前言:上篇写了结合svn钩子做版本控制puppet master代码,后续的操作都要在windows客户端使用svn完成操作,如果直接在服务器端操作,svn的钩子就会出现同步失败和不同步的问题.
解决:pkill svn && svnserve -d -r /data/puppet_co/ #重启操作
1、安装完puppet查看puppet的主配置文件目录:
1
2
<code>#puppet agent --configprint confdir</code>
<code>/etc/puppet</code>
2、设置puppet/puppet server 服务开机自启动:
<code># chkconfig puppetmaster on</code>
<code># chkconfig puppet on</code>
3、puppet master 的启动:
<code> </code><code>/etc/init</code><code>.d</code><code>/puppetmaster</code> <code>start</code>
4、查看puppet master是否启动成功.
<code>/etc/init</code><code>.d</code><code>/puppetmaster</code> <code>status</code>
5、puppet.conf的原先配置文件做备份,使用下面的命令生成Master资源追加到puppet.conf文件(各agent端就不需要了).
<code>#puppet master --genconfig >> /etc/puppet/puppet.conf</code>
<a href="https://s3.51cto.com/wyfs02/M01/05/EA/wKiom1muXTbwHAe4AADG-2XVccs420.png" target="_blank"></a>
注意:下面这块我使用命令将注释行去掉了,并不是生成的就没有注释,下面有些参数注释掉,是因为下面报警告,我做了优化贴出来的最新的.
[root@puppet puppet]# cat /etc/puppet/puppet.conf
3
4
5
6
7
8
9
<code>[main]</code>
<code> </code><code>logdir = </code><code>/var/log/puppet</code>
<code> </code><code>rundir = </code><code>/var/run/puppet</code>
<code> </code><code>ssldir = $vardir</code><code>/ssl</code>
<code> </code><code>server = puppet</code>
<code> </code><code>autoflush = </code><code>false</code>
<code> </code><code>listen=</code><code>true</code>
<code> </code><code>configtimeout = 1800</code>
<code> </code><code>runinterval=20m</code>
<code>[agent]</code>
<code> </code><code>classfile = $vardir</code><code>/classes</code><code>.txt</code>
<code> </code><code>localconfig = $vardir</code><code>/localconfig</code>
<code> </code><code>report = </code><code>true</code>
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
<code>[master]</code>
<code> </code><code>dblocation = </code><code>/var/lib/puppet/state/clientconfigs</code><code>.sqlite3</code>
<code> </code><code>railslog = </code><code>/var/log/puppet/rails</code><code>.log</code>
<code> </code><code>http_keepalive_timeout = 4</code>
<code> </code><code>passfile = </code><code>/var/lib/puppet/ssl/private/password</code>
<code> </code><code>inventory_terminus = yaml</code>
<code> </code><code>csr_attributes = </code><code>/etc/puppet/csr_attributes</code><code>.yaml</code>
<code> </code><code>hostcert = </code><code>/var/lib/puppet/ssl/certs/puppet</code><code>.localdomain.pem</code>
<code> </code><code>environment_timeout = 0</code>
<code> </code><code>factpath = </code><code>/var/lib/puppet/lib/facter</code><code>:</code><code>/var/lib/puppet/facts</code>
<code> </code><code>httplog = </code><code>/var/log/puppet/http</code><code>.log</code>
<code> </code><code>ssldir = </code><code>/var/lib/puppet/ssl</code>
<code> </code><code>catalog_terminus = compiler</code>
<code> </code><code>route_file = </code><code>/etc/puppet/routes</code><code>.yaml</code>
<code> </code><code>hostpubkey = </code><code>/var/lib/puppet/ssl/public_keys/puppet</code><code>.localdomain.pem</code>
<code> </code><code>vardir = </code><code>/var/lib/puppet</code>
<code> </code><code>requestdir = </code><code>/var/lib/puppet/ssl/certificate_requests</code>
<code> </code><code>pluginsource = puppet:</code><code>//puppet/plugins</code>
<code> </code><code>facts_terminus = yaml</code>
<code> </code><code>node_cache_terminus = write_only_yaml</code>
<code> </code><code>immutable_node_data = </code><code>false</code>
<code> </code><code>privatedir = </code><code>/var/lib/puppet/ssl/private</code>
<code> </code><code>pluginfactsource = puppet:</code><code>//puppet/pluginfacts</code>
<code> </code><code>libdir = </code><code>/var/lib/puppet/lib</code>
<code> </code><code>hiera_config = </code><code>/etc/puppet/hiera</code><code>.yaml</code>
<code> </code><code>hostcrl = </code><code>/var/lib/puppet/ssl/crl</code><code>.pem</code>
<code> </code><code>hostcsr = </code><code>/var/lib/puppet/ssl/csr_puppet</code><code>.localdomain.pem</code>
<code> </code><code>default_file_terminus = rest</code>
<code> </code><code>certdir = </code><code>/var/lib/puppet/ssl/certs</code>
<code> </code><code>certname = puppet</code>
<code> </code><code>certificate_expire_warning = 5184000</code>
<code> </code><code>hostprivkey = </code><code>/var/lib/puppet/ssl/private_keys/puppet</code><code>.localdomain.pem</code>
<code> </code><code>confdir = </code><code>/etc/puppet</code>
<code> </code><code>publickeydir = </code><code>/var/lib/puppet/ssl/public_keys</code>
<code> </code><code>plugindest = </code><code>/var/lib/puppet/lib</code>
<code> </code><code>node_terminus = plain</code>
<code> </code><code>statedir = </code><code>/var/lib/puppet/state</code>
<code> </code><code>filetimeout = 15</code>
<code> </code><code>localcacert = </code><code>/var/lib/puppet/ssl/certs/ca</code><code>.pem</code>
<code> </code><code>name = master</code>
<code> </code><code>privatekeydir = </code><code>/var/lib/puppet/ssl/private_keys</code>
<code> </code><code>pluginfactdest = </code><code>/var/lib/puppet/facts</code><code>.d</code>
<code> </code><code>data_binding_terminus = hiera</code>
<code> </code><code>preview_outputdir = </code><code>/var/lib/puppet/preview</code>
<code> </code><code>yamldir = </code><code>/var/lib/puppet/yaml</code>
<code> </code><code>#masterlog = /var/log/puppet/puppetmaster.log</code>
<code> </code><code>masterport = 8140</code>
<code> </code><code>rest_authconfig = </code><code>/etc/puppet/auth</code><code>.conf</code>
<code> </code><code>#manifestdir = /etc/puppet/manifests</code>
<code> </code><code>server_datadir = </code><code>/var/lib/puppet/server_data</code>
<code> </code><code>masterhttplog = </code><code>/var/log/puppet/masterhttp</code><code>.log</code>
<code> </code><code>#modulepath = /etc/puppet/modules:/usr/share/puppet/modules</code>
<code> </code><code>reportdir = </code><code>/var/lib/puppet/reports</code>
<code> </code><code>storeconfigs_backend = active_record</code>
<code> </code><code>bucketdir = </code><code>/var/lib/puppet/bucket</code>
<code> </code><code>fileserverconfig = </code><code>/etc/puppet/fileserver</code><code>.conf</code>
<code> </code><code>#manifest = /etc/puppet/manifests/site.pp</code>
<code> </code><code>basemodulepath = </code><code>/etc/puppet/modules</code><code>:</code><code>/usr/share/puppet/modules</code>
<code> </code><code>#templatedir = /var/lib/puppet/templates</code>
<code> </code><code>waitforcert = 120</code>
<code> </code><code>statefile = </code><code>/var/lib/puppet/state/state</code><code>.yaml</code>
<code> </code><code>inventory_server = puppet</code>
<code> </code><code>puppetdlog = </code><code>/var/log/puppet/puppetd</code><code>.log</code>
<code> </code><code>client_datadir = </code><code>/var/lib/puppet/client_data</code>
<code> </code><code>lastrunfile = </code><code>/var/lib/puppet/state/last_run_summary</code><code>.yaml</code>
<code> </code><code>agent_disabled_lockfile = </code><code>/var/lib/puppet/state/agent_disabled</code><code>.lock</code>
<code> </code><code>runinterval = 1800</code>
<code> </code><code>resourcefile = </code><code>/var/lib/puppet/state/resources</code><code>.txt</code>
<code> </code><code>node_name_value = puppet.localdomain</code>
<code> </code><code>configtimeout = 120</code>
<code> </code><code>ca_port = 8140</code>
<code> </code><code>localconfig = </code><code>/var/lib/puppet/state/localconfig</code>
<code> </code><code>report_port = 8140</code>
<code> </code><code>clientyamldir = </code><code>/var/lib/puppet/client_yaml</code>
<code> </code><code>inventory_port = 8140</code>
<code> </code><code>splaylimit = 1800</code>
<code> </code><code>agent_catalog_run_lockfile = </code><code>/var/lib/puppet/state/agent_catalog_run</code><code>.lock</code>
<code> </code><code>classfile = </code><code>/var/lib/puppet/state/classes</code><code>.txt</code>
<code> </code><code>lastrunreport = </code><code>/var/lib/puppet/state/last_run_report</code><code>.yaml</code>
<code> </code><code>clientbucketdir = </code><code>/var/lib/puppet/clientbucket</code>
<code> </code><code>ca_server = puppet</code>
<code> </code><code>graphdir = </code><code>/var/lib/puppet/state/graphs</code>
<code> </code><code>report_server = puppet</code>
<code> </code><code>tagmap = </code><code>/etc/puppet/tagmail</code><code>.conf</code>
<code> </code><code>config = </code><code>/etc/puppet/puppet</code><code>.conf</code>
<code> </code><code>bindaddress = 0.0.0.0</code>
<code> </code><code>pidfile = </code><code>/var/run/puppet/master</code><code>.pid</code>
<code> </code><code>ca_ttl = 157680000</code>
<code> </code><code>capub = </code><code>/var/lib/puppet/ssl/ca/ca_pub</code><code>.pem</code>
<code> </code><code>serial = </code><code>/var/lib/puppet/ssl/ca/serial</code>
<code> </code><code>caprivatedir = </code><code>/var/lib/puppet/ssl/ca/private</code>
<code> </code><code>signeddir = </code><code>/var/lib/puppet/ssl/ca/signed</code>
<code> </code><code>cadir = </code><code>/var/lib/puppet/ssl/ca</code>
<code> </code><code>autosign = </code><code>/etc/puppet/autosign</code><code>.conf</code>
<code> </code><code>cakey = </code><code>/var/lib/puppet/ssl/ca/ca_key</code><code>.pem</code>
<code> </code><code>cacrl = </code><code>/var/lib/puppet/ssl/ca/ca_crl</code><code>.pem</code>
<code> </code><code>cert_inventory = </code><code>/var/lib/puppet/ssl/ca/inventory</code><code>.txt</code>
<code> </code><code>csrdir = </code><code>/var/lib/puppet/ssl/ca/requests</code>
<code> </code><code>ca_name = Puppet CA: puppet.localdomain</code>
<code> </code><code>capass = </code><code>/var/lib/puppet/ssl/ca/private/ca</code><code>.pass</code>
<code> </code><code>cacert = </code><code>/var/lib/puppet/ssl/ca/ca_crt</code><code>.pem</code>
<code> </code><code>module_skeleton_dir = </code><code>/var/lib/puppet/puppet-module/skeleton</code>
<code> </code><code>module_working_dir = </code><code>/var/lib/puppet/puppet-module</code>
<code> </code><code>rrdinterval = 1800</code>
<code> </code><code>rrddir = </code><code>/var/lib/puppet/rrd</code>
<code> </code><code>archive_file_server = puppet</code>
<code> </code><code>devicedir = </code><code>/var/lib/puppet/devices</code>
<code> </code><code>deviceconfig = </code><code>/etc/puppet/device</code><code>.conf</code>
<code> </code><code>reports = store, http</code>
<code> </code><code>reporturl = http:</code><code>//192</code><code>.168.30.134:3000</code><code>/reports/upload</code>
注意:并不是生成的所有参数都会用到,只保留启动Master守护进程的基本参数也是可以的,这块偷个懒直接用生成的.
6、Master配置puppet.conf文件.(下面的参数有则修改,无则增加)
vim /etc/puppet/puppet.conf
<code>#指定了puppet端的服务地址.</code>
<code>server = puppet</code>
<code>#客户端获取配置超时时间.</code>
<code>configtimeout = 1800</code>
<code>#客户端执行时间间隔,如果不设置默认为30分钟.</code>
<code>runinterval=20m</code>
<code>#是否实时刷新日志到磁盘.</code>
<code>autoflush = </code><code>false</code>
<code>listen=</code><code>true</code>
<code>#生成报告</code>
<code>report = </code><code>true</code>
<code>修改项:</code>
<code>certname = puppet</code>
<code>#报告存放的目录,客户端每次执行会生成一份以日期+时间命名的yaml文件报告.</code>
<code>reportdir = </code><code>/var/lib/puppet/reports</code>
<code>#自动授权签名配置文件.</code>
<code>autosign = </code><code>/etc/puppet/autosign</code><code>.conf</code>
<code>#puppet master服务端监听的地址.</code>
<code>bindaddress = 0.0.0.0</code>
<code>#puppetmaster服务端监听端口.</code>
<code>masterport = 8140</code>
<code>#通过此参数看到执行中的过程与变化</code>
<code>evaltrace = </code><code>false</code>
<code>#上传方式</code>
<code>reports = store, http</code>
<code>#http上传时的地址</code>
<code>reporturl = http:</code><code>//192</code><code>.168.30.134:3000</code><code>/reports/upload</code>
配置完成后重启puppet 服务.
<code>/etc/init</code><code>.d</code><code>/puppetmaster</code> <code>restart</code>
7、puppet auth.conf配置文件:
旧版本中文件为authconfig文件,使用XMLRPC协议,XMLRPC是使用http协议作为传输协议的RPC机制,使用XML文本的方式,效率底下.
Master本身是由Web Server提供Agent访问,如果没有权限控制,Agent就可以遍历Master上的资源.
auth.conf文件主要负责Agent访问Master服务器上一些目录和配置文件的权限和认证,它的官方名称时http network api,为了使用安全,Agent访问master过程中,使用https协议进行通讯交互.
https://{server}:{port}/{environment}/{resource}/{key}
auth.conf配置文件共7个参数:
参数:path、environment、method、auth、allow、allow_ip、deny的组合形成了Agent访问Master目录权限控制的ACL(权限控制列表).
path参数:指定acl的路径,path后接系统路径、正则表达式、路径前缀和资源等信息.
environment参数:可以包含一个环境或者多个环境列表,不设置默认为所有环境.puppet环境主要用于灰度.
method参数:包含find(查找)、search(搜索)、save(保存)和destroy(销毁),可以在method后设置任意一个参数或用逗号做分割设置多个参数,默认为所有参数.
auth参数:auth参数包含yes和on、any和no或off,不同的参数可以匹配不同的请求,默认值为yes或on.
auth设置为yes或on均表示匹配那些已经通过认证的agent请求.
auth设置为any意味着只匹配认证进行中和没有被认证的请求.
auth设置on或off,均表示匹配未认证过的agrnt请求,认证过的请求将会跳过此ACL。
allow参数:值为hostname和certname,puppet2.7.1以后支持perl或ruby正则表达式.
allow_ip参数:后接一个ip或ip的网段,表示允许指定ip范围通过.
deny参数:后接一个ip、多个ip、网段或域名等,表示禁止这些范围访问master的目录权限.
举例一:
允许lisi.example.com域访问/facts
path /facts
method find,search
auth yes
allow lisi.example.com
举例二:
匹配192.168.30.0/24段ip地址认证中或没有被认证的情况下访问catalog。
path ~ ^/catalog
auth any
allow_ip 192.168.30.0/24
举例三:
进制guest.puppet.com访问/
path /
deny guest.puppet.com
提示:puppet源码安装auth.conf文件放在源码安装目录里,RPM方式安装auth.conf文件安装到/etc/puppet目录里.
8、namespaceauth.conf文件:
/etc/puppet/namespaceauth.conf配置文件,RPM安装默认/etc/puppet是没有这个文件的,这个文件用于指定访问puppet的名称空间.namespaceauth.conf文件并不是puppet配置中必要的文件,只有当/etc/puppet.conf文件中listen=true时才会配置此文件,否则会报will not start without authorization file namespaceauth.conf 这样的错误,文件配置参考如下:
大概就下面这几项,但是不会全用到,/etc/puppet.conf文件不设置listen=true,这个文件根本不需要,设置了listen=true下面常用puppetrunner这项.
<code>[fileserver]</code>
<code>allow *.example.com</code>
<code>[puppetmaster]</code>
<code>[puppetrunner]</code>
<code>allow *</code>
<code>[puppetbucket]</code>
<code>[puppetreports]</code>
<code>[resource]</code>
<code>allow server.examplc.om</code>
9、autosign.conf文件参数:
/etc/puppet/aotusign.conf配置文件主要用于自动签名证书功能,默认没有需要手动创建添加.通常Agent访问Master需要手动授权认证,通过在master上增加autosign.conf文件,实现对某一来源或所有来源的Agent做自动授权证书签名.
大概有两种方式的授权:
第一种:
<code> </code><code>cat</code> <code>/etc/puppet/autosign</code><code>.conf </code>
<code> </code><code>*</code>
第二种:
<code> </code><code>cat</code> <code>/etc/puppet/autosign</code><code>.conf</code>
<code> </code><code>*.example.com</code>
10、fileserver.conf文件参数:
/etc/puppet/fileserver.conf文件master目录的挂载配置文件,它包含了Master的挂载目录位置和挂载目录授权信息等.fileserver.conf并非puppet必要文件,默认安装完puppet软件包含此文件,只有agent从master获取一个文件或文件列表时才会用到它 .
fileserver.conf文件里面注释写的很详细,怎么使用挂载也有官网默认的例子:
如果你需要服务器文件来自一个目录而不是从模块中获取,你必须为这个文件创建一个挂载点.
# If you need to serve files from a directory that is NOT in a module,
# you must create a static mount point in this file:
#
# [extra_files]
# path /etc/puppet/files
# allow *
# In the example above, anything in /etc/puppet/files/<file name> would be
# available to authenticated nodes at puppet:///extra_files/<file name>.
在上面例子中,任何在/etc/puppet/files/<file name> 都可以有效的被认证的节点puppet:///extra_files/<file name>.引用.
下面是说结合挂载点auth.conf文件怎么写.
# Every static mount point should have an `allow *` line; setting more
# granular permissions in this file is deprecated. Instead, you can
# control file access in auth.conf by controlling the
# /file_metadata/<mount point> and /file_content/<mount point> paths:
# path ~ ^/file_(metadata|content)/extra_files/
# auth yes
# allow /^(.+)\.example\.com$/
# allow_ip 192.168.100.0/24
举例实例参考:(fileserver.conf结合auth.conf文件)
cat fileserver.conf
[bin] #挂载点叫bin
path /opt/puppetfiles #挂载根路径为系统上/opt/puppetfiles
allow *#允许所有主机访问
结合auth.conf文件做ACL权限认证,
cat auth.conf
path ~ ^/file_(metadata|content)/bin/
随便一个modules模块引用:
file { "/usr/local/${folder_name}/${bin_name}":
owner => "root",
group => "root",
mode => "755",
ensure => "file",
source => "puppet:///bin/web/proxy/proxy_source/clashroomProxy.bin" #同步挂载点下的文件到Agent客户端.
}
服务器上的路径如下:
<a href="https://s3.51cto.com/wyfs02/M00/05/EA/wKiom1muXxDDrOp4AACZhvwSqsU576.png" target="_blank"></a>
注意:目前同步文件puppet只支持puppet文件服务协议,并不支持rsync和http等专业的文件同步工具,如果server上的文件过大,多个agent一起同步,肯定会超时,同步失败.
忽略:puppet master端还有一个邮件功能配置功能,用的不多,文件名为tagmail.conf文件,不做介绍了.
做完上面的配置,reload下puppetmaster服务:
<code>[root@puppet puppet]</code><code># /etc/init.d/puppetmaster reload</code>
<code>Stopping puppetmaster: [ OK ]</code>
<code>Starting puppetmaster: [ OK ]</code>
11、Agent端的配置
配置另外2台puppet agent配置,指明puppet server可以在全局配置中指定,也可以在agent中指定:
参考如下(配置二选一配置):
[main]#可以在全局配置中指定
server = puppet
[agent]#也可以在agent配置中指定
举例:
192.168.30.131 sh-web1这台puppet agent配置:(server在agent段指定)
<code>[root@sh-web1 puppet]</code><code># cat puppet.conf | grep -v '^[[:space:]]\+#'</code>
如图:
<a href="https://s2.51cto.com/wyfs02/M02/A4/9B/wKioL1muX3SQKFsBAAAtprd4aDk501.png" target="_blank"></a>
192.168.30.132 sh-proxy2这台puppet agent配置:(server在main段指定)
<code># cat puppet.conf | grep -v '^[[:space:]]\+#'</code>
<a href="https://s2.51cto.com/wyfs02/M01/05/EA/wKiom1muX6vTGFL0AABCMrX95nc269.png" target="_blank"></a>
agent 端/etc/puppet.conf文件配置完,分别启动服务:
<code>[root@sh-proxy2 puppet]</code><code># /etc/init.d/puppet start</code>
<code>Starting puppet agent: [ OK ]</code>
12、添加/etc/hosts中添加三台机器的解析(三台机器都需要相互解析,都加上),为了简单快捷就不做dns了.
<code>192.168.30.134puppet</code>
<code>192.168.30.131sh-web1</code>
<code>192.168.30.132sh-proxy2</code>
扩展:目前比较火的ip-域名映射关系的dns服务器除了bind外,还有dnsmasq,之前文章写过了,也支持dhcp和dns功能,软件极小,配置起来非常方便,dnsmasq的诞生本来时为了解决嵌入式系统问题的(我大学专业就是嵌入式的),所以可以想象到它小的程度.
做完上面的,puppet master上立即就签署了agent证书,自动完成立即生效,不需要人工干预.
<code>#puppet cert list --all</code>
<a href="https://s3.51cto.com/wyfs02/M00/05/EA/wKiom1muYDnRfq2qAADKQ62F47I407.png" target="_blank"></a>
13、报警告(不是报错):
<code>[root@puppet puppet]</code><code># puppet cert list --all</code>
<code>Warning: Setting masterlog is deprecated. </code>
<code> </code><code>(at </code><code>/usr/lib/ruby/site_ruby/1</code><code>.8</code><code>/puppet/settings</code><code>.rb:1139:</code><code>in</code> <code>`issue_deprecation_warning')</code>
<code>Warning: Setting manifestdir is deprecated. See http:</code><code>//links</code><code>.puppetlabs.com</code><code>/env-settings-deprecations</code>
<code>Warning: Setting modulepath is deprecated </code><code>in</code> <code>puppet.conf. See http:</code><code>//links</code><code>.puppetlabs.com</code><code>/env-settings-deprecations</code>
<code> </code><code>(at </code><code>/usr/lib/ruby/site_ruby/1</code><code>.8</code><code>/puppet/settings</code><code>.rb:1141:</code><code>in</code> <code>`issue_deprecation_warning')</code>
<code>Warning: Setting manifest is deprecated </code><code>in</code> <code>puppet.conf. See http:</code><code>//links</code><code>.puppetlabs.com</code><code>/env-settings-deprecations</code>
<code>Warning: Setting templatedir is deprecated. See http:</code><code>//links</code><code>.puppetlabs.com</code><code>/env-settings-deprecations</code>
<code>+ </code><code>"puppet"</code> <code>(SHA256) FF:75:FE:B7:8E:E5:46:4A:4A:AB:2F:8D:C4:B0:C6:43:95:47:74:0C:3E:3F:38:1E:1B:88:4C:45:66:23:78:3E (alt names: </code><code>"DNS:puppet"</code><code>, </code><code>"DNS:puppet.localdomain"</code><code>)</code>
<code>+ </code><code>"puppet.localdomain"</code> <code>(SHA256) BA:F6:11:67:10:1D:93:1D:43:8C:1D:42:C8:EB:8F:6A:F1:25:FE:38:35:CB:17:7A:6D:59:99:34:05:CF:E1:FC (alt names: </code><code>"DNS:puppet"</code><code>, </code><code>"DNS:puppet.localdomain"</code><code>)</code>
<code>+ </code><code>"sh-proxy2.localdomain"</code> <code>(SHA256) 75:85:8E:AB:74:8A:D6:8E:0B:3A:87:33:2B:BA:60:D2:81:0A:23:5F:73:A4:90:AC:8B:34:DC:A4:F3:00:41:39</code>
<code>+ </code><code>"sh-web1.localdomain"</code> <code>(SHA256) B9:31:9C:62:94:70:4A:DD:E3:35:0F:3F:14:BB:7A:C7:AE:BE:F9:24:BC:C9:92:ED:DB:1F:8C:95:65:09:97:5B</code>
处理办法,注释掉这些:
<code>[root@puppet puppet]</code><code># cat /etc/puppet/puppet.conf | grep "#"</code>
再次查看证书:
结果如图:
<a href="https://s3.51cto.com/wyfs02/M02/05/EA/wKiom1muYKKSLrLxAAB3PYJbeHQ403.png" target="_blank"></a>
14、总结:
到此puppet c/s 配置完成,修改的内容不多,主要在svn客户端操作:
1)、新增namespaceauth.conf配置文件:
<a href="https://s1.51cto.com/wyfs02/M02/A4/9B/wKioL1muYU3CihCAAAFHrYnhOlc556.png" target="_blank"></a>
<a href="https://s3.51cto.com/wyfs02/M02/A4/9B/wKioL1muYYGgPe_XAAEyf_oTW10391.png" target="_blank"></a>
本文转自青衫解衣 51CTO博客,原文链接:http://blog.51cto.com/215687833/1962872