puppet最新源码详细安装:
在网上找了很多相关puppet的,有很多用yum安装,安装虽然成功了。但是有客户端相关过来请求,还是会有问题。最佳的还是源码安装。
一、下载地址:
puppet下载地址:
http://downloads.puppetlabs.com/puppet/puppet-2.7.13.tar.gz
facter下载地址:
http://downloads.puppetlabs.com/facter/facter-1.6.7.tar.gz
ruby下载地址:
http://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7.tar.gz
二、环境准备:
1、时间必须一致:
crontab -e
*/2 * * * * /usr/sbin/ntpdate clock.nc.fukuoka-u.ac.jp >/dev/null 2>&1
2、首先gcc相关可用yum安装
yum install gcc-c++
yum install openssl*
3、服务器及客户端名字:
[root@server bin]# more /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
#127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
192.168.1.231 server.cbcv.net server
192.168.1.232 client.cbcv.net client
[root@server bin]# more /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=server.cbcv.net
<客户端也是类似一样,略......>
三、安装应用软件
1、首先安装ruby
tar -zxvf ruby-1.8.7.tar.gz
cd ruby-1.8.7
./configure --prefix=/usr/local/ruby
make
make install
操作系统PATH路径:
vi /etc/profile
export PATH=/usr/local/ruby/bin:$PATH
查看ruby --version版本
2、安装facter
tar -zxvf facter-1.6.7.tar.gz
cd facter-1.6.7
ruby install.rb
3、安装puppet
tar -zxvf puppet-2.7.9.tar.gz
cd puppet-2.7.9/
ruby install.rb
[root@server puppet-2.7.9]# cp conf/auth.conf /etc/puppet/
[root@server puppet-2.7.9]# cp conf/namespaceauth.conf /etc/puppet/
[root@server puppet-2.7.9]# cp conf/redhat/puppet.conf /etc/puppet/
[root@server puppet-2.7.9]# cp conf/redhat/server.init /etc/init.d/puppetmaster
[root@server puppet-2.7.9]# chmod +x /etc/init.d/puppetmaster
[root@server puppet-2.7.9]# /etc/init.d/puppetmaster start
Starting puppetmaster: /bin/bash: /usr/sbin/puppetmasterd: No such file or directory
[FAILED]
[root@server puppet-2.7.9]# cp sbin/puppetmasterd /usr/sbin/
[root@server puppet-2.7.9]# chmod -R 777 /usr/sbin/puppetmasterd
[root@server puppet-2.7.9]# cp sbin/puppetmasterd /bin/puppetmasterd
[root@server puppet-2.7.9]# chmod -R 777 /bin/puppetmasterd
[root@server puppet-2.7.9]# /etc/init.d/puppetmaster start
Starting puppetmaster: /usr/bin/env: ruby: No such file or directory
[FAILED]
[root@server puppet-2.7.9]# ln -s /usr/local/ruby/bin/
erb filebucket pi puppetdoc rdoc ruby
facter irb puppet ralsh ri testrb
[root@server puppet-2.7.9]# ln -s /usr/local/ruby/bin/ruby /usr/bin/
[root@server puppet-2.7.9]# /etc/init.d/puppetmaster start
Starting puppetmaster: Could not prepare for execution: Got 6 failure(s) while initializing: change from absent to directory failed: Could not set 'directory on ensure: Could not find group puppet; change from absent to directory failed: Could not set 'directory on ensure: Could not find group puppet; change from absent to directory failed: Could not set 'directory on ensure: Could not find group puppet; change from absent to directory failed: Could not set 'directory on ensure: Could not find group puppet; change from absent to directory failed: Could not set 'directory on ensure: Could not find group puppet; change from absent to directory failed: Could not set 'directory on ensure: Could not find group puppet
[FAILED]
[root@server puppet-2.7.9]# useradd puppet
[root@server puppet-2.7.9]# /etc/init.d/puppetmaster start
Starting puppetmaster: [ OK ]
[root@server sbin]# pwd
/usr/local/src/puppet-2.7.9/sbin
cp -r * /usr/sbin/
[root@server manifests]# chkconfig --add puppetmaster
[root@server manifests]# chkconfig puppetmaster on
客户端其它安装和服务器安装相同,除了用cp conf/redhat/client.init /etc/init.d/puppet
tar -zxvf puppet-2.7.9.tar.gz
cd puppet-2.7.9/
ruby install.rb
[root@localhost puppet-2.7.9]# cp conf/auth.conf /etc/puppet/
[root@localhost puppet-2.7.9]# cp conf/namespaceauth.conf /etc/puppet/
[root@localhost puppet-2.7.9]# cp conf/redhat/puppet.conf /etc/puppet/
[root@localhost puppet-2.7.9]# cp conf/redhat/client.init /etc/init.d/puppet
[root@localhost puppet-2.7.9]# chmod +x /etc/init.d/puppet
[root@localhost puppet-2.7.9]# service puppet start
Starting puppet: /bin/bash: /usr/sbin/puppetd: No such file or directory
[FAILED]
[root@localhost puppet-2.7.9]# cp sbin/puppetd /usr/sbin/puppetd
[root@localhost puppet-2.7.9]# service puppet start
Starting puppet: /usr/bin/env: ruby: No such file or directory
[FAILED]
[root@localhost puppet-2.7.9]# chmod +x /usr/sbin/puppetd
[root@localhost puppet-2.7.9]# service puppet start
Starting puppet: /usr/bin/env: ruby: No such file or directory
[FAILED]
[root@localhost puppet-2.7.9]# ln -s /usr/local/ruby/bin/ruby /usr/bin/
[root@localhost puppet-2.7.9]# /etc/init.d/puppet start
Starting puppet: [ OK ]
安装完毕后进行测试:
在服务器端执行:
puppetca --list
应该是无
在客户端执行 puppetd --server server.cbcv.net --test
再到服务器端执行:
puppetca –s client.cbcv.net
clinet.cbcv.net (BF:5D:58:D0:F2:06:8C:FB:5C:AA:08:80:87:DC:92:20)
如果看到了客户端的证书请求,
针对客户端请求为
puppetca –s client.cbcv.net
用下面的命令对所有证书请求签名:
puppetca -s –a
在主服务器上/etc/puppet/manifests
vi /etc/puppet/manifests/site.pp
node default{
file { "/tmp/test.txt":
content=> "hello, Test";
}
}
再重启一下服务器service puppetmaster restart 和客户端service puppet restart
再执行puppetd --server server.cbcv.net --test
看/tmp下面是不是有test.txt文件了
增加多个site.pp
可以先在site.pp中增加
import "test.pp"
然后再在里面执行需要操作的内容。
可用puppetd --server server.cbcv.net --test进行测试。
如果有报错:notice: Ignoring --listen on onetime run
notice: Skipping run of Puppet configuration client; administratively disabled; use 'puppet Puppet configuration client --enable' to re-enable.
那么需要在客户端执行puppet agent --enable即可。
puppet agent --disable为关闭。
记得重启puppetmaster和puppet
以下为参考内容,感觉非常不错:
默认时间vim /etc/puppet/puppet.con
runinterval =1800 ###默认是30分钟,可以修改此处的值,单位为秒
有的时间修改了这个没有用,是什么原因呢:
我也曾修改过多次,没效果,后在客户端的配置文件再加了一句server = server.cbcv.net
然后重启
在客户端修改即可!最好重启一下server puppet restart
puppet 如何全客户端自动签名
a.vim /etc/puppet/puppet.conf
[puppetmaster]
autosign=true #增加这两行
autosing=/etc/puppet/autosign.conf
#增加这两行添加
* 表示所有,或者添加域名,IP或者网段。举例:
b.再编辑 /etc/puppet/autosign.conf**.test.com192.168.0.1/24
错误总结<此错误是因为用了yum去安装。看到别人写的OK......>:
第一次认证的时候报下边的错误:
[root@client ~]# puppetd --server server.cbcv.net --test
err: Could not retrieve catalog from remote server: certificate verify failed
我做测试发现的原因有三种:
第一:是hostname没有设置好,在安装前一定要把hostname设置好,设置好之后尽量重启机器。实在不行就删了重新安装。
第二:时间不同步,时间不同步也会报认证失败的错误,可以用date设置时间,只要不是差得太多就没事。
第三:是ssl的问题,在你用的这个客户端puppet已经做过其他的机器的客户端的情况下,因为已经生成的有证书,可能会和现在的冲突,把/var/lib/puppet/ssl这个文件夹删掉之后就行了。
1.3配置c/s模式的puppet的实验环境
Puppet的的客户端和服务端是靠ssl链接的,在服务端有一个自签名的根证书,在安装软件的时候自动生成。每个客户端的证书要经过根证书签名才能和服务器连接。所以首先要在客户端执行下面的命令来请求服务器签名证书。
puppetd --server server.cbcv.net --test
运维网声明
1、欢迎大家加入本站运维交流群:群②:261659950 群⑤:202807635 群⑦870801961 群⑧679858003
2、本站所有主题由该帖子作者发表,该帖子作者与运维网 享有帖子相关版权
3、所有作品的著作权均归原作者享有,请您和我们一样尊重他人的著作权等合法权益。如果您对作品感到满意,请购买正版
4、禁止制作、复制、发布和传播具有反动、淫秽、色情、暴力、凶杀等内容的信息,一经发现立即删除。若您因此触犯法律,一切后果自负,我们对此不承担任何责任
5、所有资源均系网友上传或者通过网络收集,我们仅提供一个展示、介绍、观摩学习的平台,我们不对其内容的准确性、可靠性、正当性、安全性、合法性等负责,亦不承担任何法律责任
6、所有作品仅供您个人学习、研究或欣赏,不得用于商业或者其他用途,否则,一切后果均由您自己承担,我们对此不承担任何法律责任
7、如涉及侵犯版权等问题,请您及时通知我们,我们将立即采取措施予以解决
8、联系人Email:admin@iyunv.com 网址:www.yunweiku.com