puppet安装和部署

Posted 2020-06-13

环境

[[email protected] ~]# cat /etc/redhat-release

CentOS release 6.6 (Final)

 

http://downloads.puppetlabs.com/facter/facter-1.5.8.tar.gz

http://downloads.puppetlabs.com/puppet/puppet-2.6.1.tar.gz

软件包：

[[email protected] tools]# ll

总用量 1532

-rw-r--r-- 1 root root   71295 8月  28 2010 facter-1.5.8.tar.gz

-rw-r--r-- 1 root root 1492177 9月  14 2010 puppet-2.6.1.tar.gz

 

关闭防火墙（线上环境不要作死，一定开启合适的防火墙规则)

[[email protected] ~]# /etc/init.d/iptables stop

[[email protected] ~]# getenforce

Disabled

时间同步

[[email protected] ~]# /etc/init.d/ntpdate start

ntpdate: 与时间服务器同步：                                [确定]

[[email protected] ~]# chkconfig ntpdate on

 

• 安装Puppetmaster

Ruby环境安装

[[email protected] ~]# yum -y install ruby

创建puppet用户和组

[[email protected] ~]# groupadd puppet

[[email protected] ~]# useradd -g puppet -s/bin/false -M puppet

更改host和hostname

[[email protected] ~]# hostname

master.test.com

[[email protected] ~]# cat /etc/hosts

127.0.0.1  localhost localhost.localdomain localhost4 localhost4.localdomain4master.test.com

::1        localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.98.110 master.test.com

192.168.98.111 agent.test.com

安装facter

[[email protected] tools]# pwd

/tools

[[email protected] tools]# tar -zxvffacter-1.5.8.tar.gz

[[email protected] tools]# cd facter-1.5.8

[[email protected] facter-1.5.8]# ruby install.rb

确认安装

[[email protected] facter-1.5.8]# echo $?

0

[[email protected] tools]# facter

安装puppet

[[email protected] tools]# pwd

/tools

[[email protected] tools]# tar -zxvfpuppet-2.6.1.tar.gz

[[email protected] tools]# cd puppet-2.6.1

[[email protected] puppet-2.6.1]# ruby install.rb

确认安装

[[email protected] puppet-2.6.1]# echo $?

0

[[email protected] tools]# mkdir -p /etc/puppet

[[email protected] puppet-2.6.1]# cpconf/redhat/* /etc/puppet/

[[email protected] puppet-2.6.1]# cpconf/auth.conf /etc/puppet/

[[email protected] puppet-2.6.1]# pwd

/tools/puppet-2.6.1

 

 

 

• 安装Puppet_agent

关闭防火墙（线上环境不要作死，一定开启合适的防火墙规则)

[[email protected] ~]# /etc/init.d/iptables stop

[[email protected] ~]# getenforce

Disabled

时间同步

[[email protected] ~]# /etc/init.d/ntpdate start

ntpdate: 与时间服务器同步：                                [确定]

[[email protected] ~]# chkconfig ntpdate on

[[email protected] ~]# mkdir /tools

[[email protected] ~]# cd /tools/

[[email protected] tools]# wget http://downloads.puppetlabs.com/facter/facter-1.5.8.tar.gz

[[email protected] tools]# wget http://downloads.puppetlabs.com/puppet/puppet-2.6.1.tar.gz

Ruby环境的安装

[[email protected] tools]# yum -y install ruby

创建puppet用户和组

[[email protected] tools]# groupadd puppet

[[email protected] tools]# useradd -g puppet-s /bin/false -M puppet

更改Host和hostname

[[email protected] ~]# cat /etc/hosts

127.0.0.1  localhost localhost.localdomain localhost4 localhost4.localdomain4agent.test.com

::1        localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.98.111 agent.test.com

192.168.98.110 master.test.com

[[email protected] ~]# hostname

agent.test.com

 

安装facter和puppet

[[email protected] ~]# cd /tools/

[[email protected] tools]# ll

总用量 1532

-rw-r--r-- 1 root root   71295 8月  28 2010 facter-1.5.8.tar.gz

-rw-r--r-- 1 root root 1492177 2月   4 01:23 puppet-2.6.1.tar.gz

[[email protected] tools]# tar -xffacter-1.5.8.tar.gz

[[email protected] tools]# tar -xfpuppet-2.6.1.tar.gz

[[email protected] tools]# cd facter-1.5.8

[[email protected] facter-1.5.8]# ruby install.rb

检查安装步骤

[[email protected] facter-1.5.8]# echo $?

0

#heck facter

[[email protected] facter-1.5.8]# facter

[[email protected] facter-1.5.8]# cd ..

[[email protected] tools]# cd puppet-2.6.1

[[email protected] puppet-2.6.1]# ruby install.rb

[[email protected] puppet-2.6.1]# mkdir -p /etc/puppet

[[email protected] puppet-2.6.1]# cp conf/redhat/*/etc/puppet/

[[email protected] puppet-2.6.1]# cpconf/auth.conf /etc/puppet/

 

开始配置puppet

Master端配置

建立配置文件目录

[[email protected] tools]# mkdir/etc/puppet/manifests –p

设置开机自启

[[email protected] tools]# mkdir /etc/puppet/manifests-p

[[email protected] tools]# cp/etc/puppet/server.init /etc/init.d/puppetmaster

[[email protected] tools]# chmod 755/etc/init.d/puppetmaster

[[email protected] tools]# chkconfig --addpuppetmaster

[[email protected] tools]# chkconfig --level 35puppetmaster on

启动puppet master

[[email protected] tools]#/etc/init.d/puppetmaster start

启动 puppetmaster：                                        [确定]

#check puppet master(端口8140)

[[email protected] tools]# netstat -lntup|grepruby

tcp       0      0 0.0.0.0:8140                0.0.0.0:*                   LISTEN      2416/ruby

配置agent端—---授权

[[email protected] puppet-2.6.1]# telnetmaster.test.com 8140

Trying 192.168.98.110...

Connected to master.test.com.

Escape character is ‘^]‘.

Connection closed by foreign host.

节点申请注册

[[email protected] puppet-2.6.1]# puppetd --test--server master.test.com

info: Creating a new SSL key foragent.test.com

warning: peer certificate won‘t be verifiedin this SSL session

info: Caching certificate for ca

warning: peer certificate won‘t be verifiedin this SSL session

warning: peer certificate won‘t be verifiedin this SSL session

info: Creating a new SSL certificaterequest for agent.test.com

info: Certificate Request fingerprint(md5): B6:22:AE:77:67:00:01:B1:43:C1:10:1A:DA:4A:B3:B2

warning: peer certificate won‘t be verifiedin this SSL session

warning: peer certificate won‘t be verifiedin this SSL session

warning: peer certificate won‘t be verifiedin this SSL session

Exiting; no certificate found andwaitforcert is disabled

 

Master服务器端确定认证

[[email protected] tools]# puppet cert --list–all #服务端查看认证情况

agent.test.com(B6:22:AE:77:67:00:01:B1:43:C1:10:1A:DA:4A:B3:B2)  #未认证

+ master.test.com(3F:9B:8A:AD:8A:5C:88:00:AA:AE:FB:09:6E:07:24:FB)

[[email protected] tools]# puppet cert --signagent.test.com  #注册agent

notice: Signed certificate request foragent.test.com  #将请求的证书正式注册

notice: Removing filePuppet::SSL::CertificateRequest agent.test.com at‘/var/lib/puppet/ssl/ca/requests/agent.test.com.pem‘

[[email protected] tools]# puppet cert --list–all  #再次查看认证情况

+ agent.test.com (32:CF:0B:0E:26:5E:6D:6D:78:B2:AC:41:7B:7C:DD:47)  #注意前面的+号

+ master.test.com(3F:9B:8A:AD:8A:5C:88:00:AA:AE:FB:09:6E:07:24:FB)

另外一种查看认证的方式

[[email protected] tools]# tree/var/lib/puppet/ssl/

/var/lib/puppet/ssl/

├── ca

│   ├── ca_crl.pem

│   ├── ca_crt.pem

│   ├── ca_key.pem

│   ├── ca_pub.pem

│   ├── inventory.txt

│   ├── private

│   │   └── ca.pass

│   ├── requests

│   ├── serial

│   └── signed

│       ├──agent.test.com.pem     #已经被注册成功

│       └──master.test.com.pem

├── certificate_requests

├── certs

│   ├── ca.pem

│   └── master.test.com.pem

├── crl.pem

├── private

├── private_keys

│   └── master.test.com.pem

└── public_keys

    └──master.test.com.pem

 

9 directories, 14 files

 

Agent再次测试，验证认证情况

[[email protected] puppet-2.6.1]# puppetd --test--server master.test.com

warning: peer certificate won‘t be verifiedin this SSL session

info: Caching certificate foragent.test.com

info: Caching certificate_revocation_listfor ca

info: Caching catalog for agent.test.com

info: Applying configuration version ‘1454562128‘

info: Creating state file/var/lib/puppet/state/state.yaml

notice: Finished catalog run in 0.01seconds

本文出自 “沙皮狗的希望” 博客，请务必保留此出处http://8874480.blog.51cto.com/8864480/1741082