat /etc/redhat-release
CentOS> http://downloads.puppetlabs.com/facter/facter-1.5.8.tar.gz
http://downloads.puppetlabs.com/puppet/puppet-2.6.1.tar.gz
软件包:
# ll
总用量 1532
-rw-r--r-- 1 root root 71295 8月28 2010 facter-1.5.8.tar.gz
-rw-r--r-- 1 root root 1492177 9月14 2010 puppet-2.6.1.tar.gz
关闭防火墙(线上环境不要作死,一定开启合适的防火墙规则)
# /etc/init.d/iptables stop
# getenforce
Disabled
时间同步
# /etc/init.d/ntpdate start
ntpdate: 与时间服务器同步: [确定]
# chkconfig ntpdate on
[*] 安装Puppetmaster
Ruby环境安装
# yum -y install ruby
创建puppet用户和组
# groupadd puppet
# useradd -g puppet -s/bin/false -M puppet
更改host和hostname
# hostname
master.test.com
# cat /etc/hosts
127.0.0.1localhost localhost.localdomain localhost4 localhost4.localdomain4master.test.com
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.98.110 master.test.com
192.168.98.111 agent.test.com
安装facter
# pwd
/tools
# tar -zxvffacter-1.5.8.tar.gz
# cd facter-1.5.8
# ruby install.rb
确认安装
# echo $?
0
# facter
安装puppet
# pwd
/tools
# tar -zxvfpuppet-2.6.1.tar.gz
# cd puppet-2.6.1
# ruby install.rb
确认安装
# echo $?
0
# mkdir -p /etc/puppet
# cpconf/redhat/* /etc/puppet/
# cpconf/auth.conf /etc/puppet/
# pwd
/tools/puppet-2.6.1
[*] 安装Puppet_agent
关闭防火墙(线上环境不要作死,一定开启合适的防火墙规则)
# /etc/init.d/iptables stop
# getenforce
Disabled
时间同步
# /etc/init.d/ntpdate start
ntpdate: 与时间服务器同步: [确定]
# chkconfig ntpdate on
# mkdir /tools
# cd /tools/
# wget http://downloads.puppetlabs.com/facter/facter-1.5.8.tar.gz
# wget http://downloads.puppetlabs.com/puppet/puppet-2.6.1.tar.gz
http://blog.51cto.com/e/u261/themes/default/images/spacer.gif
Ruby环境的安装
# yum -y install ruby
创建puppet用户和组
# groupadd puppet
# useradd -g puppet-s /bin/false -M puppet
更改Host和hostname
# cat /etc/hosts
127.0.0.1localhost localhost.localdomain localhost4 localhost4.localdomain4agent.test.com
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.98.111 agent.test.com
192.168.98.110 master.test.com
# hostname
agent.test.com
安装facter和puppet
# cd /tools/
# ll
总用量 1532
-rw-r--r-- 1 root root 71295 8月28 2010 facter-1.5.8.tar.gz
-rw-r--r-- 1 root root 1492177 2月 4 01:23 puppet-2.6.1.tar.gz
# tar -xffacter-1.5.8.tar.gz
# tar -xfpuppet-2.6.1.tar.gz
# cd facter-1.5.8
# ruby install.rb
检查安装步骤
# echo $?
0
#heck facter
# facter
# cd ..
# cd puppet-2.6.1
# ruby install.rb
# mkdir -p /etc/puppet
# cp conf/redhat/*/etc/puppet/
# cpconf/auth.conf /etc/puppet/
开始配置puppet
Master端配置
建立配置文件目录
# mkdir/etc/puppet/manifests –p
设置开机自启
# mkdir /etc/puppet/manifests-p
# cp/etc/puppet/server.init /etc/init.d/puppetmaster
# chmod 755/etc/init.d/puppetmaster
# chkconfig --addpuppetmaster
# chkconfig --level 35puppetmaster on
启动puppet master
#/etc/init.d/puppetmaster start
启动 puppetmaster: [确定]
#check puppet master(端口8140)
# netstat -lntup|grepruby
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 2416/ruby
配置agent端—---授权
# telnetmaster.test.com 8140
Trying 192.168.98.110...
Connected to master.test.com.
Escape character is '^]'.
Connection closed by foreign host.
节点申请注册
# puppetd --test--server master.test.com
info: Creating a new SSL key foragent.test.com
warning: peer certificate won't be verifiedin this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verifiedin this SSL session
warning: peer certificate won't be verifiedin this SSL session
info: Creating a new SSL certificaterequest for agent.test.com
info: Certificate Request fingerprint(md5): B6:22:AE:77:67:00:01:B1:43:C1:10:1A:DA:4A:B3:B2
warning: peer certificate won't be verifiedin this SSL session
warning: peer certificate won't be verifiedin this SSL session
warning: peer certificate won't be verifiedin this SSL session
Exiting; no certificate found andwaitforcert is disabled
Master服务器端确定认证
# puppet cert --list–all #服务端查看认证情况
agent.test.com(B6:22:AE:77:67:00:01:B1:43:C1:10:1A:DA:4A:B3:B2)#未认证
+ master.test.com(3F:9B:8A:AD:8A:5C:88:00:AA:AE:FB:09:6E:07:24:FB)
# puppet cert --signagent.test.com#注册agent
notice: Signed certificate request foragent.test.com#将请求的证书正式注册
notice: Removing filePuppet::SSL::CertificateRequest agent.test.com at'/var/lib/puppet/ssl/ca/requests/agent.test.com.pem'
# puppet cert --list–all#再次查看认证情况
+ agent.test.com (32:CF:0B:0E:26:5E:6D:6D:78:B2:AC:41:7B:7C:DD:47)#注意前面的+号
+ master.test.com(3F:9B:8A:AD:8A:5C:88:00:AA:AE:FB:09:6E:07:24:FB)
另外一种查看认证的方式
# tree/var/lib/puppet/ssl/
/var/lib/puppet/ssl/
├── ca
│ ├── ca_crl.pem
│ ├── ca_crt.pem
│ ├── ca_key.pem
│ ├── ca_pub.pem
│ ├── inventory.txt
│ ├── private
│ │ └── ca.pass
│ ├── requests
│ ├── serial
│ └── signed
│ ├──agent.test.com.pem #已经被注册成功
│ └──master.test.com.pem
├── certificate_requests
├── certs
│ ├── ca.pem
│ └── master.test.com.pem
├── crl.pem
├── private
├── private_keys
│ └── master.test.com.pem
└── public_keys
└──master.test.com.pem
9 directories, 14 files
Agent再次测试,验证认证情况
# puppetd --test--server master.test.com
warning: peer certificate won't be verifiedin this SSL session
info: Caching certificate foragent.test.com
info: Caching certificate_revocation_listfor ca
info: Caching catalog for agent.test.com
info: Applying configuration version '1454562128'
info: Creating state file/var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.01seconds
页:
[1]