puppet安裝rubyrubyinstaller-1.9.3-p551.exe安裝mcollective_2_3_2_Setup.exe設定DNS為puppetmaster的位址

1、mkdir /puppet

mkdir /puppet/soft           

2、服務端安裝dnsmasq：yum install -y dnsmasq

cp /etc/dnsmasq.conf /etc/dnsmasq.conf.bak
     echo "">/etc/dnsmasq.conf           

3、配置dnsmasq:vi /etc/dnsmasq.conf

resolv-file=/etc/resolv.conf

strict-order

listen-address=192.169.50.25,127.0.0.1

addn-hosts=/etc/dnsmasq.hosts

cache-size=100

bogus-nxdomain=114.114.114.114

4、vi /etc/dnsmasq.hosts

192.169.50.25 yourhostname

5、 firewall-cmd --add-port=53/tcp --permanent

firewall-cmd --reload
    service dnsmasq start           

6、服務端安裝puppet-server

rpm -ivh

http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm

yum install -y puppet-server openssl*

service puppetmaster start

chkconfig puppetmaster on

firewall-cmd --add-port=8140/tcp --permanent

firewall-cmd --reload

7、用戶端安裝puppet:

yum install -y puppet openssl*

service puppet start

chkconfig puppet on

設定DNS為puppetmaster的位址

echo "192.168.50.25 puppetmaster">>/etc/hosts

簽發證書: puppet agent --server puppetmaster --test

8、windows安裝

安裝ruby

rubyinstaller-1.9.3-p551.exe

安裝mcollective_2_3_2_Setup.exe

192.168.50.25  puppetmaster 寫到 C:\Windows\System32\drivers\etc
簽發證書: puppet agent --server puppetmaster --test           

9、在puppetmaster上添加/etc/dnsmasq.hosts，新的兩台用戶端記錄

添加puppetmaster和兩台用戶端的位址到/etc/hosts
  簽發證書：puppet cert --sign --all           

10、服務端設定自動簽發證書

vi /etc/puppet/autosign.conf
     *           

11、服務端安裝svn:

yum install -y zlib expat-devel

cd /puppet/soft

wget

http://openssl.org/source/openssl-1.0.1c.tar.gz https://archive.apache.org/dist/subversion/subversion-1.7.7.tar.gz http://sqlite.org/sqlite-autoconf-3071401.tar.gz http://www.webdav.org/neon/neon-0.29.6.tar.gz https://sourceforge.net/projects/pcre/files/pcre/8.42/pcre-8.42.tar.gz/download

-O pcre-8.42.tar.gz

http://archive.apache.org/dist/httpd/httpd-2.2.23.tar.gz http://mirror.bit.edu.cn/apache//apr/apr-1.6.5.tar.gz http://mirror.bit.edu.cn/apache//apr/apr-util-1.6.1.tar.gz

tar zxvf openssl-1.0.1c.tar.gz

tar zxvf subversion-1.7.7.tar.gz

tar zxvf sqlite-autoconf-3071401.tar.gz

tar zxvf neon-0.29.6.tar.gz

tar zxvf pcre-8.42.tar.gz

tar zxvf httpd-2.2.23.tar.gz

tar zxvf apr-1.6.5.tar.gz

tar zxvf apr-util-1.6.1.tar.gz

cd openssl-1.0.1c

mv /usr/bin/pod2man /usr/bin/pod2manbak

./config --prefix=/usr/local/openssl enable-shared&&make&&make install&&cd ..

cd sqlite-autoconf-3071401

./configure --prefix=/usr/local/sqlite&&make && make install&&cd ..

cd apr-1.6.5

./configure --prefix=/usr/local/apr&&make&&make install&&cd ..

cd apr-util-1.6.1

./configure --with-apr=/usr/local/apr --prefix=/usr/local/apr-util&&make&&make install&&cd ..

cd neon-0.29.6/

./configure --prefix=/usr/local/neon --with-ssl --with-libs=/usr/local/openssl --enable-shared&&make && make install && cd ..

cd pcre-8.42

./configure --prefix=/usr/local/pcre&&make&&make install&&cd ..

cd httpd-2.2.23

./configure --prefix=/usr/local/httpd --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --with-ssl=/usr/local/openssl --enable-dav --enable-so --enable-ssl --enable-rewrite&&make&&make install&&cd ..

cd subversion-1.7.7

echo "/usr/local/openssl/lib">>/etc/ld.so.conf

ldconfig -v

./configure --with-apxs=/usr/local/httpd/bin/apxs --with-ssl=/usr/local/openssl --with-sqlite=/usr/local/sqlite --prefix=/usr/local/subversion --with-openssl --with-neon=/usr/local/neon --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util&&make&&make install&&cd ..

cd /usr/local/subversion/bin

./svnadmin create /puppet/svn

chown -R apache /puppet/svn

chmod -R 755 /puppet/svn

ln -s /usr/local/subversion/bin/{svn,svnserve} /usr/local/bin

svnserve -d -r /puppet/svn

添加SVN賬号密碼，檢測

vi /puppet/svn/conf/passwd

svnadmin = yourpassword

svn co svn://localhost/ --username svnadmin --password yourpassword /puppet/svn

修改httpd.conf端口81，因為和nginx沖突

/usr/local/httpd/bin/httpd -f /usr/local/httpd/conf/httpd.conf

echo "/usr/local/httpd/bin/httpd -f /usr/local/httpd/conf/httpd.conf ">>/etc/rc.local

/usr/local/httpd/bin/htpasswd -bc /puppet/svn_passwd puppet yourpassword

在httpd.conf中添加

LoadModule dav_svn_module /usr/local/httpd/modules/mod_dav_svn.so

LoadModule authz_svn_module /usr/local/httpd/modules/mod_authz_svn.so

Listen 8080

<Location /svn> 
       DAV svn 
     SVNPath /puppet/svn           
      AuthType Basic 
     AuthName "Subversion repository" 
     AuthUserFile /puppet/svn_passwd
     Require valid-user 
     AuthzSVNAccessFile /puppet/svn_access
     </Location> 
 </VirtualHost>           

重新開機httpd

chmod 777 /puppet/svn_passwd

chmod -r 777 /puppet/svn

/usr/local/httpd/bin/httpd -f /usr/local/httpd/conf/httpd.conf -k restart

添權重限

vi /puppet/svn_access

[groups]

admins=puppet

[/]

@admins=rw

*=

關閉svnserve

pkill svnserve

rm -fr /etc/puppet

svn co

http://172.16.50.25:8080/svn

/etc/puppet --username puppet --password yourpassword --no-auth-cache

cd /puppet/svn/hooks/

cp post-commit.tmpl post-commit

chmod -R 777 /etc/puppet

設定鈎子

vi post-commit

export LANG=en_US.UTF-8

SVN=/usr/local/subversion/bin/svn

PUPPET_DIR=/etc/puppet

$SVN update $PUPPET_DIR --username puppet --password yourpassword --no-auth-cache

service puppetmaster restart

dnsmasq速度有點慢

證書的登出

puppet cert revoke zabbix.ewin.com

puppet cert revoke --all

證書删除：

puppet cert --clean zabbix.ewin.com #單個删除

puppet cert --clean --all #全部删除