CentOS7：安装Puppet

Posted 2020-08-19 随风的博客天地

环境说明：

192.168.153.133 master.localdomain #Puppet Server

192.168.153.134 agent1.localdomain #Puppet Agent

这里的机器名称不要有下划线等特殊服务，否则后面会报“the scheme puppet does not accept registry part”这样的错误信息。

1. 安装Puppet Server

$ hostnamectl set-hostname master.localdomain         #设置机器名称
$ systemctl reboot                                    #重启

$ cat /etc/hosts 
192.168.154.133 master master.localdomain
192.168.154.134 agent1 agent1.localdomain

$ yum install puppet-server                            #安装Puppet Server

# firewall-cmd --permanent --add-port=8140/tcp6        #修改防火墙，增加8140端口

2. 安装Puppet Agent

$ hostnamectl set-hostname agent1.localdomain         #设置机器名称
$ systemctl reboot                                    #重启

$ cat /etc/hosts 
192.168.154.133 master master.localdomain

$ yum install puppet                                 #安装Puppet Agent

3. 测试Puppet

创建测试文件site.pp（Server端）：

$ cat /etc/puppet/manifests/site.pp
node default {
    file { "/tmp/helloworld.txt" :
        content => "Hello World!",
    }
}

启动server，以no-daemonize方式，这样可以在控制台看到操作信息（Server端）：

$ puppet master --no-daemonize --debug
... ...
Notice: Starting Puppet master version 3.6.2         #启动成功，会看到这样的信息

编辑客户端puppet.conf，增加server配置项（Agent端）：

$ cat /etc/puppet/puppet.conf
[agent]
    ... ...
    server = master.localdomain

启动agent（Agent端）：

$ puppet agent --test
Info: Creating a new SSL key for agent1.localdomain
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for agent1.localdomain
Info: Certificate Request fingerprint (SHA256): 1D:08:61:3B:1F:43:8C:B5:81:83:0F:FF:CC:4A:4F:8E:BA:B4:5F:7C:94:77:15:72:A2:0C:C0:44:D9:1D:16:9E
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled

启动后，agent向server申请证书，因为证书还没有被server审核，所以目前通信是不成功的。

回到server，通过puppet cert查询证书：

$ puppet cert list --all
  "agent1.localdomain" (SHA256) 1D:08:61:3B:1F:43:8C:B5:81:83:0F:FF:CC:4A:4F:8E:BA:B4
+ "master.localdomain" (SHA256) 47:A1:12:28:22:05:75:A5:E5:92:2B:F6:53:05:A8:D6:1F:9B

证书列表中有cs_agnet1的申请，目前是未审核状态（最前面没有+）。审核证书：

$ puppet cert sign agent1.localdomain

$ puppet cert list --all
+ "agent1.localdomain" (SHA256) 39:7F:59:A8:3C:B8:EF:B9:E2:AD:1D:5C:D7:66:B6:02:CF:70
+ "master.localdomain" (SHA256) 47:A1:12:28:22:05:75:A5:E5:92:2B:F6:53:05:A8:D6:1F:9B:

 再次启动agent：

# puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for agent1.localdomain
Info: Applying configuration version ‘1479087051‘
Notice: /Stage[main]/Main/Node[default]/File[/tmp/helloworld.txt]/ensure: defined content as ‘{md5}ed076287532e86365e841e92bfc50d8c‘
Notice: Finished catalog run in 0.02 seconds

这时候，查看/tmp/helloworld.txt，该文件就自动同步了。

在证书申请过程中，如果有问题，可以删除证书重新申请，一般都能解决问题。

Agent:
$ rm -rf /var/lib/puppet     #删除缓存文件

Server:
$ puppet cert clean agent1.localdomain