Puppet安装与配置-自学
环境:CoentOS 5.8 x86_64 ,selinux,iptables 已经关闭puppetmaster 192.168.1.90 puppetmaster.info.com
client 192.168.1.223 client.info.com
原理图:
1) 客户端通过facter收集客户端信息并发送至服务端
2) 连接服务端并请求catalog日志
3) 请求节点(node)的信息
4) 从服务器端接收节点(node)的实例
5) 编译代码(包括语法检查等工作)
6) 查询是否有exported 虚拟资源
7) 如有,则从数据库接收虚拟资源
8) 接收完整的catalog日志
9) 存储catalog日志到数据库
10) 客户端接收完整的catalog日志
以上参考资料。
Puppet安装
Puppet master—服务器
# vim /etc/hosts
192.168.1.90 puppetmaster.info.com
192.168.1.223 client.info.com
# vim/etc/sysconfig/puppet
PUPPET_SERVER=puppetmaster.info.com
# vim /etc/puppet/puppet.conf
server =puppetmaster.info.com
yum-y install ruby ruby-libs ruby-shadow
yum-y install puppet puppet-server facter
# ruby --version
ruby 1.8.7 (2013-06-27 patchlevel 374)
# puppetmasterd --version
2.7.26
# puppet --version
2.7.26
#puppetmasterd –mkusers 创建puppetmaster用户
# ll /etc/puppet/
总用量 20
-rw-r--r-- 1 root root 2569 1月19 21:32 auth.conf
-rw-r--r-- 1 root root381 6月11 2014 fileserver.conf
drwxr-xr-x 2 root root 4096 1月19 21:32 manifests
drwxr-xr-x 2 root root 4096 1月19 21:32 modules
-rw-r--r-- 1 root root853 6月11 2014 puppet.conf
#>
uid=52(puppet) gid=52(puppet) 组=52(puppet)
# cat /etc/passwd |grep puppet
puppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologin
#ll /var/lib/puppet/
总用量 48
drwxr-x--- 2 puppet puppet 4096 4月14 11:49 rrd
# netstat -Tanlp |grep 8140 查看端口
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 4826/ruby
# service puppetrestart
停止 puppet: [确定]
启动 puppet: [确定]
# service puppetmasterrestart
停止 puppetmaster: [确定]
启动 puppetmaster: [确定]
#
Puppet agent—客户端
#vim /etc/hosts
192.168.1.223 client.info.com
192.168.1.90 puppetmaster.info.com
# vim /etc/sysconfig/puppet
PUPPET_SERVER=puppetmaster.info.com
# vim /etc/puppet/puppet.conf
server = puppetmaster.info.com
runinterval = 180
listen = true
yuminstall ruby ruby-libs ruby-shadow
yum-y install puppet facter
# puppetd –mkusers 创建puppet用户
Could not prepare for execution: Got 1failure(s) while initializing: change from absent to present failed: Could notcreate user puppet: Execution of '/usr/sbin/useradd -g puppet -M puppet'returned 3: useradd: invalid numeric argument 'puppet'
# groupadd puppet;useradd -gpuppet -M puppet
# service puppet start
Starting puppet: [ OK ]
# ruby --version
ruby 1.8.7 (2013-06-27 patchlevel 374)
# puppet --version
2.7.26
# service puppet restart
Stopping puppet: [ OK]
Starting puppet:
连接测试
# telnet puppetmaster.info.com8140
Trying192.168.1.90...
Connected topuppetmaster.info.com.
Escape character is'^]'.
Connection closedby foreign host.
# puppetd --test --server puppetmaster.info.com
命令是指puppetd 从 puppetmaster.info.com去读取puppet配置文件。第一次连接,双方会进行ssl证书的验证,这是一个新的客户端,在服务器端那里还没有被认证,因此需要在服务器端进行证书认证。
客户端查看批准证书
# puppetca –l 查看待批准的证书
"client.info.com"(3E:6D:13:F9:29:FB:6F:DB:76:95:80:5C:E2:3D:68:76)
# puppetca -s client.info.com 批准当前证书
notice: Signedcertificate request for client.info.com
notice:RemovingfilePuppet::SSL::CertificateRequestclient.info.comat'/var/lib/puppet/ssl/ca/requests/client.info.com.pem'
# puppetca -a --list 查看已批准的证书
+"client.info.com" (37:3A:82:F6:72:9B:1A:4D:01:66:F9:AB:CA:A6:FB:4E)
#puppetca -s –a 批准全部证书
服务器端的/etc/puppet/puppet.conf加入这行:
autosign = true服务端就自动签证书
如果想重新签证书,需要把/var/lib/puppet/ssl/下清空
#puppetd --test -serverpuppetmaster.info.com 从服务器取回已批准的证书
# pwd
/var/lib/puppet/ssl/certs 客户端证书路径
# ls
ca.pemclient.info.com.pem
验证证书是否正确
# md5sum client.info.com.pem
eb31668083c03a31d700663e4acf018bclient.info.com.pem
# md5sumclient.info.com.pem
eb31668083c03a31d700663e4acf018bclient.info.com.pem
功能测试
# vim /etc/puppet/manifests/site.pp
node default {
file{"/tmp/viong.txt":
content=>"good,testpass!\nHello World!\n";}
}
# servicepuppetmaster restart
停止 puppetmaster: [失败]
启动 puppetmaster: [确定]
上面的代码对默认连入的puppet客户端执行一个操作,在/tmp目录生成一个viong.txt文件,内容是good,test pass! 回车换行Hello World!回车换行.
客户端查看
# puppetd --test --server puppetmaster.info.com
notice: Ignoring--listen on onetime run
info: Cachingcertificate_revocation_list for ca
info: Cachingcatalog for client.info.com
info: Applyingconfiguration version '1429776345'
notice:/Stage//Node/File/ensure: defined content as'{md5}407ecc3e801487fc7b4c4970e352c210'
notice: Finishedcatalog run in 0.06 seconds
# ll /tmp/viong.txt
-rw-r--r--. 1 root root 29 Apr 23 16:08/tmp/viong.txt
# cat /tmp/viong.txt
good,test pass!
Hello World!
页:
[1]