puppet 基礎-入門安裝

安裝前準備 1.關閉selinux，iptables，并設定ntp sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config

reboot

service iptables stop

yum install -y ntpdate

目前時區調整為上海就是+8區

cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime 利用ntpdate同步标準時間

ntpdate us.pool.ntp.org

加入定時計劃任務，每隔10分鐘同步一下時鐘

crontab -e

0-59/10 * * * * /usr/sbin/ntpdate us.pool.ntp.org | logger -t NTP

2.設定主機名并使伺服器之間能互相解析 master機器 [[email protected] .ssh]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=master-192.168.9.157.centos.test.com GATEWAY=192.168.9.1 [[email protected] .ssh]# cat /etc/hosts 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.9.157 master-192.168.9.157.centos.test.com 192.168.9.158 app-192.168.9.158.centos.test.com 192.168.9.159 app-192.168.9.159.centos.test.com agent機器1 [[email protected] .ssh]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=app-192.168.9.158.centos.test.com GATEWAY=192.168.9.1 [[email protected] .ssh]# cat /etc/hosts 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.9.157 master-192.168.9.157.centos.test.com 192.168.9.158 app-192.168.9.158.centos.test.com 192.168.9.159 app-192.168.9.159.centos.test.com agent機器2 [[email protected] .ssh]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=app-192.168.9.159.centos.test.com GATEWAY=192.168.9.1 [[email protected] .ssh]# cat /etc/hosts 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.9.157 master-192.168.9.157.centos.test.com 192.168.9.158 app-192.168.9.158.centos.test.com 192.168.9.159 app-192.168.9.159.centos.test.com

3.設定公鑰私鑰 使伺服器之間無需密碼遠端，過程省略。

開始安裝 4.安裝puppet服務

puppet不在CentOS的基本源中，需要加入 PuppetLabs 提供的官方源：

[[email protected] ~]# wget http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpm

[[email protected] ~]# rpm -ivh puppetlabs-release-6-7.noarch.rpm

[[email protected] ~]#yum update

在 master上安裝和啟用 puppet 服務：

[[email protected] ~]# yum install puppet-server

[[email protected] ~]# service puppetmaster start

Starting puppetmaster: [ OK ]

在agent上安裝puppet用戶端

[[email protected] ~]# yum install puppet

[[email protected] ~]# service puppet start

Starting puppet agent: [ OK ]

5.配置puppet，用戶端自動認證

master

修改/etc/puppet/puppet.conf，其實隻需要main和master配置就可以了。

[[email protected] requests]# cat /etc/puppet/puppet.conf 

[main]

    #cache data,report,files backup 

    vardir = /puppet_data

    # The Puppet log directory.

    # The default value is '$vardir/log'.

    logdir = /puppet_log

    # Where Puppet PID files are kept.

    # The default value is '$vardir/run'.

    rundir = /var/run/puppet

    # Where SSL certificates are kept.

    # The default value is '$confdir/ssl'.

    ssldir = $vardir/ssl

[agent]

    # The file in which puppetd stores a list of the classes

    # associated with the retrieved configuratiion.  Can be loaded in

    # the separate ``puppet`` executable using the ``--loadclasses``

    # option.

    # The default value is '$confdir/classes.txt'.

    classfile = $vardir/classes.txt

    # Where puppetd caches the local configuration.  An

    # extension indicating the cache format is added automatically.

    # The default value is '$confdir/localconfig'.

    localconfig = $vardir/localconfig

[master]

    certname = master-192.168.9.157.centos.test.com 

    #自動認證配置

    autosign = /etc/puppet/autosign.conf

    #開啟自動認證

    autosign = true

啟動

[[email protected] puppet]# service puppetmaster start

啟動 puppetmaster：                                        [确定]

agent

修改/etc/puppet/puppet.conf，兩個agent配置一樣。

[[email protected] ssl]# cat /etc/puppet/puppet.conf 

[main]

    # The Puppet log directory.

    # The default value is '$vardir/log'.

    logdir = /puppet_log

    # Where Puppet PID files are kept.

    # The default value is '$vardir/run'.

    rundir = /var/run/puppet

    # Where SSL certificates are kept.

    # The default value is '$confdir/ssl'.

    ssldir = $vardir/ssl

[agent]

    # The file in which puppetd stores a list of the classes

    # associated with the retrieved configuratiion.  Can be loaded in

    # the separate ``puppet`` executable using the ``--loadclasses``

    # option.

    # The default value is '$confdir/classes.txt'.

    classfile = $vardir/classes.txt

    # Where puppetd caches the local configuration.  An

    # extension indicating the cache format is added automatically.

    # The default value is '$confdir/localconfig'.

    localconfig = $vardir/localconfig

    server = master-192.168.9.157.centos.test.com

啟動

[[email protected] puppet]# service puppet start

Starting puppet agent:                                     [确定]

檢視master的日志，會發現兩個agent向master發起認證簽名。

在master上檢視證書申請

[[email protected] requests]# puppet cert list --all

+ "app-192.168.9.158.centos.test.com"    (SHA256) A9:92:C0:F5:E3:9F:B7:6E:E4:4B:06:E7:E7:C1:93:17:6C:5B:4B:40:9E:E4:7D:2D:0B:5B:4D:B7:D1:25:F9:FE

+ "app-192.168.9.159.centos.test.com"    (SHA256) 72:7C:B3:C3:1A:A5:95:B7:F2:D7:2E:69:50:A1:0C:77:C1:E2:55:0F:FF:BD:F1:B8:29:5A:0B:AE:7C:F3:B9:ED

+ "master-192.168.9.157.centos.test.com" (SHA256) AA:AC:3D:FF:E4:50:BC:FF:CA:F7:7D:09:89:79:9F:E9:07:4D:A8:F5:64:23:C2:BA:37:B4:A2:7C:62:3B:9C:28 (alt names: "DNS:master-192.168.9.157.centos.test.com", "DNS:puppet", "DNS:puppet.168.9.157.centos.test.com")

帶'+'說明已簽發。

到此入門級puppet已經安裝好。