puppet环境搭建
服务端:修改服务器端主机名vim /etc/sysconfig/networkhostname master.com添加客服端的ip和主机名到hosts文件vim /etc/hosts127.0.0.1localhost.localhost同步ntp时间ntpdate 203.117.180.36date#search localdomain #注释掉这行,不然造成后面无法认证vim /etc/resolv.confreboot由于puppet是由ruby语言编写,所以要安装ruby环境及库文件,命令帮助文件yum install ruby ruby-libs ruby-rdocfacter是一个系统盘点工具,收集主机的一些资料,比如CPU,主机IP等,它收集到值发送给puppet服务器端,服务器端就可以根据不同的条件来对不同的节点机器生成不同的puppet配置文件安装puppet之前必须先安装facterwget http://downloads.puppetlabs.com/facter/facter-1.6.8.tar.gztar -xzvf facter-1.6.8.tar.gzcd facter-1.6.8ruby install.rb安装puppetwget http://downloads.puppetlabs.com/puppet/puppet-2.7.14.tar.gztar xzvf puppet-2.7.14.tar.gzcd puppet-2.7.14ruby install.rb复制配置文件cp conf/redhat/fileserver.conf /etc/puppet/cp conf/redhat/puppet.conf /etc/puppet/cp conf/redhat/server.init /etc/init.d/puppetmaster设置puppetmaster为服务,并自动启动ll /etc/init.d/puppetmasterchkconfig --add puppetmasterchkconfig --level 35 puppetmaster on创建puppet帐号puppetmasterd --mkusercat /etc/passwd |grep puppet创建目录mkdir -p /var/lib/puppet/rrd/chown puppet.puppet /var/lib/puppet/rrd/启动服务/etc/init.d/puppetmaster start查看puppet端口net查看当然待批准证书列表stat -ntpl | grep 8140puppetca -l批准当前证书puppetca -s client.com查看验证签名,注意前面的+号,说明已经签名puppetca -a --list如果要批准全部证书puppetca -s -a也可以在puppetmaster端的puppet.conf加入这行:autosign = true服务端就自动签证书验证证书是否正确md5sum /var/lib/puppet/ssl/ca/signed/client.com.pem实际举例子到这里证明puppet的基本设置已经没有问题了;下面举一个例子:1. 现在在服务器的/etc/puppet/manifests/建立site.pp里面放置如下内容node default {file{"/tmp/a.txt":content => "helo,I am abc.bbb!",ensure => present,mode => 644,owner => root,group => root,}}2. 在客户端上执行puppetd --test --server server.puppet.com可以发现/tmp/会生成a.txt文件,内容是content里面的内容。# cat /tmp/a.txthelo,I am abc.bbb!到这里就已经完全ok了。客户端:修改服务器端主机名vim /etc/sysconfig/networkhostname master.com添加客服端的ip和主机名到hosts文件vim /etc/hosts127.0.0.1localhost.localhost同步ntp时间ntpdate 203.117.180.36date#search localdomain #注释掉这行,不然造成后面无法认证vim /etc/resolv.confreboot由于puppet是由ruby语言编写,所以要安装ruby环境及库文件,命令帮助文件yum install ruby ruby-libs ruby-rdocfacter是一个系统盘点工具,收集主机的一些资料,比如CPU,主机IP等,它收集到值发送给puppet服务器端,服务器端就可以根据不同的条件来对不同的节点机器生成不同的puppet配置文件安装puppet之前必须先安装facterwget http://downloads.puppetlabs.com/facter/facter-1.6.8.tar.gztar -xzvf facter-1.6.8.tar.gzcd facter-1.6.8ruby install.rb安装puppetwget http://downloads.puppetlabs.com/puppet/puppet-2.7.14.tar.gztar xzvf puppet-2.7.14.tar.gzcd puppet-2.7.14ruby install.rb复制文件cd puppet-2.7.14cp conf/auth.conf /etc/puppet/cp conf/namespaceauth.conf /etc/puppet/cp conf/redhat/puppet.conf /etc/puppet/cp conf/redhat/client.init /etc/init.d/puppetchmod 755 /etc/init.d/puppetchkconfig --add puppetchkconfig puppet on如果报错需要手动创建用户和组puppet --mkusers手动创建puppet用户与组groupadd puppet;useradd -g puppet -M puppet创建目录mkdir -p /var/lib/puppet/rrdchown puppet.puppet /var/lib/puppet/rrd启动服务service puppet start测试解析与puppetmaster端口是否畅通telnet 192.168.5.55 8140从服务端取回已批准的证书puppetd --test --server master.com验证md5sum /var/lib/puppet/ssl/certs/client.com.pem
﹎ 青 春 ゝ 在 我 们 手 里 还 能 挥 霍 多 久 啊 ..?
页:
[1]