一、系統環境:
主機名 IP(Static) 系統 配置 備注
puppetserver 192.168.100.241 CentOS-6.3-x86_64-minimal 1CPU,1G RAM,10G DISK,1網卡 Puppet Server
client01 192.168.100.242 CentOS-6.3-x86_64-minimal 1CPU,1G RAM,10G DISK,1網卡 Puppet Client
***************************************************************************************************
二、Puppet Server安裝:
1.安裝前的準備:
[[email protected] ~]# sed -i "7s/enforcing/disabled/" /etc/selinux/config
[[email protected] ~]# vi /etc/sysconfig/iptables
-A INPUT -m state --state NEW -p tcp --dport 8140 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 3000 -j ACCEPT
[[email protected] ~]# reboot
2.配置NTP服務:
請參考:《CentOS 6.3下NTP服務安裝和配置》
3.配置hosts檔案:
[[email protected] ~]# vi /etc/hosts
192.168.100.241 puppetserver
192.168.100.242 client01
192.168.100.243 client02
4.安裝Puppet Server:
[[email protected] ~]# rpm -Uvh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-6.noarch.rpm
[[email protected] ~]# yum -y install puppet-server
[[email protected] ~]# chkconfig --level 3 puppetmaster on
[[email protected] ~]# service puppetmaster start
5.安裝配置Mysql資料庫:
[[email protected] ~]# yum -y install mysql mysql-devel mysql-server
[[email protected] ~]# service mysqld start
[[email protected] ~]# mysqladmin -u root password 'chensh'
6.安裝Dashboard:
[[email protected] ~]# yum -y install puppet-dashboard
7.配置dashboard的database.yml檔案:
[[email protected] ~]# vi /usr/share/puppet-dashboard/config/database.yml
修改部分内容如下:
production:
database: dashboard
username: root
password: chensh
encoding: utf8
adapter: mysql
8.建立dashboard資料庫,資料庫名為dashboard:
[[email protected] ~]# mysql -uroot -pchensh -e 'create database dashboard character set utf8'
9.配置dashboard的environment.rb檔案:
[[email protected] ~]# vi /usr/share/puppet-dashboard/config/environment.rb
将config.time_zone = 'UTC'改為config.time_zone = 'Beijing'
10.修改/etc/sysconfig/puppet檔案:
[[email protected] ~]# vi /etc/sysconfig/puppet
# The puppetmaster server
PUPPET_SERVER=puppetserver
# If you wish to specify the port to connect to do so here
PUPPET_PORT=8140
# Where to log to. Specify syslog to send log messages to the system log.
PUPPET_LOG=/var/log/puppet/puppet.log
# You may specify other parameters to the puppet client here
# PUPPET_EXTRA_OPTS=--waitforcert=500
11.修改/etc/puppet/puppet.conf檔案:
[[email protected] ~]# vi /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
reports = store,http,log
server = puppetserver
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
runinterval = 3600
12.初始化Dashboard資料庫:
[[email protected] ~]# cd /usr/share/puppet-dashboard
[[email protected] puppet-dashboard]# rake RAILS_ENV=production db:migrate
13.啟動服務:
[[email protected] ~]# /etc/init.d/puppetmaster start
[[email protected] ~]# /etc/init.d/puppet-dashboard start
[[email protected] ~]# /etc/init.d/puppet-dashboard-workers start
14.通路Dashboard WEB:http://192.168.100.241:3000
![](https://img.laitimes.com/img/_0nNw4CM6IyYiwiM6ICdiwiInBnauAzMxQTNzEjYlNzYihDZ4ETY0UzY1MjZwYmYjNGO1EDZygzY5UGZyI2Lc1WZ0l2LcNWaw9CXtVnYsF2Lc12bj5SdklWYi5ycvR3boBXao5CZvw1LcpDc0RHaiojIsJye.jpg)
三、Puppet Client安裝:
1.安裝前的準備:
[[email protected] ~]# sed -i "7s/enforcing/disabled/" /etc/selinux/config
[[email protected] ~]# vi /etc/sysconfig/iptables
-A INPUT -m state --state NEW -p tcp --dport 8140 -j ACCEPT
[[email protected] ~]# reboot
2.配置NTP用戶端服務:
請參考:《CentOS 6.3下NTP服務安裝和配置》
3.配置hosts檔案:
[[email protected] ~]# vi /etc/hosts
192.168.100.241 puppetserver
192.168.100.242 client01
192.168.100.243 client02
4.安裝Puppet Client:
[[email protected] ~]# rpm -Uvh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-6.noarch.rpm
[[email protected] ~]# yum -y install puppet
5.指定Puppet master名稱:
[[email protected] ~]# echo ‘server = puppetserver’ >> /etc/puppet/puppet.conf
[[email protected] ~]# echo ‘reports = true’ >> /etc/puppet/puppet.conf
6.啟動Puppet Client:
[[email protected] ~]# chkconfig --level 3 puppet on
[[email protected] ~]# service puppet start
四、用戶端證書申請與服務端認證:
1.用戶端證書申請:
[[email protected] ~]# puppet agent --test --server puppetserver
Info: Creating a new SSL key for client01
Info: Caching certificate for ca
Info: Creating a new SSL certificate request for client01
Info: Certificate Request fingerprint (SHA256): 69:45:4C:45:17:A9:7C:6F:24:04:8F:0B:F7:44:4D:4D:59:BA:4F:9D:71:35:04:3F:8F:29:0E:63:50:55:16:F3
Exiting; no certificate found and waitforcert is disabled
[[email protected] ~]#
2.伺服器端檢視請求簽發的證書:
[[email protected] ~]# puppet cert --list
"client01" (SHA256) 69:45:4C:45:17:A9:7C:6F:24:04:8F:0B:F7:44:4D:4D:59:BA:4F:9D:71:35:04:3F:8F:29:0E:63:50:55:16:F3
[[email protected] ~]#
3.伺服器端簽發證書:
[[email protected] ~]# puppet cert --sign client01
Notice: Signed certificate request for client01
Notice: Removing file Puppet::SSL::CertificateRequest client01 at '/var/lib/puppet/ssl/ca/requests/client01.pem'
[[email protected] ~]#
4.檢視已簽發的證書:
[[email protected]~]# puppet cert --list --all
+ "client01" (SHA256) 37:5D:E3:E4:09:07:BA:41:16:D5:16:0A:B0:1F:67:5A:20:BB:65:CB:21:EE:A6:C3:30:DB:C6:77:01:9F:EF:18
[[email protected]~]#
******************************************************************************
五、證書登出:
1.登出證書:
[[email protected]~]# puppet cert revoke client01
Notice: Revoked certificate with serial 5
[[email protected]~]#
2.檢視證書目前狀态:
[[email protected]~]# puppet cert list --all
- "client01" (SHA256) 37:5D:E3:E4:09:07:BA:41:16:D5:16:0A:B0:1F:67:5A:20:BB:65:CB:21:EE:A6:C3:30:DB:C6:77:01:9F:EF:18 (certificate revoked)
[[email protected]~]#
3.重新開機puppetmaster:
[[email protected] ~]# /etc/init.d/puppetmaster restart
六、證書删除:
1.删除證書:
[[email protected]~]# puppet cert clean client01
Notice: Revoked certificate with serial 5
Notice: Removing file Puppet::SSL::Certificate client01 at '/var/lib/puppet/ssl/ca/signed/client01.pem'
Notice: Removing file Puppet::SSL::Certificate client01 at '/var/lib/puppet/ssl/certs/client01.pem'
[[email protected]~]#
2.重新開機puppetmaster:
[[email protected] ~]# /etc/init.d/puppetmaster restart
3.删除客戶單client01.pem檔案 或者 SSL目錄:
[[email protected] ~]# rm -rf /var/lib/puppet/ssl/certs/client01.pem
[[email protected] ~]# rm -rf /var/lib/puppet/ssl
七、自動簽發證書:
[[email protected] ~]# echo “*” >> /etc/puppet/autosign.conf
******************************************************************************
問題總結:
問題1:
執行資料庫初始化時報錯如下:
[[email protected] puppet-dashboard]# rake RAILS_ENV=production db:migrate
rake aborted!
syntax error on line 49, col 2: ` encoding: utf8'
(See full trace by running task with --trace)
解決辦法:
[[email protected] puppet-dashboard]# vi /usr/share/puppet-dashboard/config/database.yml
production:
database: dashboard
username: root
password:chensh
encoding: utf8
adapter: mysql
将"password:chensh"改為"password: chensh"(即加一個“空格”符),再次執行"rake RAILS_ENV=production db:migrate"即可。
問題2:
[[email protected] ~]# puppet agent --test
Error: Could not request certificate: Connection timed out - connect(2)
Exiting; failed to retrieve certificate and waitforcert is disabled
[[email protected] ~]#
解決辦法:
請檢視網絡、SElinux、iptables以及hosts檔案中的IP和主機名是否配置正确。
問題3:
[[email protected] puppet]# /etc/init.d/puppet-dashboard-workers restart
Rails Error: Unable to access log file. Please ensure that /usr/share/puppet-dashboard/log/production.log exists and is chmod 0666. The log level has been raised to WARN and the output directed to STDERR until the problem is fixed.
解決辦法:
[[email protected] puppet]# chmod -R 666 /usr/share/puppet-dashboard/log/production.log
轉載于:https://www.cnblogs.com/myiaas/archive/2013/03/25/4161372.html