RHEL6.3 源碼安裝Puppet

作業系統RHEL6.3 x64

一.安裝puppet Server

1.配置yum源

[root@master ~]# cat  /etc/yum.repos.d/yum.repo

[core]

name=rhel

baseurl=ftp://dhcp.clovem.com/pub/

enabled=1

gpgcheck=0

2.安裝ruby

[root@master ~]# yum  install ruby ruby-libs ruby-shadow -y

3.安裝facter

[root@master ~]# tar zxvf facter-1.6.8.tgz ; cd facter-1.6.8

[root@master ~]# ruby install.rb

4.安裝puppet master

[root@master ~]# tar zxvf   puppet-3.2.0-rc1.tar.gz ; cd  puppet-3.2.0-rc1

5.複制配置檔案

[root@master puppet-3.2.0-rc1]# cp ext/redhat/puppet.conf  /etc/puppet/puppet.conf

[root@master puppet-3.2.0-rc1]# cp  ext/redhat/server.init   /etc/init.d/puppetmaster

[root@master puppet-3.2.0-rc1]# useradd  puppet

[root@master puppet-3.2.0-rc1]#chmod a+x    /etc/init.d/puppetmaster

[root@master puppet-3.2.0-rc1]#chkconfig --add puppetmaster

[root@master puppet-3.2.0-rc1]#chkconfig puppetmaster on

[root@master puppet-3.2.0-rc1]#service puppetmaster start

二.安裝puppet Agent

[root@rs1 ~]# cat  /etc/yum.repos.d/yum.repo

[root@rs1 ~]# yum  install ruby ruby-libs ruby-shadow -y

[root@rs1 ~]# tar zxvf facter-1.6.8.tgz ; cd facter-1.6.8

[root@rs1 ~]# ruby install.rb

4.安裝puppet agent

[root@rs1 ~]# tar zxvf   puppet-3.2.0-rc1.tar.gz ; cd  puppet-3.2.0-rc1

[root@rs1 puppet-3.2.0-rc1]# cp ext/redhat/puppet.conf  /etc/puppet/puppet.conf

[root@rs1 puppet-3.2.0-rc1]# cp  ext/redhat/client.init   /etc/init.d/puppet

[root@rs1 puppet-3.2.0-rc1]#chkconfig --add puppet

[root@rs1 puppet-3.2.0-rc1]#chkconfig puppet on

[root@rs1 puppet-3.2.0-rc1]#service puppet start

三. 配置認證

1.Agent端

(1)添加解析記錄

[root@rs1 ~]# cat /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

172.24.40.23    master.clovem.com

172.24.40.25    rs1.clovem.com

在/etc/puppet/puppet.conf 的[main]中加入server=master.clovem.com

[root@rs1 ~]# cat /etc/puppet/puppet.conf  |grep server

   server=master.clovem.com

(2) 發送驗證請求

[root@rs1 ~]# puppet  agent --server=master.clovem.com --test

Info: Creating a new SSL key for rs1.clovem.com

Info: Caching certificate for ca

Info: Creating a new SSL certificate request for rs1.clovem.com

Info: Certificate Request fingerprint (SHA256): 51:95:52:65:05:BF:3D:C7:23:AA:2F:48:E7:42:B7:A5:83:58:25:E3:F2:7F:47:78:D6:30:F7:F9:6B:0C:F6:4E

Exiting; no certificate found and waitforcert is disabled

[root@rs1 ~]# ll /var/lib/puppet/ssl/certs/

total 4

-rw-r--r-- 1 root root 1887 May  7 23:14 ca.pem

2.服務端

(1) 添加解析記錄

[root@master ~]# cat /etc/hosts

172.24.40.10    dhcp.clovem.com

(2) 列出驗證請求

[root@master ~]# puppet cert list

 "rs1.clovem.com" (SHA256) 51:95:52:65:05:BF:3D:C7:23:AA:2F:48:E7:42:B7:A5:83:58:25:E3:F2:7F:47:78:D6:30:F7:F9:6B:0C:F6:4E

(3) 進行證書簽名

[root@master ~]# puppet cert --sign rs1.clovem.com //如果需要簽名所有，使用--sign --all

Notice: Signed certificate request for rs1.clovem.com

Notice: Removing file Puppet::SSL::CertificateRequest rs1.clovem.com at '/var/lib/puppet/ssl/ca/requests/rs1.clovem.com.pem'

3.用戶端驗證

Info: Caching certificate for rs1.clovem.com

Info: Caching certificate_revocation_list for ca

Info: Retrieving plugin

Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve information from environment production source(s) puppet://master.clovem.com/plugins

Info: Caching catalog for rs1.clovem.com

Info: Applying configuration version '1367939978'

Info: Creating state file /var/lib/puppet/state/state.yaml

Notice: Finished catalog run in 0.03 seconds

[root@rs1 ~]# ls /var/lib/puppet/ssl/certs/     //發現此時多出rs1.clovem.com.pem

ca.pem  rs1.clovem.com.pem

三.簡單測試

1.服務端配置：

[root@master ~]# cat /etc/puppet/manifests/site.pp  //修改之後立即生效，無需重新開機puppetmaster服務

node default{

  file { "/tmp/test.txt":

          content=> "hello, this is firt puppet test\n";

}

2.用戶端檢視是否成功建立檔案

由于puppet Agent端預設30分鐘跟Master端進行同步配置檔案，是以此處進行手動重新開機，檢視是否成功

如果需要修改同步時間，在/etc/puppet/puppet.conf 的[agent]下加入runinterval = n  ，表示n秒同步

[root@ts1 ~]# service puppet restart  

[root@ts1 ~]# cat /tmp/test.txt

hello, this is firt puppet test

本文轉自 暗黑魔君 51CTO部落格，原文連結：http://blog.51cto.com/clovemfong/1197587，如需轉載請自行聯系原作者