puppet工具使用2:安装测试
puppet工具使用2:安装测试服务端:192.168.1.101 puppet-server
客户端:192.168.1.102 puppet-client
OS:RHEL5.7 64bit(Linux version 2.6.18-274.el5)
一、安装前环境准备(服务端puppet-server为例)
1、添加puppet用户:
# groupadd puppet
# useradd -g puppet -s /bin/false -M puppet
2、修改hosts文件:
# cat /etc/hosts
192.168.1.101 puppet-server
192.168.1.102 puppet-client
hostname验证
# hostname
puppet-server
# ping puppet-client
3、安装ruby:puppet是基于ruby开发的,所以必须安装ruby
# rpm -qa |grep ruby
ruby-1.8.5-19.el5_6.1
ruby-libs-1.8.5-19.el5_6.1
可以使用yum安装(详见yum配置参考)
4、安装facter:facter是官方wiki提到的必须安装的一个包,用来搜集当前安装系统的环境变量信息的。
# ll /opt
-rw-r--r--1 root root 71295 Oct 22 17:59 facter-1.5.8.tar.gz
# tar -zxvf facter-1.5.8.tar.gz
# cd facter-1.5.8
# ruby install.rb
# cd ~
# facter
执行facter可以看到facter获取的变量名和内容
5、在客户端puppet-client也执行上述安装。
二、puppet安装(服务端puppet-server为例)
1、puppet安装
# ll /opt
-rw-r--r--1 root root 1492177 Oct 22 18:00 puppet-2.6.1.tar.gz
# tar -zxvf puppet-2.6.1.tar.gz
# cd puppet-2.6.1
# ruby install.rb
# mkdir -p /etc/puppet
# cpconf/redhat/*/etc/puppet/
将配置文件拷贝到/etc/puppet下
2、验证安装是否成功:
# puppet master
# ps -ef |grep puppet
puppet 4394 10 10:23 ? 00:00:00 /usr/bin/ruby /usr/sbin/puppetmasterd
root 453331170 11:18 pts/0 00:00:00 grep puppet
# kill -9 4394
3、在客户端puppet-client也执行上述安装。
4、服务端的服务设置并自启动
# cp /etc/puppet/server.init /etc/init.d/puppetmasterd
# chmod 755 /etc/init.d/puppetmasterd
# chkconfig --add puppetmasterd
# chkconfig --level 35 puppetmasterd on
# service puppetmaster abc
puppetmaster: unrecognized service
# service puppetmasterd abc
Usage:/etc/init.d/puppetmasterd {start|stop|status|restart|reload|force-reload|condrestart|genconfig}
# service puppetmasterd start
默认端口8140
# netstat -anp |grep 8140
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 4394/ruby
三、证书审批
1、客户端申请证书
# telnet puppet-server 8140
Trying 192.168.1.101...
Connected to puppet-server (192.168.1.101).
Escape character is '^]'.
Connection closed by foreign host.
# puppetd --test --server puppet-server
2、服务端接受申请
# puppetca –list
puppet-client
批准当前证书:
# puppetca -s puppet-client
notice: Signed certificate request for puppet-client
notice: Removing file Puppet::SSL::CertificateRequest puppet-client at '/var/lib/puppet/ssl/ca/requests/ puppet-client.pem'
3、客户端取回已通过审批的证书
# puppetd --test --server puppet-server
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for puppet-client
info: Caching certificate_revocation_list for ca
info: Caching catalog for puppet-client
info: Applying configuration version '1287374005'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.01 seconds
4、如果需要重新审批证书,需要删除服务端和客户端已有的证书,重新生成
puppet-server ~]# rm -f /var/lib/puppet/ssl/ca/signed/puppet-client.pem
puppet-client ~]# rm -rf /var/lib/puppet/ssl/
四、测试功能
1、在服务端建立一个/etc/puppet/manifests/site.pp文件
# cat /etc/puppet/manifests/site.pp
node default {
file {"/tmp/puppettest.txt":
content=>"I'm puppettest";}
}
第一次建立这个site.pp 文件需要重启puppet服务
# service puppetmasterd restart
2、在客户端执行
# puppetd --test --server puppet-server
在/tmp下已经生成服务端site.pp定义的文件:
# cat /tmp/puppettest.txt
I'm puppettest
五、客户端配置守护进程
# puppetd --test --server caotest-1.cym --verbose --waitforcert 60
--server 告诉它master结点的ip,--waitforcert是说每60秒去server检查,--verbose是可选的输出冗余信息
至此,puppet安装测试完毕!
页:
[1]