Centos 6.4 下部署puppet 3.3.2

nbvf

安装

安装前准备
　　安装依赖包

# yum install ruby ruby-libs ruby-rdoc

　　

配置puppet Server端hostname

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.10.200.78 eucahgc.hgctech.com eucahgc
10.10.200.77 db.hgctech.com db
10.10.200.215 linux-nfs.hgctech.com linux-nfs
10.10.200.172 centos6-mysql-172.hgctech.com centos6-mysql-172
[iyunv@db manifests]# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=db.hgctech.com

　　
　　配置Puppet Client端hostname

[iyunv@centos6-mysql-172 ~]# vi /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.10.200.172 centos6-mysql-172.hgctech.com centos6-mysql-172
10.10.200.77 db.hgctech.com db
[iyunv@centos6-mysql-172 ~]# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=centos6-mysql-172.hgctech.com

　　

配置ntp

#chkconfig ntpd on
#service ntpd start
#ntpdate -u pool.ntp.org
　　

配置防火墙

# service iptables stop
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
　　
　　安装facter

#wget http://downloads.puppetlabs.com/facter/facter-1.7.3.tar.gz
#tar -zxvf facter-1.7.3.tar.gz
#cd facter-1.7.3
#ruby install.rb


安装puppet Server端

#wget http://downloads.puppetlabs.com/puppet/puppet-3.3.2.tar.gz
#tar -zxvf puppet-3.3.2.tar.gz
#cd puppet-3.3.2
#ruby install.rb
　　

配置puppet

#cp ext/redhat/fileserver.conf /etc/puppet/
#cp ext/redhat/puppet.conf /etc/puppet/
#cp ext/redhat/server.init /etc/init.d/puppetmaster#chmod a+x /etc/init.d/puppetmaster
#chkconfig --add puppetmaster
#chkconfig puppetmaster on

　　修改puppet.conf配置文件

[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
server = db.hgctech.com
certname = db.hgctech.com
pluginsync=false
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion.  Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration.  An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig

　　

创建puppet所需的用户组以及用户

puppet resource group puppet ensure=present
puppet resource user puppet ensure=present gid=puppet shell='/sbin/nologin'
　　

启动puppet

[iyunv@db puppet-3.3.2]# service puppetmaster start
Starting puppetmaster:                                     [  OK  ]

　　

安装puppet Client端

#wget http://downloads.puppetlabs.com/puppet/puppet-3.3.2.tar.gz
#tar -zxvf puppet-3.3.2.tar.gz
#cd puppet-3.3.2
#ruby install.rb

　　

配置puppet

#cp ext/redhat/client.init  /etc/init.d/puppet
#chmod a+x /etc/init.d/puppet
#cp ext/redhat/puppet.conf /etc/puppet/
#chkconfig --add puppet
#chkconfig puppet on
　　

修改puppet.conf配置文件

[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
pluginsync=false
server = db.hgctech.com
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion.  Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration.  An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig

　　

启动puppet client

[iyunv@centos6-mysql-172 ~]# service puppet start
Starting puppet agent:                                     [  OK  ]

　　

连接puppet server
　　在client执行

[iyunv@centos6-mysql-172 ~]# puppet agent --test                                          
Info: Creating a new SSL key for centos6-mysql-172.hgctech.com
Info: Caching certificate for ca
Info: Creating a new SSL certificate request for centos6-mysql-172.hgctech.com
Info: Certificate Request fingerprint (SHA256): 4E:A9:15:AE:38:13:2F:B0:B9:09:44:A5:BB:C1:CD:AE:21:26:DC:1E:D6:4B:FB:7B:29:D8:93:8E:D3:A1:F2:AE
Exiting; no certificate found and waitforcert is disabled

　　

在server端添加该客户端
　　查看该客户端的认证信息

[iyunv@db puppet-3.3.2]# puppet cert list -all
"centos6-mysql-172.hgctech.com" (SHA256) 4E:A9:15:AE:38:13:2F:B0:B9:09:44:A5:BB:C1:CD:AE:21:26:DC:1E:D6:4B:FB:7B:29:D8:93:8E:D3:A1:F2:AE
+ "db.hgctech.com"                (SHA256) 13:D5:FE:12:A0:50:5D:BE:FF:B6:1F:E2:06:51:50:CB:4B:B5:37:9F:F3:48:65:0D:01:5D:EC:CC:0C:75:01:48 (alt names: "DNS:db.hgctech.com", "DNS:puppet", "DNS:puppet.hgctech.com")
+ "eucahgc"                       (SHA256) B4:4A:9E:A5:36:A9:BB:98:77:00:BE:F9:FA:47:02:34:F8:DA:D5:A7:A5:B0:6A:76:2F:96:D2:CC:2E:10:20:37
+ "linux-nfs.hgctech.com"         (SHA256) 10:20:37:0F:A4:03:5B:DD:BD:29:C0:67:57:65:B6:CA:A9:61:CE:BA:88:1E:40:1E:6C:B9:13:A7:39:3E:45:95

　　

添加该客户端

[iyunv@db puppet-3.3.2]# puppet cert sign centos6-mysql-172.hgctech.com
Notice: Signed certificate request for centos6-mysql-172.hgctech.com
Notice: Removing file Puppet::SSL::CertificateRequest centos6-mysql-172.hgctech.com at '/var/lib/puppet/ssl/ca/requests/centos6-mysql-172.hgctech.com.pem'

　　

在客户端重新验证是否成功

[iyunv@centos6-mysql-172 ~]# puppet agent -t
Info: Caching certificate for centos6-mysql-172.hgctech.com
Info: Caching certificate_revocation_list for ca
Info: Caching catalog for centos6-mysql-172.hgctech.com
Info: Applying configuration version '1385359029'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.05 seconds