一、參考連結
阿裡巴巴開源鏡像站-OPSX鏡像站-阿裡雲開發者社群
puppet鏡像-puppet下載下傳位址-puppet安裝教程-阿裡巴巴開源鏡像站
序 | Puppet運維實戰 (gitbooks.io)
二、Puppet介紹
** Puppet是IT自動化的行業标準。 以一種簡單而強大的方式管理和自動化更多的基礎架構和複雜的工作流。**
三、Puppet安裝
安裝準備
# 修改主機名
hostnamectl set-hostname master
#配置域名解析
vim /etc/hosts
192.168.200.11 master
192.168.200.12 node
#關閉防火牆
systemctl stop firewalld
systemctl disable firewalld
#關閉SELinux安全模式
setenforce 0
sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
#配置時間同步
yum install -y ntpdate
ntpdate ntp1.aliyun.com
#配置CentOS鏡像源
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
#更新YUM源
yum clean all
yum makecache
#更新系統
yum update
安裝master端
# 安裝阿裡雲倉庫
rpm -ivh https://mirrors.aliyun.com/puppet/yum/puppetlabs-release-el-7.noarch.rpm
# 安裝Puppet-server、puppet和facter
yum install -y puppet puppet-server facter
# 備份配置檔案
cp /etc/puppet/puppet.conf{,.bak}
# 配置puppet.conf
[root@master puppet]# vim puppet.conf
[root@master puppet]# cat puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
server = master
certname = node
[master]
certname = master
[root@master puppet]#
# 啟動puppetmaster服務
systemctl start puppetmaster
systemctl enable puppetmaster
systemctl status puppetmaster
# 檢視本地證書情況
# puppetmaster第一次啟動會自動生成證書自動注冊自己
[root@master puppet]# tree /var/lib/puppet/ssl/
/var/lib/puppet/ssl/
├── ca
│ ├── ca_crl.pem
│ ├── ca_crt.pem
│ ├── ca_key.pem
│ ├── ca_pub.pem
│ ├── inventory.txt
│ ├── private
│ │ └── ca.pass
│ ├── requests
│ ├── serial
│ └── signed
│ └── master.pem
├── certificate_requests
├── certs
│ ├── ca.pem
│ └── master.pem
├── crl.pem
├── private
├── private_keys
│ └── master.pem
└── public_keys
└── master.pem
9 directories, 13 files
[root@master puppet]#
# 檢視監聽狀态
# puppetmaster服務開啟後,預設監聽TCP 8140端口
[root@master puppet]# netstat -nlatp | grep 8140
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 1396/ruby
[root@master puppet]# lsof -i:8140
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
puppet 1396 puppet 8u IPv4 24447 0t0 TCP *:8140 (LISTEN)
安裝node端
# 安裝準備步驟相同
# 安裝阿裡雲倉庫
rpm -ivh https://mirrors.aliyun.com/puppet/yum/puppetlabs-release-el-7.noarch.rpm
# 安裝puppet和facter
yum install puppet facter
# 配置puppet.conf
[root@node ~]# cp /etc/puppet/puppet.conf{,.bak} #備份配置檔案
[root@node ~]# cat /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet #預設日志存放路徑
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet #pid存放路徑
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl #證書存放目錄,預設$vardir為/var/lib/puppet
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
server = master #指向puppetmaster端
certname = node #設定自己的certname名
# 開啟puppet服務
systemctl start puppet
systemctl enable puppet
Node端向Master端發起認證
# 通過調試模式啟動節點向Puppetmaster端發起認證
[root@node ~]# puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node
Info: Applying configuration version '1645352953'
Notice: Finished catalog run in 0.01 seconds
# 伺服器端确定認證
[root@master ~]# puppet cert --list --all #檢視認證情況
"node" (SHA256) 6F:FC:CF:DB:1F:F1:B4:91:C7:8B:48:DE:64:A1:8D:D9:24:27:4B:B9:A9:72:5C:0E:6D:3F:A3:0B:B7:37:87:AE #未認證
+ "master" (SHA256) 87:C4:5B:16:2A:13:E1:D0:B0:58:63:2F:F1:87:98:6D:B6:A4:5D:9B:65:92:D8:72:38:45:FF:2A:18:FD:BA:41 #帶+表示已經注冊成功
[root@master ~]#
[root@master ~]# puppet cert --sign node #注冊node
Notice: Signed certificate request for node
Notice: Removing file Puppet::SSL::CertificateRequest node at '/var/lib/puppet/ssl/ca/requests/node.pem'
[root@master ~]#
[root@master ~]# puppet cert --list --all #再次檢視認證情況
+ "master" (SHA256) 87:C4:5B:16:2A:13:E1:D0:B0:58:63:2F:F1:87:98:6D:B6:A4:5D:9B:65:92:D8:72:38:45:FF:2A:18:FD:BA:41
+ "node" (SHA256) 35:B1:01:AA:28:DF:76:AA:B2:67:BE:D4:5C:C1:90:3C:C2:68:44:9A:BA:F3:DD:96:2B:37:6E:9E:85:11:E3:E1
[root@master ~]# tree /var/lib/puppet/ssl/ #另外一種檢視認證的方式
/var/lib/puppet/ssl/
├── ca
│ ├── ca_crl.pem
│ ├── ca_crt.pem
│ ├── ca_key.pem
│ ├── ca_pub.pem
│ ├── inventory.txt
│ ├── private
│ │ └── ca.pass
│ ├── requests
│ ├── serial
│ └── signed
│ ├── master.pem
│ └── node.pem
├── certificate_requests
│ └── node.pem
├── certs
│ ├── ca.pem
│ ├── master.pem
│ └── node.pem
├── crl.pem
├── private
├── private_keys
│ ├── master.pem
│ └── node.pem
└── public_keys
├── master.pem
└── node.pem
9 directories, 18 files
![Shell程式設計——sort排序、uniq忽略重複、tr替換壓縮删除、cut指定删除字段、正規表達式元字元sort 指令uniq 指令tr 指令cut 指令正規表達式[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)