参考资料:Pro puppet
http://docs.puppetlabs.com/
Installing puppet(以CentOS为例)
测试环境
Server
master.puppet.com
192.168.99.46
Client
client.puppet.com
192.168.99.47
安装
源码安装
1、 下载facter,puppet(事先先安装ruby,ruby-libs,ruby-shadows)
- wget http://downloads.puppetlabs.com/puppet/puppet-2.7.19.tar.gz
- wget http://downloads.puppetlabs.com/facter/facter-1.6.11.tar.gz
2、 安装puppet,facter
- tar xvf puppet-2.7.19.tar.gz
- cd puppet-2.7.19
- ./install.rb
- tar xvf facter-1.6.11.tar.gz
- cd facter-1.6.11
- ./install.rb
3、 server/client上生成puppet用户
yum 安装
- ##server端安装ruby,ruby-libs,ruby-shadows,puppet,puppet-server,facter##
- yum install ruby ruby-libs ruby-shadows puppet puppet-server facter
- ##node 安装ruby ruby-libs ruby-shadows puppet facter ##
- yum install ruby ruby-libs ruby-shadows puppet facter
gem 安装
- ##首先安装ruby ruby-libs ruby-shadows
- wget http://files.rubyforge.vm.bytemark.co.uk/rubygems/rubygems-1.8.24.tgz
- wget http://downloads.puppetlabs.com/gems/facter-1.6.7.gem
- wget http://downloads.puppetlabs.com/gems/puppet-2.7.12.gem
- tar xvf rubygems-1.8.24.tgz
- cd rubygems-1.8.24
- ruby setup.rb
- gem install facter-1.6.7.gem
- gem install puppet-2.7.12.gem
配置
Puppet 认证
Puppet是基于主机名(FQDN)的SSL认证,而且SSL认证依赖时间同步,所以server和client时间要保持一致,可以使用netdate同步时间
1、 Server/client时间同步
2、 配置server/client的FQDN
- #### ssl证书认证完成后不要修改FQDN ####
- ## server ##
- hostname master.puppet.com
- vi /etc/sysconfig/network
- ##HOSTNAME修改为master.puppet.com
- HOSTNAME=master.puppet.com
- ## client ##
- Hostname agent.puppet.com
- vi /etc/sysconfig/network
- ## HOSTNAME修改为agent.puppet.com
- HOSTNAME=agent.puppet.com
3、 防火墙设置
- ## server 端防火墙配置 ##
- iptables –I INPUT 2 –p tcp –dport 8140 –m state –state NEW –j ACCEPT
4、 配置server/client host文件(推荐基于dns来实现)
- vi /etc/hosts
- ## 添加以下内容 ##
- 192.168.99.46 master.puppet.com master
- 192.168.99.47 agent.puppet.com agent
5、 启动puppetmaster
- service puppetmaster start
6、 验证
- ## 在client执行下面命令进行ssl证书认证 ##
- puppet agent –server master.puppet.com –test –verbose –no-daemonize
- ## server上查看证书并签证 ##
- puppet cert --list –all
- ## 签证 ##
- puppet cert –s agent.puppet.com
|