puppet------安装
注: puppet的安装前最好创建快照,需要细心,下面是我的安装过程puppet准备工作
1 安装
yum -y install puppet puppet-server(服务端才要装这个)
# puppet -V
2.7.26
增加host文件解析
最后确保不会更改服务端主机名了,并且已经做好了快照或备份还原点的准备,客户端和服务端都做,这样方便后面的解决问题
2 初步配置
2.1 增加配置文件
# tree -R /etc/puppet/
/etc/puppet/
├── auth.conf
├── fileserver.conf
├── manifests
├── modules
└── puppet.conf
2 directories, 4 files
# cd /etc/puppet
# cat manifests/site.pp
import "nodes/*.pp"
2.2 服务端服务开启,客户端认证请求,服务端签发证书
前提:selinux和防火墙至少开放8140口没问题,否则会报get addr info的错误
# puppet master start
# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 5167/ruby
客户端:
# puppet agent --test --verbose
info: Creating a new SSL key for cobbler
info: Caching certificate for ca
info: Creating a new SSL certificate request for cobbler
info: Certificate Request fingerprint (SHA256): 14:3E:29:3E:88:83:FE:20:93:03:0A:03:6B:F5:B6:98:2B:07:0C:D3:32:A7:A9:D7:A5:80:D9:D8:30:E0:A8:57
Exiting; no certificate found and waitforcert is disabled
server端查看下请求并签发:
# puppet cert list
"cobbler" (D0:92:71:0D:B9:10:3D:28:35:D9:CE:99:7D:01:4C:3B)
"zabbix-server" (CC:DC:03:09:B7:86:9C:90:0F:76:FF:E2:6E:E0:61:4A)
如果出现你的hostname后面还有rev.home.ne.jp,那么去/etc/resolv.conf把search domain注释掉,把/etc/sysconfig/network-scripts/ifcfg-eth0的NM_CONTROLLED设置为no
# puppet cert sign "cobbler"
notice: Signed certificate request for cobbler
notice: Removing file Puppet::SSL::CertificateRequest cobbler at '/var/lib/puppet/ssl/ca/requests/cobbler.pem'
最后做一个测试就行了:
测试过程
1 server端写一个pp文件,相当于puppet的对节点的配置文件
# catmanifests/site.pp
node default {
file {"/tmp/liuliancao_test.txt":
ensure=>present,
content =>"you know.puppet is your friend.\n";
}
}
#import "nodes/*.pp"
检查一下是否有语法错误
# puppet parser validatemanifests/site.pp
2 agent请求,然后观察是否有指定的测试文件
# puppet agent --test --verbose --server puppet
info: Caching catalog for zabbix-server
info: Applying configuration version '1455787094'
notice: /Stage//Node/File/content:
--- /tmp/liuliancao_test.txt2016-02-18 17:16:13.646414163 +0800
+++ /tmp/puppet-file20160218-12128-1dp2fei-02016-02-18 17:18:16.251414135 +0800
@@ -1 +1 @@
-you know.puppet is your friend.
\ No newline at end of file
+you know.puppet is your friend.
info: FileBucket adding {md5}7364c5483d25fe12eb0912643d8c8927
info: /Stage//Node/File: Filebucketed /tmp/liuliancao_test.txt to puppet with sum 7364c5483d25fe12eb0912643d8c8927
notice: /Stage//Node/File/content: content changed '{md5}7364c5483d25fe12eb0912643d8c8927' to '{md5}aa050a17ce909e980c9e3e510a08935a'
notice: Finished catalog run in 0.09 seconds
# cat /tmp/liuliancao_test.txt
you know.puppet is your friend.
运行正常
FAQ:
由于问题比较多,所以这里总结下遇到的错误,建议写出来,可能下个月就忘了
问题1:在输入puppet agent --test --verbose --server启动的时候,no route to host
答:检查两端防火墙service iptables status,还有是否指定了server参数(配置文件中或者当下)
问题2:重新申请证书,如何清理干净
答:我的步骤,
S:puppet cert clean "清理的主机名" C:rm -rf /var/lib/puppet
S:puppet master restart C:puppet agent --verbose --test --server "服务器的主机名"
S:puppet cert list && puppet cert sign "清理的主机名" C:puppet agent --verbose --test --server "服务器的主机名"(验证是否成功)
问题3:其他奇怪的问题
答:换其他agent测试,如果一样,实在不行重装,肯定行了
页:
[1]