标签:
以下均直接yum安装最新版。
服务器操作系统为centos6.2
Puppetmaster1 10.168.32.116 puppstmaster1.jq.com
Puppetmaster2 10.168.32.117 puppetmaster2.jq.com
Puppet1 10.168.32.120 ag1.jq.com
Puppet2 10.168.32.121 ag2.jq.com
Puppetca1 10.168.32.118 puppetca1.jq.com
Puppetca2 10.168.32.119 puppetca2.jq.com
facter.x86_64 1:2.3.0-1.el6
puppet.noarch 0:3.7.3-1.el6
2.1 安装epel包
所有服务器安装epel包
rpm -ivh http://mirror.bjtu.edu.cn/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
2.2 Puppet master 安装配置
[root@puppetmaster1 ~]#yum install puppet-server puppet
[root@puppetmaster1 ~]#yum install facter
[root@puppetmaster1 ~]# cat /etc/puppet/puppet.conf
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
server = puppetmaster1.jq.com
certname = puppetmaster1_cert.jq.com
[master]
certname = puppetmaster1.jq.com
创建site.pp文件,site.pp文件是puppet读取所有模块pp文件的开始
[root@puppetmaster1 ~]# touch /etc/puppet/manifests/site.pp
[root@puppetmaster1 ~]# /etc/init.d/puppetmaster restart
Stopping puppetmaster: [ OK ]
Starting puppetmaster: [ OK ]
[root@puppetmaster1 ~]# /etc/init.d/puppetmaster restart
[root@puppetmaster1 ~]# chkconfig puppetmaster on
启动守护进程将初始化Puppet的环境,创建一个本地的认证中心,同时创建 master相关的证书和密钥,并打开适当的网络socket等待客户端的连接。可以在 /etc/puppet/ssl目录查 看Puppet的SSL信 息和相 关证书 。
[root@puppetmaster1 ~]# tree /var/lib/puppet/ssl/
/var/lib/puppet/ssl/
├── ca
│ ├── ca_crl.pem
│ ├── ca_crt.pem
│ ├── ca_key.pem
│ ├── ca_pub.pem
│ ├── inventory.txt
│ ├── private
│ │ └── ca.pass
│ ├── requests
│ ├── serial
│ └── signed
│ ├── puppetmaster1_cert.jq.com.pem
│ └── puppetmaster1.jq.com.pem
├── certificate_requests
│ └── puppetmaster1_cert.jq.com.pem
├── certs
│ ├── ca.pem
│ ├── puppetmaster1_cert.jq.com.pem
│ └── puppetmaster1.jq.com.pem
├── crl.pem
├── private
├── private_keys
│ ├── puppetmaster1_cert.jq.com.pem
│ └── puppetmaster1.jq.com.pem
└── public_keys
├── puppetmaster1_cert.jq.com.pem
└── puppetmaster1.jq.com.pem
启动守护进程将初始化Puppet的环境,创建一个本地的认证中心,同时创建master相关的证书和密钥,并打开适当的网络socket*等待客户端的连接。可以在/etc/puppet/ssl目录查看Puppet的SSL信息和相关证书 。
[root@puppetmaster1 ~]# tree /var/lib/puppet/ssl/
/var/lib/puppet/ssl/
├── ca
│ ├── ca_crl.pem
│ ├── ca_crt.pem
│ ├── ca_key.pem
│ ├── ca_pub.pem
│ ├── inventory.txt
│ ├── private
│ │ └── ca.pass
│ ├── requests
│ ├── serial
│ └── signed
│ ├── puppetmaster1_cert.jq.com.pem
│ └── puppetmaster1.jq.com.pem
├── certificate_requests
│ └── puppetmaster1_cert.jq.com.pem
├── certs
│ ├── ca.pem
│ ├── puppetmaster1_cert.jq.com.pem
│ └── puppetmaster1.jq.com.pem
├── crl.pem
├── private
├── private_keys
│ ├── puppetmaster1_cert.jq.com.pem
│ └── puppetmaster1.jq.com.pem
└── public_keys
├── puppetmaster1_cert.jq.com.pem
└── puppetmaster1.jq.com.pem
9 directories, 18 files
第一次启动puppet,可以使用
puppet agent -t --verbose --no-daemonize 命令测试。
参数 --verbose使 master输出详细的日志,而--no-daemonize参数使 masteriS程运行 在前 台并将 输出重 定向到标准 输出 。你还可以 加上--debug参数 来产生 更加详 细的调 试输出 。
查看监听状态 puppetmaster服务开启后,默认监听TCP 8140端口
[root@puppetmaster1 ~]# netstat -nlatp | grep 8140
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 18524/ruby
[root@puppetmaster1 ~]# lsof -i:8140
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
puppetmas 1976 puppet 5u IPv4 14331 0t0 TCP *:8140 (LISTEN)
2.3 Puppet agent 安装配置
安装puppet和facter
[root@ag1 ssl]# yum install -y puppet facter
facter.x86_64 1:2.3.0-1.el6 puppet.noarch 0:3.7.3-1.el6
[root@ag1 puppet]# cat /etc/puppet/puppet.conf
### config by puppet ###
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
#pluginsync = false
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
server = puppetmaster1.jq.com
certname = ag1_cert.jq.com
runinterval = 1000
申请证书
[root@ag1 puppet]# puppet agent -t
Info: Creating a new SSL key for ag1_cert.jq.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for ag1_cert.jq.com
Info: Certificate Request fingerprint (SHA256): AD:51:37:B7:5D:4E:7C:9F:7D:5E:7B:C6:DE:6A:00:F4:AA:CE:A9:51:C0:89:73:90:1E:71:DC:0E:9C:63:A3:2F
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
Master注册证书
[root@puppetmaster1 ~]# puppet cert --sign --ag1.jq.com
客户端再次请求
[root@ag1 puppet]# puppet agent -t
第一次启动puppet,可以使用
puppet agent -t --verbose --no-daemonize 命令测试。
参数 --verbose使master输出详细的日志,而--no-daemonize参数使masteriS程运行在前台并将输出重定向到标准输出 。你还可以加上--debug参数 来产生更加详细的调 试输出 。 Puppet agent安装配置
查看监听状态 puppetmaster服务开启后,默认监听TCP 8140端口
[root@puppetmaster1 ~]# netstat -nlatp | grep 8140
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 18524/ruby
[root@puppetmaster1 ~]# lsof -i:8140
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
puppetmas 1976 puppet 5u IPv4 14331 0t0 TCP *:8140 (LISTEN)
本系统puppet均根据kisspuppet的博客(http://kisspuppet.com/)进行实验,非常感谢!!!
标签:
原文地址:http://www.cnblogs.com/krainbow/p/4212048.html
