安裝前準備 1.關閉selinux,iptables,并設定ntp sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
reboot
service iptables stop
yum install -y ntpdate
目前時區調整為上海就是+8區
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime 利用ntpdate同步标準時間
ntpdate us.pool.ntp.org
加入定時計劃任務,每隔10分鐘同步一下時鐘
crontab -e
0-59/10 * * * * /usr/sbin/ntpdate us.pool.ntp.org | logger -t NTP
2.設定主機名并使伺服器之間能互相解析 master機器 [[email protected] .ssh]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=master-192.168.9.157.centos.test.com GATEWAY=192.168.9.1 [[email protected] .ssh]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.9.157 master-192.168.9.157.centos.test.com 192.168.9.158 app-192.168.9.158.centos.test.com 192.168.9.159 app-192.168.9.159.centos.test.com agent機器1 [[email protected] .ssh]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=app-192.168.9.158.centos.test.com GATEWAY=192.168.9.1 [[email protected] .ssh]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.9.157 master-192.168.9.157.centos.test.com 192.168.9.158 app-192.168.9.158.centos.test.com 192.168.9.159 app-192.168.9.159.centos.test.com agent機器2 [[email protected] .ssh]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=app-192.168.9.159.centos.test.com GATEWAY=192.168.9.1 [[email protected] .ssh]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.9.157 master-192.168.9.157.centos.test.com 192.168.9.158 app-192.168.9.158.centos.test.com 192.168.9.159 app-192.168.9.159.centos.test.com
3.設定公鑰私鑰 使伺服器之間無需密碼遠端,過程省略。
開始安裝 4.安裝puppet服務
puppet不在CentOS的基本源中,需要加入 PuppetLabs 提供的官方源:
[[email protected] ~]# wget http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpm
[[email protected] ~]# rpm -ivh puppetlabs-release-6-7.noarch.rpm
[[email protected] ~]#yum update
在 master上安裝和啟用 puppet 服務:
[[email protected] ~]# yum install puppet-server
[[email protected] ~]# service puppetmaster start
Starting puppetmaster: [ OK ]
在agent上安裝puppet用戶端
[[email protected] ~]# yum install puppet
[[email protected] ~]# service puppet start
Starting puppet agent: [ OK ]
5.配置puppet,用戶端自動認證
master
修改/etc/puppet/puppet.conf,其實隻需要main和master配置就可以了。
[[email protected] requests]# cat /etc/puppet/puppet.conf
[main]
#cache data,report,files backup
vardir = /puppet_data
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /puppet_log
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
[master]
certname = master-192.168.9.157.centos.test.com
#自動認證配置
autosign = /etc/puppet/autosign.conf
#開啟自動認證
autosign = true
啟動
[[email protected] puppet]# service puppetmaster start
啟動 puppetmaster: [确定]
agent
修改/etc/puppet/puppet.conf,兩個agent配置一樣。
[[email protected] ssl]# cat /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /puppet_log
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
server = master-192.168.9.157.centos.test.com
啟動
[[email protected] puppet]# service puppet start
Starting puppet agent: [确定]
檢視master的日志,會發現兩個agent向master發起認證簽名。
在master上檢視證書申請
[[email protected] requests]# puppet cert list --all
+ "app-192.168.9.158.centos.test.com" (SHA256) A9:92:C0:F5:E3:9F:B7:6E:E4:4B:06:E7:E7:C1:93:17:6C:5B:4B:40:9E:E4:7D:2D:0B:5B:4D:B7:D1:25:F9:FE
+ "app-192.168.9.159.centos.test.com" (SHA256) 72:7C:B3:C3:1A:A5:95:B7:F2:D7:2E:69:50:A1:0C:77:C1:E2:55:0F:FF:BD:F1:B8:29:5A:0B:AE:7C:F3:B9:ED
+ "master-192.168.9.157.centos.test.com" (SHA256) AA:AC:3D:FF:E4:50:BC:FF:CA:F7:7D:09:89:79:9F:E9:07:4D:A8:F5:64:23:C2:BA:37:B4:A2:7C:62:3B:9C:28 (alt names: "DNS:master-192.168.9.157.centos.test.com", "DNS:puppet", "DNS:puppet.168.9.157.centos.test.com")
帶'+'說明已簽發。
到此入門級puppet已經安裝好。