wslhs 发表于 2018-8-3 08:41:48

Installing puppet(以CentOS为例)

  参考资料:Pro puppet
                      http://docs.puppetlabs.com/
Installing puppet(以CentOS为例)
  测试环境
  Server
  master.puppet.com
  192.168.99.46
  Client
  client.puppet.com
  192.168.99.47
  安装
  源码安装
  1、下载facter,puppet(事先先安装ruby,ruby-libs,ruby-shadows)
  


[*]wget http://downloads.puppetlabs.com/puppet/puppet-2.7.19.tar.gz
[*]wget http://downloads.puppetlabs.com/facter/facter-1.6.11.tar.gz
  

  
  2、安装puppet,facter
  


[*]tar xvf puppet-2.7.19.tar.gz
[*]cd puppet-2.7.19
[*]./install.rb
[*]tar xvf facter-1.6.11.tar.gz
[*]cd facter-1.6.11
[*]./install.rb
  

  
  3、server/client上生成puppet用户
  


[*]puppetmasterd –mkusers
  

  
  yum 安装
  


[*]##server端安装ruby,ruby-libs,ruby-shadows,puppet,puppet-server,facter##
[*]yum install ruby ruby-libs ruby-shadows puppet puppet-server facter
[*]##node 安装ruby ruby-libs ruby-shadows puppet facter ##
[*]yum install ruby ruby-libs ruby-shadows puppet facter
  

  gem 安装
  


[*]##首先安装ruby ruby-libs ruby-shadows
[*]wget http://files.rubyforge.vm.bytemark.co.uk/rubygems/rubygems-1.8.24.tgz
[*]wget http://downloads.puppetlabs.com/gems/facter-1.6.7.gem
[*]wget http://downloads.puppetlabs.com/gems/puppet-2.7.12.gem
[*]tar xvf rubygems-1.8.24.tgz
[*]cd rubygems-1.8.24
[*]ruby setup.rb
[*]gem install facter-1.6.7.gem
[*]gem install puppet-2.7.12.gem
  

  配置
  Puppet 认证
  Puppet是基于主机名(FQDN)的SSL认证,而且SSL认证依赖时间同步,所以server和client时间要保持一致,可以使用netdate同步时间
  1、Server/client时间同步
  


[*]ntpdate time.nist.gov
  

  
  2、配置server/client的FQDN
  


[*]#### ssl证书认证完成后不要修改FQDN ####
[*]## server ##
[*]hostname master.puppet.com
[*]vi /etc/sysconfig/network
[*]##HOSTNAME修改为master.puppet.com
[*]HOSTNAME=master.puppet.com
[*]## client ##
[*]Hostname agent.puppet.com
[*]vi /etc/sysconfig/network
[*]## HOSTNAME修改为agent.puppet.com
[*]HOSTNAME=agent.puppet.com
  

  3、防火墙设置
  


[*]## server 端防火墙配置 ##
[*]iptables –I INPUT 2 –p tcp –dport 8140 –m state –state NEW –j ACCEPT
  

  4、配置server/client host文件(推荐基于dns来实现)
  


[*]vi /etc/hosts
[*]## 添加以下内容 ##
[*]192.168.99.46master.puppet.com master
[*]192.168.99.47 agent.puppet.com   agent
  

  5、启动puppetmaster
  


[*]service puppetmaster start
  

  
  6、验证
  


[*]##   在client执行下面命令进行ssl证书认证    ##
[*]puppet agent –server master.puppet.com –test –verbose –no-daemonize
[*]##      server上查看证书并签证   ##
[*]puppet cert --list –all
[*]##      签证 ##
[*]puppet cert –s agent.puppet.com
页: [1]
查看完整版本: Installing puppet(以CentOS为例)